Iberdrola USA IT Compliance Analyst in United States

Business and Department

Portland Corporate Office Portland,OR


OPCO.ivision: Job Category: AREN ITReports To: Manager of IT Governance Level.arket Band: Business Area: QSR (IT Security and Compliance)

Purpose: Primary purpose is to ensure IT compliance in accordance to the NERC/CIP standards. In addition, manage various other IT Compliance programs and projects to ensure that all requirements of governing agencies and regulations, such as Sarbanes-Oxley, Federal Energy Regulatory Commission (FERC), etc., and other Local and Global IT Control requirements are communicated and adhered to by Information Technology. Maintain a strong working relationship with internal IT and business teams and external constituents of such regulating bodies. Represent the IT Security Team as a point of contact and lead for security related incidents and activities from the Portland office location. Works with subject matter experts from across the companies and IT to provide specialized technical expertise and support for program development, and performance tracking and reporting.

Develop, implement, and report on the IT NERC CIP compliance program and internal control framework and

Support other compliance/regulatory activities within IT, e.g. SOX, Internal Audits Manage, maintain, coordinate, and communicate new and changed Information Technology operational and

Key Responsibilities:


regulatory procedures in a timely and efficient manner.

documenting new and/or modifications to existing key controls.

current business processes/procedures

  • regulations.

and external vendors (auditors) related to compliance and regulatory auditing.

Maintain control matrices for each of the Information Technology Operational Areas. This includes

Ensure all documentation related to Information Technology operational areas is kept up to date to reflect

Assist in facilitation of testing by both internal and external constitutes. Actively participate and conduct management testing of key controls, and evaluate compliance to all

Identify and communicate any control gaps and work with IT management to facilitate remediation. Develop, maintain, and collect audit-related documentation; and coordinate audit responses with all internal

Act as the local IT Security point of contact for the Avangrid security team. Assist in monitoring security events for IT infrastructure, including the analysis of logs, to perform associated

analysis, anomaly identification, escalation, remediation, and incident response.

Assist and support the overall threat and vulnerability process

Note: The above Key Responsibilities/Duties are not intended to be all inclusive. Employees in this position may be required to perform other related aspects of the job not listed above or listed under Purpose/Major Objectives as assigned by the supervisor.


BA/BS degree in Computer Science, Information Systems, Business Administration or a related field Able to build strong relationships with key customers of IT services and to collaborate with teams to design

Project Management experience Ability to understand and analyze FERC/NERC, SOX, and other regulatory requirements. Able to work independently, and have exercise excellent problem-solving, analytical, judgment, and

Job Requirements: (Will consider additional years of relevant experience and/or relevant certifications in lieu of the degree requirement.)

effective process/system solutions.

decision-making skills.

Ability and willingness for limited travel which may include international, passport required. Ability to plan, organize, and communicate (verbal and written) effectively. Individual must be proficient in the utilization of personal computers and related software applications. Five to Seven years of IT experience with responsibilities in compliance and/or security. Experience with developing, managing, and testing CIP and IT Controls. Technical skills to perform audit reviews of applications, systems, and processes. Technical skills required related to scripting and analysing log files. Knowledge of regulatory bodies and legal requirements to which Information Technology must comply.

Preference may be given to candidates with the following:

Experience creating / following NERC-CIP compliance procedures and processes SCADA systems experience Working knowledge of the regulatory environment for utility companies. Experience in IT Security Experience in a GRC program

All offers of employment are contingent upon the successful completion of a background check, references, drug screen, verification of legal right to work in the U.S., and in some cases, a credit check. A credit check will be administered when a prospective employee will be working in Finance, Accounting, Treasury or where duties mayinvolve handling of funds, accounts or cash. A Motor Vehicle (MVR) check will be administered when a prospective

employee will be regularly using a company vehicle. Avangrid Renewables is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, status as an individual with a disability, or any other status or class protected by federal or state law.

Job Title: IT Compliance Analyst

REFERENCE: 5076245804

Publication date: 12.10.2017