South Jersey Industries Governance Risk and Compliance Analyst III in United States
A career in Information Security will provide the opportunity to develop, plan, design, and execute the company's cybersecurity program, including Information Technology (IT) and Operational Technology (OT). This includes implementing security controls, defenses, and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce, and web-based systems. These roles research attempted or successful efforts to compromise systems security and design countermeasures. They maintain hardware, software and network firewalls and encryption protocols; administer security policies to control physical and virtual access to systems; provide information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Additional activities include cyber risk functions such as governance, risk, and compliance (GRC) activities to coordinate with business units and other critical stakeholders on cyber risk assessments, 3rd party security reviews, and internal and external audits.
The role will be responsible for establishing appropriate Critical Access and SOD rule sets for different applications (Workday Financials and HCM, Oracle Customer Care & Billing (CC&B), Maximo and Hyperion), managing IT organizational policies and standards in support of legal and regulatory compliance needs, designing and testing general IT and organizational information security controls and interfacing with Internal Audit and business leaders to ensure that controls are designed and operating effectively. The GRC analyst will be responsible for helping to manage IT compliance for SJI utilizing Saviynt Security Manager (SSM). The individual will manage and support GRC activities within Saviynt; such as establishing user access requests and approval workflows, critical access and segregation of duties (SOD) assessments for multiple business processes, user access reviews, data governance, and IT and Cyber risk management functions.
Type of Experience Required: • 5 + years overall relevant experience, including identity governance, audit, cyber risk, consulting, or related services• Significant experience with legal and regulatory compliance standards such as SOX, GDPR, HIPAA, NERC-CIP, etc.• Familiarity with control frameworks, such as ISO or NIST Cybersecurity Frameworks• Experience with IT governance, risk, and compliance management in a large environment• Utility industry experience is ideal• Experience with documenting and testing controls with experience in following test procedures that include Test of Design and Test of Operating Effectiveness.
Qualifications/Skills:• Strong understanding of fundamental information security concepts and technology• Experience with Workday and Oracle application security• Java/J2EE and strong SQL knowledge is ideal, knowledge of Web Services (REST/SOAP)• Strong technical presentation and communication skills, both verbal and written• Ability to work independently, adapt quickly, and maintain a positive attitude• Sound business and technical acumen• Strong sense of task ownership and self-motivation• Problem solver, ability to troubleshoot and break down complex issues into an actionable progression of tasks
Other:• Certified Information Security Auditor (CISA), Certified Risk and Information Systems Controls (CRISC), Certified Information Systems Security Professional (CISSP)
Essential Functions:• Interact/coordinate with business stakeholders for various business processes supported by applications (Workday, Oracle CC&B, etc.), to define, build, test and support user access request and approval workflows, user access reviews and critical access and SOD assessments requirements• Work as a GRC lead to design, develop, build, and test the Saviynt IGA solution to support SJI business and audit requirements• Ensure controls designed in Saviynt meet control objectives as defined by Management and tested by Internal and External Auditors. Continually monitor controls throughout the fiscal year to ensure controls are operating effectively and communicate status to appropriate business and audit stakeholders• Provide solution options, knowledge- and experience-based recommendations and projected impacts to address gaps between control objectives and designed control activities• Resolve technical issues through debugging, research, and investigation• Provide technical expertise and real-life experience in creating solutions, design, proof of concept and implementation• Plan and implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data.• Update SOD frameworks and matrix with strong partnership between the business and supporting functions.
• Bachelor’s degree with 5 years of relevant experience, or;• Master’s degree with 3 years of relevant experience.
Explore the Possibilities
If you're looking to make an impact, South Jersey Industries is the perfect place. For interns, college graduates, or experienced professionals, at South Jersey Industries we look for enthusiastic, talented professionals at every level of our enterprise. From call center representatives with excellent people skills to engineers with the vision and expertise to design tomorrow’s energy infrastructure, we know that our people fuel our success. We take pride in recruiting the best talent available for every facet of our business. Explore the possibilities. You'll be sure to find an opportunity that piques your interest.
We are committed to developing and implementing innovative projects that increase energy efficiency and save clients money
We provide an opportunity to build a successful and rewarding career in a variety of functional business areas
We foster individual talents and abilities while promoting the value of teamwork
Our culture prepares you for a lifetime of learning and professional development
Equal Opportunity/Affirmative Action Employer
SJI (NYSE: SJI), an energy services holding company based in Folsom, NJ, delivers energy services to its customers through three primary subsidiaries. SJI Utilities, SJI's regulated natural gas utility business, delivers safe, reliable, affordable natural gas to approximately 690,000 South Jersey Gas, Elizabethtown Gas and Elkton Gas customers in New Jersey and Maryland. SJI's non-utility businesses within South Jersey Energy Solutions promote efficiency, clean technology and renewable energy by providing customized wholesale commodity marketing and fuel management services; and developing, owning and operating on-site energy production facilities. SJI Midstream houses the company's interest in the PennEast Pipeline Project. For more information about SJI and its subsidiaries, click here.