Job Title: Security Analyst – Governance, Risk & Compliance (GRC)
Duration: 7 W, 2 D
Location: Jacksonville, FL 32202
Not contract to Hire - but reoccurring - no end date
Position is hybrid, must be onsite a couple days a week
Pay Rate: $46.00/hr.
SUMMARY:
We are seeking an experienced detail-oriented, strategic-thinking Information Security Analyst with a strong background in Governance, Risk, and Compliance (GRC) to support cybersecurity initiatives within the utility sector. This role plays a crucial part in managing risk, shaping policy, and fostering a culture of compliance and security awareness.
Desired Attributes
A sharp eye for detail and a passion for keeping systems safe.
Proactive and collaborative mindset with a commitment to continuous improvement.
Ability to translate complex regulatory language into actionable technical and procedural requirements.
Excellent documentation and communication skills, especially when working with field and operational teams.
Someone highly organized, reliable, flexible and has exceptional attention to detail.
Organizing meetings/training, writing agendas, taking minutes, managing action logs.
3–5 years of experience in information security and/or compliance in utility, energy, or critical infrastructure environments.
POSITION SUMMARY:
The Security Analyst – GRC is responsible for monitoring, evaluating, and supporting enterprise cybersecurity and regulatory compliance operations across integrated Information Technology (IT) and Operational Technology (OT) environments within the utility sector.
This position occasionally requires after-hours support to assist project teams and perform assigned tasks, minimizing interruptions to core business operations.
IMMEDIATE MANAGER:
Manager, Information Security
SUPERVISION/DIRECTION RECEIVED:
General supervision
REQUIRED COMPETENCIES:
Proficient – Demonstrated understanding and application of required knowledge, skills, and abilities under general supervision.
Knowledge of:
• Network and systems architecture supporting utility operations, including ICS/SCADA environments
• Regulatory frameworks and standards: NIST Cybersecurity Framework, NERC CIP, Critical Security Controls (CSC), PCI, FACTA, HIPAA, FERC, and DOE guidelines.
• Operating systems, network/system architecture, protocols, and services.
• Risk management methodologies and audit lifecycle procedures
• ITIL principles and service management best practices
• Governance, Risk & Compliance (GRC) platforms and policy documentation systems
Skill in:
• Supporting security solutions that protect IT and OT infrastructures
• Using cloud services and platforms (e.g., SaaS/O365, PaaS, IaaS via AWS and Azure)
• Conducting vulnerability assessments and implementing remediation strategies.
• Writing and applying scripts (Python, PowerShell, Regex) for security automation.
• Identifying and mitigating threats, vulnerabilities, and malware relevant to utility environments.
• Integrating cybersecurity controls into development lifecycles and change management processes.
• Producing and interpreting audit logs with SIEM tools in utility settings.
• Assisting with software updates and patch deployments.
• Interpreting regulatory language and applying to technical controls.
• Organizing audit activities and preparing supporting documentation.
• Developing reports, dashboards, and documentation using SharePoint or similar tools.
• Using Microsoft Office Suite (Excel, Word, PowerPoint, Outlook)
• Communicating findings effectively across technical and business audiences.
• Critical Thinking: Assesses information for accuracy and relevance, challenges existing practices, and evaluates short- and long-term impacts of decisions on systems and outcomes.
• Managing Conflict: Proactively addresses potential disagreements, remains neutral and solution-focused, and seeks compromise through common ground.
Ability to:
• Solve complex problems creatively and analytically.
• Stay up to date on evolving threats and regulatory changes affecting utilities.
• Make informed decisions in dynamic environments with limited or incomplete information.
• Collaborate across cross-functional teams including Engineering, HR, Legal, Operations, and Business Technology.
• Identify compliance gaps and recommend solutions aligned with regulatory mandates.
• Prioritize incident response and audit readiness activities.
• Translate complex regulations into operational language.
• Adapt to evolving threats and new cybersecurity tools and technologies.
• Contribute to a strong cyber and regulatory awareness culture within the organization.
• Maintain professionalism during audits, investigations, and regulatory reviews.
• Establish productive relationships with internal stakeholders and external regulators.
• Communicate findings effectively in written and verbal formats.
• Follow through on responsibilities and escalate issues when necessary.
EXAMPLES OF PROFESSIONAL WORK:
• Assist on third-party risk assessments, vendor security review documentation and contracts reviews to ensure regulatory and data protection compliance.
• Serve as a resource to develop, maintain, and enforce security policies, standards, and procedures.
• Conduct risk assessments, security posture assessments, process reviews, or security testing and coordinates remediation efforts.
• Maintain GRC documentation including risk registers, control matrices, and incident logs.
• Produces technical documentation for regulatory reporting and internal tracking.
• Support audit readiness managing audit evidence collection and documentation for internal and external regulatory audits (NERC CIP, HIPAA, PCI-DSS).
• Collaborate on the implementation and monitoring of security controls.
• Monitor regulatory updates and advise on compliance program enhancements.
• Assists in maintaining compliance assurance and audit of regulatory security controls with NERC CIP, FERC, and other utility regulations
• Supports internal and external audits by gathering evidence and responding to compliance inquiries.
• Participate in awareness campaigns and deliver security training sessions.
• Develops and maintains awareness materials and dashboards to communicate cybersecurity practices (e.g., via SharePoint).
• Analyzes trends in security events to enhance situational awareness and operational readiness.
• Maintains and updates asset inventories, control mappings, and configuration baselines.
• Validates implementation of layered security controls and monitoring systems.
• Acts as a liaison between internal teams and external auditors and vendors.
• Escalate unique or unresolved issues to senior staff.
• Participate in special projects and ongoing professional development.
PERSONAL CONTACTS:
Frequent contact with internal users across IT, engineering, field operations, and compliance teams is required to gather information, clarify requirements, and coordinate technical and procedural responses to security and compliance needs.
OPEN REQUIREMENTS:
Associate’s Degree in Information Technology, Cybersecurity, Data Science, Information Systems, Computer Science or related discipline and four (4) years of professional experience in information security, audit or regulatory compliance, risk management, or IT compliance in a large corporate environment.
-OR-
Bachelor’s degree in Information Technology, Cybersecurity, Data Science, Information Systems, Computer Science or related discipline and two (2) years of professional experience in information security, audit or regulatory compliance, risk management, or IT compliance roles in a large corporate environment.
-OR-
Six (6) year combination of education, training and experience in information security, audit or regulatory compliance, risk management, or IT compliance in a large corporate environment.
LICENSE/CERTIFICATION/REGISTRATION:
The following certifications preferred or obtained in an agreed upon timeframe:
Two (2) or more, or their equivalent:
· DoD 8140 Certifications
· GIAC Continuous Monitoring Certification (GMON)
· GIAC Global Information Assurance - Public Cloud Security (GPCS)
· Amazon Web Services Cloud Practitioner
· Amazon Web Services Solutions Architect Associate/Professional
· Amazon Web Services Certified Security Specialty
· Azure Fundamentals
· Azure Security Operations
· Azure Security Technologies
· Azure Security Engineer
· Azure Solutions Architect
