Duke Energy NERC CIP Program Management - Senior IT Compliance Analyst in Charlotte, North Carolina
More than a career - a chance to make a difference in people's lives.
Build an exciting, rewarding career with us – help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.
The NERC CIP Program Management - Senior IT Compliance Analyst is responsible for achieving team objectives for the enterprise North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Cybersecurity Compliance Program. This role works closely with multiple internal Business Areas to ensure effective, efficient and consistent adherence with the NERC CIP Standards and a strong compliance culture is achieved across the organization.
This role will involve work with developing and maintaining the Program Standards, Procedures, Processes and Tools and will also involve performing quality assurance (QA) and validation to ensure compliance is achieved.
Perform quality assurance (QA) reviews and validation reviews of CIP-related implementations (processes, procedures, internal controls) and associated evidence to ensure compliance with Duke Energy’s NERC CIP cybersecurity policy and with the NERC CIP Standards
Develop interpretations of new CIP Standards using a variety of inputs such as regulatory guidance and industry benchmarking to produce unambiguous descriptions of compliance obligations for internal stakeholders to use as guidance for implementations
Develop modifications to the NERC CIP cybersecurity policy that are triggered by: new and/or changing NERC Standards, newly published guidance from the regulators, and by internal requests for improvements
Provide enterprise coordination, project oversight, reporting, and issue resolution for implementation of future versions of the NERC CIP Standards
Prepare reports on the results of internal reviews of compliance evidence, including categorization of findings and recommendations to be addressed
Support implementations of technologies to augment Duke Energy’s NERC CIP Compliance Program to drive efficiency and sustainability in the pursuit of both compliance and operational goals
Perform internal consulting with business area personnel to ensure that they understand, plan for, and implement compliance requirements
Perform training, change management, and communication support for CIP implementations and ongoing compliance activities
Influence new standard development through industry and regulator engagement
Must pass a personnel risk assessment including seven (7) year background screening and annual cyber security training
Demonstrated focus on safety
Adhere to Duke policies and ensure necessary administrative procedures are followed
- Bachelors’ degree in a related field and two (2) or more years of utility, cyber security, auditing, compliance, regulatory or related experience; OR six (6) or more years of utility, cyber security, auditing, compliance, regulatory or related experience without a degree
Bachelor or Master degree in Information Technology, Information Systems Security, or Electrical Engineering
Four (4) or more years of experience working with the NERC CIP standards and requirements
Experience with large programs and efforts, particularly with Agile method experience
Understanding of basic principles of power system protection theory, practices, and application
Certified Information Systems Security Professional (CISSP) certification
Audit certifications such as: Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified
Government Auditing Professional Certification (CGAP), NIST Cybersecurity Framework (CSF) Foundation, etc.
Experience with implementing new enterprise processes and methods in environments with distinct departmental processes
Experience working effectively in a matrixed organization
Ability to communicate clearly, concisely and accurately with peers, customers, team members, and leadership verbally and in writing
Ability to conduct challenging conversations in a tactful, professional manner
Models behaviors that promote effective interactions between individuals in a work group and between work groups
Ability to achieve consensus on decisions and communicate with impacted individuals or groups
Ability to demonstrate a customer service-oriented attitude
Ability to perform day-to-day tasks with minimal direction
Ability to manage complex problems to resolution
Relocation Assistance Provided (as applicable)Yes
Visa Sponsored PositionNo
Posting Expiration Date
Tuesday, April 30, 2019
All job postings expire at 12:01 AM on the posting expiration date.
Please note that in order to be considered for this position, you must possess all of the basic/required qualifications.
We are one of the largest electric power holding companies in the United States, supplying and delivering electricity to approximately 7.4 million U.S. customers. We have approximately 52,700 megawatts of electric generating capacity in the Carolinas, the Midwest and Florida – and natural gas distribution services serving more than 1.5 million customers in Ohio, Kentucky, Tennessee and the Carolinas. Our commercial and international businesses own and operate diverse power generation assets in North America and Latin America, including a portfolio of renewable energy assets.
Regardless of your skill set or specific interest, we're looking for the best and brightest talent in the industry. Our people make us great - and we're always looking for more. Find your career path today at Duke Energy, where it's more than a career - it's a chance to make a difference in people's lives.
Duke Energy is an Equal Opportunity Employer and complies with the laws set forth in the Department of Labor EEO Poster and Supplement.
- Duke Energy Jobs