Cleco IT Governance, Risk and Compliance (GRC) Analyst in Pineville, Louisiana
Depending on the volume of applications, this position may close to external applicants before the job posting end date expires.
Becoming the leading energy company in Louisiana - helping our people and state thrive - means being mindful of the larger opportunities and evolving needs of all those we serve. So today at Cleco, we’re working from a view that starts behind the lines. Where we can see the full picture of possibilities and technologies. To line up our customers and communities with systems and services that power the good life today. And better lives tomorrow. We’ve always believed that electricity is something more than just electrons. To us, it’s the fuel for more productive days and work. The current that brings all of us closer together. The conduit that connects Louisiana’s present to Louisiana’s future.
The Governance, Risk and Compliance (GRC) Analys t will play an instrumental role in testing adherence to Cleco’s information security policies, standards, and procedures. This role will ensure that Cleco’s IT governance processes are properly designed and are functioning effectively, and that the organization maintains its compliance with all applicable legal, regulatory, and contractual requirements. Ensure that all identified issues are documented, risk ranked, and retested as necessary. Provide oversight of IT Sarbanes-Oxley controls and IT Cybersecurity Capability Maturity Model (C2M2).
Assess IT compliance with Cleco’s policies and standards and take action to remediate non-compliance.
Ensure that Cleco’s practices satisfy the requirements of the Sarbanes-Oxley Act.
Ensure that Cleco is properly evaluating security risks through a risk assessment framework that assesses the potential impact of threats to the business and Cleco’s vulnerability to these threats and recommended controls to reduce risks to levels that align with the organization's risk tolerances and appetite.
Work collaboratively with all Cleco departments to ensure that local practices are consistent with corporate information security policies and standards.
Identify compliance objectives and mapped program deliverables to the requirements.
Participate in Cleco’s business continuity planning and disaster recovery planning programs as well as periodic exercises and tests.
Collect information for generating and communicating responses to customer due diligence requests and questionnaires.
Assist in Cleco’s vendor management / third party service provider oversight program and conduct initial vendor due diligence as well as ongoing vendor reviews.
Assist and document an annual enterprise risk assessment as well as ad hoc project risk assessments
Design and implement a program to collect and report information security related performance metrics and key risk indicators.
Communicates effectively - Develops and delivers multi-mode communications that convey a clear understanding of the unique needs of different audiences. Delivers messages effectively to all levels of the organization; creates forums for people to express themselves openly and regularly. - Ability to operate independently with minimal direction from manager
Ensures accountability - Holding self and others accountable to meet commitments.
Collaborates - Builds partnerships and works collaboratively with others to meet shared objectives.
Manages complexity - Making sense of complex, high quantity, and sometimes contradictory information to effectively solve problems.
Optimizes work processes - Knowing the most effective and efficient processes to get things done, with a focus on continuous improvement
Policy and Regulation - Works without supervision and provides technical guidance when required on interpreting and applying knowledge of laws, regulations and policies in area of expertise.
Compliance - Works without supervision and provides technical guidance when required on achieving full compliance with applicable rules and regulations in management and/or operations.
Risk Management - Identifies, assesses, prioritizes and manages risks in a production process without supervision and provides technical guidance when required.
Network/IT security - Works without supervision and provides technical guidance when required on maintaining the security, integrity, compliance and continuity of IT systems and services.
Education / Experience:
Bachelor's degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline.
Experience in one or more of the following: IT Internal Audit, Governance/Risk and Compliance, Security Awareness and Education, third party risk assessments or IT Security.
Experience defining, revising, and implementing corporate information security policies.
Experience creating, implementing, maintaining and monitoring security policies, standards, procedures, programs, plans and processes.
Understands the basic tenants of enterprise risk management (threat management, vulnerability management, and risk treatment).
Cleco is a privately owned regional energy holding company with two primary businesses. Cleco Power, our regulated electric utility business, owns ten generating assets with a total nameplate capacity of 3,357 megawatts and serves approximately 290,000 customers in Louisiana through its retail business and supplies wholesale power in Louisiana and Mississippi. Cleco Cajun, our unregulated electric utility business, owns eight generating assets with a total nameplate capacity of 3,555 megawatts and contracts that serve nine Louisiana cooperatives, five wholesale municipal customers and one electric utility.
In business since 1935, Cleco has deep roots. For more than 85 years, Cleco has kept pace with the ever-changing energy industry to serve its customers. Our corporate office is in Pineville, La. We have offices and 1,500 employees across the state near major cities like New Orleans, Baton Rouge and Shreveport. If you like great music, food and nature, with a dash of eccentricity, then Louisiana is a good place to call home.