Job Description

Under the general direction of the Director, IT Architecture, Integration, and Information Security, acts as the functional advisor for Information Security compliance of the mandatory reliability standards and Tariff requirements derived from the Federal Energy Regulatory Commission regarding compliance to Critical Infrastructure Protection (CIP) standards. Develop controls, monitor performance and creates action plans. Develops mitigation and post event corrective action plans and reports.  Facilitates Information Security NERC Self Certification / Audits.  Provides guidance to other System business units on the development of procedures and controls. This position is a process manager with no direct reports, but would collaborate across multiple business units within the organization.

WHAT YOU WILL BE DOING:

• Facilitating Self-Certifications/ Audits. Collect evidence, review collected evidence quality, update RSAWs and act as a liaison to gather data from others and be able to lead others through an evidence collection/ RSAW update discussion.
• Assist Business Units in Controls development. Perform Internal Assessments using a systematic approach to monitoring controls, evaluating normal and abnormal occurrences within processes.
• Event Analysis: Act as liaison between Information Security and Compliance in tracking Information Security events/exceptions that require further analysis for potential compliance reporting purposes or compliance event analysis.  Identify improvements, occurrences, events as training and/or simulation opportunities.
• Maintain and perform monthly and quarterly reviews and reporting per WECC data requests.  Create, maintain and improve reporting in order to promote consistent data collection methods.  Manage and respond to data requests from WECC, Corporate Compliance, and others as needed by gathering data, performing an analysis and developing reports
• Perform Impact Analysis related to new or changes to NERC CIP standards.

Qualifications

LEVEL OF EDUCATION AND DISCIPLINE:

• A Bachelor's degree (BA, BS) or equivalent education, training or experience in Engineering, Information Technology, Business or related field.
• Master Degree preferred.

AMOUNT OF EXPERIENCE:

• Equivalent years of education and training, plus six (6) or more years related experience.

TYPE OF EXPERIENCE:

• Proven track record of improving and maintaining procedures, processes, compliance, and controls within the Information Security field.

ADDITIONAL SKILLS AND ABILITIES:

• Demonstrates fundamental leadership skills with the ability to work effectively in a team environment as a leader, facilitator and team member. 
• Ability to provide practical and feasible solutions to problems, keeping multiple conflicting considerations into account.
• Excellent interpersonal, communication, and writing skills required.
• Excellent analytical skills are required, including the ability to effectively communicate complex technical materials and concepts in a non-technical manner. 
• Must be able to handle a dynamic and changing work environment, and work independently.
• Strong computer skills in Microsoft Office Suite.
• Self-motivated, problem solving skills and the ability to influence others without direct authority.

Additional Information

All your information will be kept confidential according to EEO guidelines.