Share this Job

IT Compliance Assurance Analyst

Date: Nov 8, 2021

Location: Ybor City, Florida, US, 33605

Company: TECO

Title: IT Compliance Assurance Analyst 
Company: Tampa Electric Company 
State and City: Florida - Ybor City
Shift: 8 Hr. X 5 Days

 

 

POSITION CONCEPT

Responsible for supporting activities directly related to assuring and maintaining Tampa Electric’s adherence with the NERC CIP standards and requirements. Includes assessing and assuring relevant systems, assets, processes, controls, procedures, and evidence of compliance are accurate, demonstrate compliance with applicable requirements, are effective on a continuous basis, and that all periodic activities needed for ongoing compliance have been performed in a timely manner.  Ensures audit readiness and detects issues that may lead to non-compliance and act to prevent the non-compliance, as well as identify potential NERC CIP non-compliance issues.

 

Utilizes critical thinking skills and in-depth understanding of the NERC CIP standards and requirements, expertise in the review, testing, and development of processes, procedures, technical controls, and evidence of compliance to demonstrate control effectiveness and compliance.

 

PRIMARY DUTIES AND RESPONSIBILITIES INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING:

  1. Oversee independent assessment and assurance of the effectiveness and efficiency of the NERC CIP control environment. Administers and monitors the execution of TEC compliance program by sampling compliance deliverables for acceptable content and assessing risk. Utilize technical security tools to further sample content.
    1. Lead the testing and validation of existing NERC CIP assets, processes, procedures, technology and people to assure their continued compliance with NERC CIP standards and requirements.
    2. Provides ongoing validation, guidance and oversight of work completed by NERC CIP stakeholders to ensure quality results. 
    3. Identify, evaluate, and recommend plans that assist in the mitigation/remediation areas of cyber security compliance risks and vulnerabilities identified during related assurance duties, especially key risk indicators and preventive controls including alerts and/or automation.
    4. Ensure compliance issues are investigated and reported to appropriate authority.

 

  1. Establish assurance program.  Maintain, monitor, and report on status of the assurance program [including identification and monitoring of performance metrics.
    1. Lead efforts to monitor, assess, detect, and report on the continued effectiveness of implemented security controls by leveraging administrative processes and technologies.
    2. Coordinate and collaborate with affected stakeholders in response to identified control misconfigurations or systems in a potential non-compliant state (e.g., unauthorized ports, misconfigured password settings, etc.).

 

  1. Utilizes expertise and leadership skills to manage and independently resolve NERC CIP compliance related issues to ensure day-to-day activities and project goals are met.  Collaborate with IT Project teams and management to reduce risk by ensuring NERC CIP technical requirements are integrated into projects, and those projects/tasks are fully compliant with NERC CIP requirements.  Lead the validation of new assets NERC CIP assets introduced into Tampa Electric, to ensure they comply with the NERC CIP standards and requirements.  Provide guidance in the drafting of plans, processes, and work practices in support of NERC CIP compliance so that those documents and practices produce verifiable evidence of compliance which can be reviewed for completion and correctness. Create, review, test, collect and organize required evidence which demonstrate compliance with NERC CIP standards and requirements, such as evidence for access controls, ports and services, physical port security, malicious code prevention, security event monitoring, account management, and baseline components.

 

  1. Coordinate and collaborate with affected stakeholders in response to vulnerabilities identified during annual vulnerability assessments to ensure their successful remediation.

 

  1. Support internal and external audits, review applicable findings and recommendations, and implement/oversee necessary corrective and/or preventive actions. Provide input and compose management responses to internal/external NERC CIP audits and data requests in collaboration with respective management and staff.

 

  1. Collaborate in the implementation of relevant administrative, technical, and physical controls and evidence design required to ensure compliance with new NERC CIP requirements. Ensure integration of IT compliance obligations into IT and NERC CIP policies, standards, procedures, processes, plans, RSAWs, standards, including flow diagrams and automated reporting, and other supporting evidence as needed.

 

  1. Contribute to Compliance, Assurance and Risk Workplan to ensure the TECO affiliates comply with IT regulatory, contractual, and Emera new and existing standards.  Assists with the IT Compliance and Assurance team strategy, goals development, and team communication.

 

  1. Train new NERC CIP stakeholders and/or lead training in relevant NERC CIP requirements and attributed compliance processes and procedures.

 

Education/Training

Required:  Four (4) year degree in computer science, information systems, or other IT-related discipline from a regionally accredited college. 

 

Preferred:  Master’s degree business administration, computer science, information systems, or other related information technology field.

