Responsible for achieving team objectives for the enterprise North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Cybersecurity Compliance Program. Responsible for enterprise Cyber Security controls as applicable, to adhere to regulatory requirements such as HIPAA (Health Insurance Portability and Accountability Act), PII (Personally Identifiable Information), PCI (Payment Card Industry), etc. Works closely with multiple internal Business Areas to ensure effective, efficient and consistent adherence with the NERC CIP Standards and a strong compliance culture is achieved across the organization. Involves work with developing and maintaining the Program Standards, Procedures, Processes and Tools and performing quality assurance (QA) and validation to ensure compliance is achieved.
- Perform technical feasibility reviews, quality assurance (QA) reviews, and validation reviews of CIP or Cyber Security-related implementations (processes, procedures, internal controls) and associated evidence to ensure compliance with CIP cybersecurity policy and with the NERC CIP Standards.
- Develop interpretations of new CIP Standards or other regulatory standards using a variety of inputs such as regulatory guidance and industry benchmarking to produce clear descriptions of compliance obligations for internal stakeholders to use as guidance for implementations.
- Develop modifications to the CIP cybersecurity policy that are triggered by: new and/or changing NERC Standards, newly published guidance from the regulators, and by internal requests for improvements
- Provide enterprise coordination, project oversight, reporting, and issue resolution for implementation of future versions of the NERC CIP Standards.
- Prepare reports on the results of internal reviews of compliance evidence, including categorization of findings and recommendations to be addressed.
- Support implementations of technologies to augment NERC CIP Compliance Program to drive efficiency and sustainability in the pursuit of both compliance and operational goals.
- Consult with internal business area personnel to ensure that they understand, plan for, and implement compliance requirements.
- Perform training, change management, and communication support for CIP implementations and ongoing compliance activities.
- Maintain SharePoint evidence repository for Critical and sensitive CIP evidence storage.
- Facilitate performance Cyber Security Risk assessment for vendors' security compliance.
- Analyze security documents/configurations for various security application platform or ability to learn during engagements.
- Perform Excel based analysis and comparison for outputs generated by Cyber Security systems such as NetStat, WinAudit, ACL, Syslogs, etc.
- Stay abreast of and complies with local, state, and federal legal requirements by studying existing and new legislation.
- Provide leadership and example in meeting JEA's safety and wellness goals.
- Perform other job-related duties as assigned.
Qualifications - External
Education: A bachelor's degree in computer science, information systems, accounting, business administration, public administration, or a related field
AND
Experience: Three (3) years of cyber security, auditing, compliance, regulatory, or related experience, with at least one (1) year in a regulatory or compliance environment. Utility experience is preferred.
OR
An equivalent combination of education, experience, and/or training.
License/Certifications/Registrations: A valid driver's license is required prior to employment and must be maintained during employment in this classification. CISSP, or CISA, or CRISC is preferred.
