Share this Job

Mgr IT Compliance and Assurance

Date: Nov 4, 2021

Location: Ybor City, Florida, US, 33605

Company: TECO

Title: Mgr IT Compliance and Assurance 
Company: Tampa Electric Company 
State and City: Florida - Ybor City
Shift: 8 Hr. X 5 Days

 

 

POSITION CONCEPT

Defines and implements IT Compliance & Assurance practices and procedures to ensure that all information systems products and services meet minimum organization standards and compliance with internal, external, and regulatory requirements. Align compliance program to Emera requirements.

 

Provide backup to the NERC CIP Compliance Program Coordinator as defined in the Regulatory Affairs Internal Compliance Program and chair the NERC CIP Steering Committee.  Responsible for providing leadership, direction, project management, and subject matter expertise to all internal constituencies (Information Technology and Telecom, Corporate Security, Human Resources, Regulatory Affairs, Transmission Operations, and Generation Operations as applicable) regarding compliance with the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Standards.  Integral to this position is ensuring that all critical assets and critical cyber assets meet regulatory requirements for NERC CIP.  Act as CIP Senior Manager delegate for relevant requirements.

 

Manages Information Technology audit controls to ensure compliance and mitigate risk for other regulatory standards and initiatives, such as Sarbanes-Oxley Act (SOX ), Department of Homeland Security (DHS) Transportation Security Administration (TSA) Pipeline Security Directives & Guidelines, Health Insurance Portability and Accountability Act (HIPAA), and the Privacy Act; for contractual obligations including Payment Card Industry (PCI) Data Security Standards (DSS) and Defense Federal Acquisition Regulatory Supplement Cybersecurity clauses; as well as industry best practices such as  COBIT and the National Institute of Standards and Technology (NIST) Cyber Security Framework.

  

PRIMARY DUTIES AND RESPONSIBILITIES

  • Provides leadership and coordinates with key stakeholder departments, including Regulatory Affairs, Audit Services, Transmission/Grid Operations, Generation Operations, Substation Operations, Renewables, Corporate Security, Human Resources, Contracts & Procurement, Legal and Information Technology and oversees the development and maintenance of compliance monitoring systems and programs to assist in compliance with NERC Critical Infrastructure Protection (CIP) and TSA Pipeline Security e.g., security, reliability requirements. 
    • Provides recommendations on strategic direction and sustainability of the compliance programs.
    • Oversight of NERC CIP and TSA Pipeline Security governance.
    • Oversees project implementation of new versions of NERC CIP and TSA Pipeline Security requirements and updates to regulatory requirements, including facilitation of budget development and program scope approval. 
    • Manages the development of internal and external compliance reporting, including audit responses, exceptions, self-reports, mitigation plans, and technical feasibility exceptions.
    • Oversees multiple NERC CIP, TSA Pipeline, CSF, and compliance team related budgets, forecasting, and coordinates with Finance and Project Management Office for variance analysis and to ensure actuals are captured accurately for ongoing compliance and new standards, for potential rate recovery.
    • Oversees development and maintenance of Compliance Assurance Program, including internal controls, monitoring, and reporting.
       
  • Acts as department liaison overseeing formal audits, internal and external, to meet Information Technology audit accountabilities and to ensure successful resolution of management responses.  Coordinate with management to define and prioritize findings or issues-related root cause analysis, remediation efforts, tracking remediation activities, and inspecting/validating solutions that have been implemented, where appropriate.
     
  • Oversees processes to track external activity related to compliance programs (such as Sarbanes Oxley, FERC, NERC, DHS TSA, DFARS, PCI, Privacy Act, COBIT, NIST etc.), including new laws and regulations, proposed changes to existing external requirements, and industry alerts, while utilizing ITIL concepts.  Where applicable, coordinates timely response or voting with appropriate TECO subject matter experts (SMEs). Actively engages in industry activities related to compliance standards development and implementation with organizations such as NERC, SERC, FRCC CIPS, Utility Information Technology Benchmark (UNITE), American Gas Association (AGA), and Edison Electric Institute (EEI).
     
