Governance, Risk, and Compliance (GRC) IT Analyst

W

Wabash Valley Power Alliance

Governance, Risk, and Compliance (GRC) IT Analyst

Indianapolis, IN
Full Time
Paid
  • Responsibilities

    Job Description

    The Governance, Risk, and Compliance (GRC) IT Analyst is responsible for ensuring the cooperative's information technology systems adhere to regulatory requirements, industry standards, and internal policies. This role focuses on maintaining compliance with NERC CIP standards, mitigating cybersecurity risks, implementing Zero Trust principles, and supporting governance frameworks to protect critical infrastructure. The GRC IT Analyst collaborates with IT, security, legal, and operational teams to develop policies, perform risk assessments, oversee audits, and strengthen internal controls.

    Essential Duties and Responsibilities:

    Governance & Compliance

    • Ensure IT and cybersecurity programs comply with NERC CIP, FERC, and other relevant regulations.
    • Develop, implement, and maintain IT governance frameworks, policies, and procedures aligned with regulatory requirements.
    • Serve as a key resource in internal and external audits, coordinating responses, evidence collection, and remediation efforts.
    • Stay updated on regulatory changes and industry best practices, advising management on necessary adjustments.
    • Assist in training employees on compliance responsibilities and security awareness.

    Risk Management & Internal Control Reviews

    • Conduct IT risk assessments to identify and evaluate vulnerabilities in IT systems and processes.
    • Perform internal control reviews to assess the effectiveness of IT security controls, access management, and compliance measures.
    • Maintain the cooperative’s IT Risk Register and track mitigation strategies.
    • Work with IT and security teams to implement risk management strategies and security controls.
    • Support incident response planning and contribute to post-incident investigations.

    Zero Trust Implementation & Security Control Assurance

    • Lead initiatives to design and implement a Zero Trust Architecture (ZTA) for the cooperative’s IT environment.
    • Establish least privilege access controls, identity verification measures, and micro-segmentation strategies.
    • Collaborate with IT and networking teams to enforce continuous monitoring and authentication policies.
    • Ensure Zero Trust principles align with NERC CIP compliance requirements and cybersecurity best practices.
    • Monitor IT controls and security frameworks (e.g., NIST CSF, CIS Controls).
    • Evaluate third-party vendors for compliance with cybersecurity and regulatory requirements.
    • Perform security assessments of IT systems, applications, and network infrastructure.
    • Participate in business continuity and disaster recovery planning.

    Collaboration & Reporting

    • Generate reports on compliance status, risk assessments, and security metrics for leadership and regulators.
    • Work closely with IT, operations, and legal teams to ensure alignment between business objectives and compliance requirements.
    • Serve as a liaison between the cooperative and regulatory bodies during audits and compliance reviews.
  • Qualifications

    Qualifications

    Required:

    • Bachelor’s degree in Information Technology, Cybersecurity, Business, or a related field.
    • 5+ years of experience in IT governance, compliance, or risk management.
    • Knowledge of NERC CIP standards and regulatory requirements in the electric utility industry.
    • Experience implementing Zero Trust Security models and least privilege access controls.
    • Understanding of IT security frameworks (e.g., NIST 800-53, ISO 27001, CIS Controls).
    • Familiarity with risk assessment methodologies and tools.
    • Strong analytical and problem-solving skills.
    • Ability to communicate complex security and compliance topics to non-technical audiences.

    Preferred:

    • Certifications such as CISA, CISSP, CRISC, or CIP Compliance Specialist.
    • Master’s degree in Information Technology, Cybersecurity, Business, or a related field.
    • Experience working in an electric cooperative or energy sector.
    • Hands-on experience with GRC tools, security auditing, or compliance management platforms.
    • Technical knowledge of network security, endpoint protection, and identity management solutions.

    Security Clearance Requirement
    This position requires the ability to obtain and maintain a U.S. government Secret Security Clearance. While an active clearance is not required to apply, the successful candidate must meet the eligibility criteria for a Secret Clearance, including U.S. citizenship and a background investigation. Our organization will support and facilitate the clearance process for the selected candidate.

    For more information about U.S. government security clearances, please visit: https://www.intelligencecareers.gov/dhsia/security-clearance-process

    Additional Information

    Work Environment:

    • Primarily office-based with periodic travel for audits, assessments, and training.
    • After-hours work may be required to support compliance activities and incident response.
    • This role is hybrid in nature, with a combination of on-site workdays and remote workdays.

    All your information will be kept confidential according to EEO guidelines.