Information Security Analyst - NERC/CIP Compliance (REMOTE)
Company: California ISO
Location: Portland
Posted on: June 23, 2022
Job Description:
Company DescriptionThe California Independent System Operator
(ISO) manages the flow of electricity across the high-voltage,
long-distance power lines that make up 80 percent of California's
power grid. We safeguard the economy and well-being of 30 million
Californians by operating the grid reliably 24/7.As the impartial
grid operator, the California ISO opens access to the wholesale
power market that is designed to diversify resources and lower
prices. It also grants equal access to 25,865 circuit-miles of
power lines and reduces barriers to diverse resources competing to
bring power to customers.The California ISO's function is often
compared to that of air traffic controllers. It would be grossly
unfair for air traffic controllers to represent one airline and
profit from allowing that company's planes to go through before
others. In the same way, the California ISO operates
independently-managing the electron traffic on a power grid we do
not own-making sure electricity is safely delivered to utilities
and consumers on time and reliably.The California ISO is committed
to the health, safety, and work/life integration of it employees
and is proud to offer flexible work arrangements. This position
would be eligible to participate in a fully remote schedule. Job
DescriptionUnder the general direction of the Manager, supports the
information security compliance requirements and company risk
tolerance to ensure a culture of information security compliance.
Supports the security, controls and lifecycle process to ensure
alignment and compliance with security policy and regulatory
compliance requirements. Assists in security compliance programs,
creating assessments, and tracks risk mitigation and remediation
activities.What You Will Be Doing
- Maintains IT governance, risk and compliance (GRC) tool that
cross references standards against CAISO policies, procedures and
controls. Identifies gaps and helps develop CAISO specific
policies, procedures and controls that meet external requirements
and CAISO information security needs.
- Assists in the evaluation of compliance of all processes,
procedures, and standards applicable to the position including (but
not limited to): SSAE18 (Statement on Standards for Attestation
Engagements No. 16), NERC CIP (Critical Infrastructure Protection),
and ISO 27000 series (Information Security Management Systems
(ISMS) standards as defined by the International Organization for
Standardization), NIST Cyber Security Framework (CSF).
- Ensures consistent compliance with applicable requirements,
supporting the requirement owners with identification and proactive
collection of evidence for audits. Supports requirement owners with
remedies to findings.
- Collects evidence for quarterly NERC CIP Compliance and SSAE18
reviews. Leverages GRC tool for collection.
- Maintains schedules, reports, and materials for
compliance-related activities pertaining to IT and other
control-related matters.
- Maintains tracking tools and reports for compliance measures.
Assists in preparation of reports and briefs explaining standards
issues and compliance status.
- Supports the team in benchmarking existing and planned IT
environments.
- May identify trends and predict future issues to effectively
implement courses of action.QualificationsLevel of Education and
Discipline:A Bachelor's degree (BA, BS) or equivalent education,
training or experience in Computer Science, Engineering, or related
technical field. Master Degree preferred.Amount Of
ExperienceEquivalent years of education and training, plus two (2)
or more years related experience.CertificationsCISSP, CISA or
equivalent professional certifications desired.Type Of
ExperienceExperience in an Information Security corporate
environment. Experience in IT Audit, IT Risk, system
administration, network and application security concepts.
Experience with NERC Reliability Standards including NERC CIP.
Direct experience or exposure to the following technologies:
Windows, Linux, or other UNIX operating systems, SSO, LDAP, Java,
XML, Enterprise Directory or Active Directory Domain
Administration. Familiarity following Governance and Access Control
models required. Experience with IT GRC (Governance, Risk and
Compliance) tools such as Archer or MetricsStream.Experience In One
Or More Of The Following Areas
- One or more directories, including Active Directory, IBM
Directory Server, and SunONE Directory Server, Novell e-Directory,
Open LDAP, or CA Directory
- Audit management and internal audit standards.
- Process control design and testing methods
- Risk Management methodologies and tools
- Business Continuity and Disaster Recovery methodologies
- Governance frameworks including ISO27000, NIST-800, and/or
CERT-GES.
- Compliance Standards including NERC-CIP, SSAE-16, SOX, HIPPA,
and/or PCI
- In depth knowledge of regulatory compliance requirements and
risk management. Ability to solve business problems through
technology.
- Experience in a cross platform environment.Additional Skills
And AbilitiesMust be able to work effectively in a team environment
as facilitator and team member. Excellent analytical, verbal and
written communication and documentation skills required, with a
demonstrated attention to detail. Excellent planning and
organizational skills. Ability to use deductive reasoning and
analytical thinking with sound judgment and decision-making skills.
Strong interpersonal and conflict resolution skills are also
essential. Must be self-starting and willing and able to work
independently in a dynamic corporate organization under pressure of
tight deadlines and aggressive expectations. Self-motivated,
problem solving skills and the ability to influence others without
direct authority.Additional Information
- We will also consider this position at the Senior level, which
requires A Bachelor's degree (BA, BS) or equivalent years of
education, training, or Computer Science, Engineering or related
technical field, plus five (5) or more years related experience.All
your information will be kept confidential according to EEO
guidelines.
Keywords: California ISO, Portland , Information Security Analyst - NERC/CIP Compliance (REMOTE), Professions , Portland, Maine
Didn't find what you're looking for? Search again!
Loading more jobs...