  • Oversees compliance obligation monitoring for all IT-related regulatory and internal controls.  Facilitate self assessments/walkthroughs in regulatory (NERC, SOX, PCI, TSA, DFARS) control areas, such as:  access administration, change management, cyber security, operating system and database security.  Recommend information technology strategies, policies, and procedures by evaluating organization outcomes, identifying problems, evaluating trends and anticipating requirements and assist in the implementation of changes to strengthen processes, procedures and compliance resulting in enhanced information security, service continuity or reduced IT risk.
     
  • Oversees the compliance escalation function and the maintenance of IT production documents, including IT Standards & Procedures and the timely completion of deliverables to ensure compliance with all applicable laws and regulations.  Oversees development and maintenance of the NERC CIP Training Program, Security Awareness Program, and the and the CIP Information Protection program.  Oversees development, coordination and participation in compliance educational and training programs.
     
  • Facilitates risk assessment action plans and exceptions/risk register.  Communicating with senior management, various committees, and others, as required, to discuss identified risks and opportunities for improvement within our control environment.  Participate in IT benchmarking to compare internal performance and cost metrics with those of peers within the industry, as well as the internal IT metrics program.  Oversee compliance consulting/advisory to IT projects to provide compliance guidance and initiate structure for controls-related efforts by working with IT departments such as the Project Management Office.
     
  • Leads and directs the work of a team of compliance analysts & advisors, assurance analysts, control assessors and support personnel as needed, including salary administration/budgeting, forecasting, supervision, scheduling, recruitment, development of staff, performance evaluation, and disciplinary actions.
     

SUPERVISION

Direct: Has direct supervisory responsibility for assigned information technology staff - 8 to 11 team members) of various levels.  Supervises contractors  and coops/interns as needed.

Indirect: Has indirect supervision of one or more contract project manager as needed.

 

RELATIONSHIPS

Key Internal

  • Interacts with all levels of management throughout the corporation, with Emera and other
  • affiliates as required to perform the above responsibilities and ensure maximum levels of
  • customer service. 
  • Frequent interaction with management and senior management of IT&T,
  • Tampa Electric Energy Delivery, Energy Supply, Corporate Security, Human Resources,
  • Regulatory Affairs, Corporate Accounting, Risk Management, Legal Services, Customer
  • Experience; PGS Regulatory and Engineering teams; NMGC IT, Corporate Security, Regulatory
  • Affairs/Legal, and Engineering teams, Emera Audit Services and Cybersecurity.

 

Key External:

  • Responsible for building and maintaining relationships with vendors, contractors, industry
  • representatives and compliance auditors representing:  FRCC Critical Infrastructure Protection
  • Subcommittee [CIPS], Utility Information Technology Benchmark (UNITE), Edison Electric
  • Institute (EEI)eAmerican Gas Association (AGA), ISACA, ISACA, Contract personnel vendors,
  • Managed Services consulting.

 

Education

Required:  Bachelor's degree required in Computer Engineering, Management information Systems, Computer Science, or other related information technology field of study from a regionally accredited college. 

 

Preferred: MBA

 

Licenses/Certifications

Required:

  • Audit (Certified Information Systems Auditor [CISA] or security-related
  • Certified Information Systems Security Professional [CISSP]
  • Certified Information Security Manager [CISM]) certification.
  • Expected to obtain Information Technology Infrastructure Library (ITIL) Certification within 6 months of employment in this position.


Preferred:
Current ITIL certification and additional compliance, security, and audit certifications.

 

Experience 

Required

The IT compliance function has very niche skillsets, especially NERC CIP and this will be a “working” manager and so will require significant compliance experience. 

 

  • Eight (8)years or more of related experience in audit, security, and/or compliance-related role.
  • Strong time management skills with ability to manage multiple priorities and meet deadlines. 
  • Experience with the development and implementation of plans to remediate deficiencies related to compliance issues (NERC, SOX, TSA, PCI, HIPAA, Privacy Act).


