Brooksource
Apply Now
Compliance Analyst – WAM
Charlotte, NC
The successful candidate must possess or develop a strong understanding of NERC CIP reliability standards and the Duke Energy IT503 Cybersecurity program to ensure CIP compliance processes are followed, activities are properly performed and documented, and evidence is prepared appropriately to validate proper compliance. The individual is expected to be knowledgeable in the use of compliance concepts and procedures, demonstrate critical thinking skills to identify potential issues, develop solutions, and take actions to resolve issues.
• Demonstrates working knowledge of NERC CIP compliance controls, regulatory matters, and business applications
• Knowledgeable and proficient use of tools and procedures for the NERC CIP Program
• Conduct fieldwork tasks and responsibilities at High/Medium/Low-Impact facilities for periodic assessments and ongoing compliance
• Responsible for creating and maintaining documents and diagrams for BES cyber asset classification and inventory reviews
• Perform site-level vulnerability assessments and contribute to the enterprise program
• Serve as an interface between internal team members, Duke Energy Compliance Managers, Security Compliance (SECO), Business Areas, support groups, contractors, and vendors to facilitate appropriate communication and problem resolution
• Participates in periodic audit reviews facilitated by either external auditing organizations or regional electric reliability entities
• Identifies, resolves, and appropriately escalates complex project or walkdown issues and demonstrates effective communication skills when presenting regulatory evidence
• Proactively engages in training and development programs to improve and maintain job performance and promote professional growth and development
• Motivates program and project participants to work as a cohesive team within their work unit, department, and company to meet the needs and expectations of corporate compliance program and processes
• Responds well to supervisors, easily coachable and exhibits confidence and a proper level of assertiveness when needed
• Displays mature approach and ability to work under high stress situations
Required/Basic Qualifications
• Bachelor's degree in cybersecurity or other related degree
• In addition to bachelor's degree, five (5) years minimum of related work experience
• In lieu of bachelor's degree AND five (5) years minimum of related work experience listed above, high school diploma/GED AND nine (9) years minimum of related work experience
Desired Qualifications
• Experience with audit skills, controls, security, and related industry regulatory issues
• Two or more years in information technology showing a demonstrated competency in delivering efficient and effective solutions supporting diverse and complex data networking systems
• Excellent interpersonal skills with the ability and willingness to share information and transfer knowledge to others
• Strong team player with the ability to effectively manage multiple tasks and assignments
• Has the ability to manage confidential information with a high degree of integrity
• 5+ years utility, cyber security, auditing, compliance, regulatory or related experience.
• Experience with at least three (3) years of NERC CIP Compliance
• IT or Cybersecurity certifications, such as those issued by GIAC, ISACA, or (ISC)2
• Knowledge of cybersecurity frameworks such as NIST or ISO
• Experience working in a regulated environment such as NERC CIP, SOX or HIPPA
• General knowledge of Duke Energy’s core business, including SCADA and Energy Management Systems (EMS)
• Able to work effectively with broadly defined direction requiring a great degree of judgement, recognizes appropriate times to raise issues and provide status updates, and demonstrates ability to work independently with little direct supervision
• Understanding of NERC CIP Standards and Duke IT policies
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk) laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
• Demonstrates good listening skills and puts forth the effort to understand other points of view
Working Conditions:
• Onsite Mobility Classification – Work performed primarily at field locations and in the office
Specific Requirements:
• Ability to work extended and/or non-business hours as required to meet regulatory compliance demands
Travel Requirements:
• 80%
In accordance with the North American Electric Reliability Corporation Critical Instructure Protection (NERC CIP) standards and Duke Energy’s IT503 Cybersecurity Program, IT Cybersecurity CIP Compliance (ITC3) is responsible for working closely with multiple Business Areas to ensure effective, efficient, and consistent adherence with the NERC CIP Standards and enterprise program to support a strong compliance culture across the organization. ITC3 works to achieve and is responsible for asset inventory management and categorization, potential violation and self-report coordination, cause analysis, mitigation plans and risk assessments, NERC CIP project engagement, standard revisions, controls implementation, and ongoing compliance activities.
Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.
JO-2310-140703