Job Description

Under general supervision, carries out procedures to ensure all information systems products and services meet IT&T organization standards and compliance obligations, including regulatory requirements, contractual requirements, and Emera requirements. Analyst is primarily responsible for the maintenance, training, assurance, monitoring and reporting of all IT standards and procedures, as well as IT&T related regulatory requirements for the TSI IT&T Department and individual business units as applicable.

1. Responsible for one or more IT compliance programs (e.g., NERC CIP, PCI DSS, SOX, DFARS, Emera Cyber Security, DHS TSA Pipeline Security). This includes facilitation of and tracking of deliverables for root cause analysis, violation reporting, technical feasibility exceptions, mitigation plan development, evidence reviews, external audit preparations, and NERC Alerts responses. Support the development of flow diagrams or other illustrations showing key steps associated with a given process or sub-process affected by applicable regulations and/or contract terms. As needed, coordinates and facilitates technical feasibility exception audits, mitigation plan completion audits, and other audit spot checks with external auditors. [30%]

2. Policies & Procedures: Liaise with IT&T areas such as IT Security, IT Project Management Office, IT Infrastructure, Telecom, Access Adaministration, and affected corporate areas and business units to facilitate the evaluation, design and implementation of effective methodologies, procedures and controls to comply with new and existing regulatory requirements. [25%]

3. Controls & Monitoring: Provide independent assessment and assurance of the effectiveness and efficiency of the IT control environment. Administers and monitors the execution of TEC compliance program by sampling compliance deliverables for acceptable content and assessing risk. Utilize security tools to further sample content. Participate in the implementation of technology-based tools (e.g. GRC) to support IT compliance and risk initiatives. [20%]

4. Responsible for one or more other areas within department as assigned [25%]:

a. As needed, provides updates to Business Strategy related to cybersecurity and impact of new legislation/regulatory requirements on TEC business operations.

b. Risk Management: Work with technology teams and business stakeholders in the design, implementation, and optimization of IT risk assessment practices.

c. Policies & Procedures:

i. Act as ruleset liaison for assigned areas of compliance.

ii. Act as ruleset Subject Matter Expert (SME) for

1. Information Protection Program and assigned CIP compliance related to BES Cyber System Information.

2. NERC CIP Awareness Program.

3. NERC CIP Training Program.

4. NERC CIP Security Management Controls.

d. Training & Communication:

i. Ensure mandatory training is conducted, tracked, and recorded.

ii. Develop and facilitate compliance training for subject matter experts.

iii. Develops and/or provides input into IT Security awareness program.

e. Performance Management: Develops and coordinates the assessment of cybersecurity awareness via phishing campaigns utilizing tool.

Job Tags

Similar Jobs