Preferred:             

  • Eight (8)years or more of related experience in audit, security, IT risk management and/or compliance-related role with a strong regulatory compliance background (NERC). 
  • ITIL best practices.

 

Supervisory Experience

Required:

Three (3)years management/supervisory experience, including experience in a lead position.

 

Knowledge/Skills/Abilities (KSA)

Required

  • Thorough working knowledge of security, compliance and/or audit concepts, practices, and procedures.
  • Thorough working knowledge  of risk strategy, controls and audit-based processes to effectively manage risk related projects to timely completion.
  • Thorough working knowledge of best practices of information technology audits.  Understanding of current auditing (Generally Accepted Auditing Standards [GAAS]) principles, internal control concepts (Control Objectives for Information and Related Technology [COBIT]), knowledge of auditing processes and methodologies (including flowcharting).
  • Management experience including leading, mentoring, coaching and developing people.
  • Thorough internal controls understanding.
  • Critical thinking skills and ability to hone in on core issues and resolve problems.e and and gain consensus
  • Proficient with Microsoft Office (Word, Excel, PowerPoint) and Sharepoint
  • Occasional travel for critical infrastructure protection-related or affiliate meetings.


Preferred: 

  • Knowledge of the Sarbanes-Oxley Act and Payment Card Industry Data Security Standards
  • Knowledge of utility IT regulations (e.g., NERC, DHS TSA), and methodologies for achieving compliance.
  • Experience in operating system administration and security, network design and implementation, network and application security, and software architecture and development.
  • Additional experience within information technology organizations and business a plus.
  • Experience with auditing tools, Governance, Risk, and Compliance (GRC) tools, or security technologies a plus.

 

COMPETENCIES

Builds Strong, Collaborative Relationships

Takes Ownership & Acts with Integrity

Cultivates Innovation and Embraces Change

Thinks Strategically and Exercises Sound Judgment
Drives Operational Excellence for Customers

Develops People and Teams

TECO offers a competitive Benefits package!!

Competitive Salary *401k Savings plan w/ company matching * Pension plan * Paid time off* Paid Holiday time * Medical, Prescription Drug, & Dental Coverage  *Tuition Assistance Program * Employee Assistance Program * Wellness Programs * On-site Fitness Centers * Bonus Plan and more!

 

STORM DUTY REQUIREMENTS....Please make sure to read below!!!  Responding to storms will be considered a condition of employment.

TECO Energy and its companies serve a role in providing critical services to our community during an emergency. Team members are required to participate in the response/recovery activities related to emergencies/disasters to maintain service to our TECO Energy customers. Team members are required to work in their normal job duties or other assigned activities. Proper compensation will be made in accordance with the company's rules and procedures.

 

TECO Energy is proud to be an Equal Opportunity Employer.

TECO Energy is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law, except where physical or mental abilities are a bona fide occupational requirement and the individual is unable to perform the essential functions of the position with reasonable accommodations.

In order to provide equal employment and advancement opportunities for all individuals, employment decisions at TECO Energy will be based on skills, knowledge, qualifications and abilities.

Pay Transparency Non-Discrimination Statement
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

ADA policy
It is the policy of TECO Energy to provide reasonable accommodation for all qualified disabled individuals who are employees and applicants for employment, unless it would cause undue hardship. The corporation will adhere to applicable federal and state laws, regulations and guidelines, including, but not limited to the Americans with Disabilities Act (ADA) of 1990 and section 503 and 504 of the Rehabilitation Act of 1970s.

 

Application accommodations
Applicants may request reasonable accommodation in the application process five business days prior to the time accommodation is needed.

 

Pre-employment physical exams may be required for positions with bona fide job-related physical requirements regardless of disability. 

 

 


Nearest Major Market: Tampa

Job Segment: Telecom, Telecommunications, Engineer, Consulting, Developer, Technology, Engineering