 

Licenses/Certifications

Required:      

Expected to obtain Information Technology Infrastructure Library (ITIL) Certification within 6 months of employment in this position.

 

One of the following is required:  Audit (Certified Information Systems Auditor [CISA] or security-related (e.g., Certified Information Systems Security Professional [CISSP], Certified Information Security Manager [CISM]) certification or similar certifications such as those from these certification vendors: (ISC)2, GIAC, ISACA, SANS, CompTIA, e-Council, etc.)

 

Preferred: ITIL v3 and two or more similar IT Security, Risk, Security professional certification 

 

Experience

This is a NERC CIP role around compliance assurance – hands on validation of security controls. Requires hands on security background. 

 

Required:      

Minimum of 7 years’ experience in an information technology, compliance audit or utility business environment is required, with at least 3 years in an IT security, audit or controls-based role such as cyber security, industrial control systems, NIST Cybersecurity Framework (CSF)/Risk Management Framework (RMF), Sarbanes-Oxley IT General Controls, or NERC CIP.

 

Preferred:  5+ years IT security, compliance, audit or other controls experienc.

 

Knowledge/Skills/Abilities (KSA)

Required:      

  • Maintains an expert level knowledge of regulatory, contractual, and internal compliance standards and how to ensure compliance.
  • Understanding of Risk Management principles. 
  • Risk assessment skills.
  • Ability to lead groups to consensus. 
  • Ability to oversee IT projects as they related to compliance. 
  • Must be able to complete highly complex duties involving a wide variety of situations requiring critical thinking/analytical skills, judgment and interpersonal organizational relationships.
  • Ability to train large groups on IT regulatory requirements.
  • High tolerance for stress and managing competing priorities.
  • Broad technical knowledge (e.g., infrastructure, security, change management, SDLC).
  • Strong listening, oral, written and digital communication skills for reporting and auditing purposes.
  • Ability to foster a positive work environment by building relationships among peers and other business partners.
  • Working knowledge and understanding of major operating system security and network security principles, major security systems and functions such as Firewalls, IDS/IPS, Antivirus/Antimalware, SIEM, Incident Response, Threat Prevention, Change and Configuration Management, File Integrity Monitoring, and Governance, Risk and Compliance solutions, and understanding of the Vulnerability Management Lifecycle and its application in enterprise settings.

 

Preferred:      

  • Negotiation skills.
  • Supervisory experience.
  • Thorough technical knowledge.

 

COMPETENCIES

Take Ownership and Act with Integrity

Drive Operational Excellence for Customers

Build Strong, Collaborative Relationships

Develop People and Teams

Cultivate Innovation and Embrace Change

Think Strategically and Exercise Sound Judgement

 

TECO offers a competitive Benefits package!!

Competitive Salary *401k Savings plan w/ company matching * Pension plan * Paid time off* Paid Holiday time * Medical, Prescription Drug, & Dental Coverage  *Tuition Assistance Program * Employee Assistance Program * Wellness Programs * On-site Fitness Centers * Bonus Plan and more!

 

STORM DUTY REQUIREMENTS....Please make sure to read below!!!  Responding to storms will be considered a condition of employment.

TECO Energy and its companies serve a role in providing critical services to our community during an emergency. Team members are required to participate in the response/recovery activities related to emergencies/disasters to maintain service to our TECO Energy customers. Team members are required to work in their normal job duties or other assigned activities. Proper compensation will be made in accordance with the company's rules and procedures.

 

TECO Energy is proud to be an Equal Opportunity Employer.

TECO Energy is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law, except where physical or mental abilities are a bona fide occupational requirement and the individual is unable to perform the essential functions of the position with reasonable accommodations.

In order to provide equal employment and advancement opportunities for all individuals, employment decisions at TECO Energy will be based on skills, knowledge, qualifications and abilities.

Pay Transparency Non-Discrimination Statement
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

ADA policy
It is the policy of TECO Energy to provide reasonable accommodation for all qualified disabled individuals who are employees and applicants for employment, unless it would cause undue hardship. The corporation will adhere to applicable federal and state laws, regulations and guidelines, including, but not limited to the Americans with Disabilities Act (ADA) of 1990 and section 503 and 504 of the Rehabilitation Act of 1970s.

 

Application accommodations
Applicants may request reasonable accommodation in the application process five business days prior to the time accommodation is needed.

 

Pre-employment physical exams may be required for positions with bona fide job-related physical requirements regardless of disability. 

 

 


Nearest Major Market: Tampa

Job Segment: Drafting, Information Systems, Computer Science, Information Security, Engineering, Technology