| MOI: Telephone + Skype
Responsibilities
- Develop, implement, and maintain programs that are designed to manage compliance with regulatory and/or enterprise requirements (NERC CIP, SOX, HIPAA, FCC, GOV 7001S, etc.)
- Facilitate a variety of compliance forums that are held to share information with impacted System and Business Process Owners
- Participate in cross functional mitigation reviews with the LOBs and/or 3rd party
- Performs Root Cause Analysis
- Participate in estimating the costs to mitigate open compliance findings
- Participate in developing the costs associated with risk avoidance
- Participate in sessions to determine the likelihood of risk occurrence for open compliance findings
- Evaluate regulatory, legal, industry, and enterprise requirements (Authority Documents) and identify a normalized group of control objectives that can be applied across system and business processes to prevent, detect, or minimize risks associated with non-compliance to those requirements
- Evaluate the effectiveness of control activities designed to prevent, detect or mitigate it security risks
- Review and validate evidence that has been provided in association with control gaps during an internal self-assessment.
- Collect and evaluate evidence for the controls in this area.
- Acts as lead in project implementation when appropriate.
- Leads installation, testing, troubleshooting, documentation, and production release of new enterprise applications.
- Scripts complex procedures and processes for automation.
- Mentors team members supporting enterprise computing technologies, work priorities, project management, and customer service.
- Exercises independent judgment and discretion in matters of significance with broad scope and high complexity
- Performs assigned tasks of moderate to high complexity using established procedures, standards, and guidelines
- Works independently or on multiple projects as a project team member, frequently as a project leader
- Works on medium to large, complex projects that require increased skill in multiple technical environments and knowledge of a specific business area
- Coaches and mentors staff
- Communicates new processes, conveys and gains support for making changes
- Understanding business domain and makes realistic, feasible recommendations and facilitates implementation of effective solutions
- Quickly understands the business issues of the organization. Reviews and edits requirements, specifications, and recommendations.
- Applies technology or team leadership abilities
Qualification Minimum - AA/AS in Business or Information System related discipline
- 4 years of relevant technical experience
- 2 year compliance, security, and/or compliance experience.
- Familiarity with regulatory requirements – SOX
- Strong audit skills
- Demonstrates advanced knowledge and technical competence
- Demonstrates advanced troubleshooting skills
- Demonstrates advanced understanding of Server OS, hardware, and related technologies
- Deep knowledge in key areas of: UNIX/Linux
- Ability to communicate new processes and convey changes to others, and gain organizational support for making changes
- Excellent verbal and written communication and presentation skills
Desired - B.A. /B.S. degree or equivalent work experience in information system, computer science, business administration or other relevant field required.
- Working knowledge of generally applicable and accepted auditing standards and framework (e.g. COBIT, CAG 20 Critical Security Controls) and best practices for IT services management (e.g., ITIL), government guidelines and laws (e.g. Sarbanes Oxley Act, NERC/CIP, HIPAA, FCC).
- Strong understanding of regulatory requirements impacting the utility industry (SOX, HIPAA, NERC CIP, Smart Meter/Smart Grid, etc.) with subject matter expert knowledge in one or more areas
- Able to establish control objectives based on complex regulatory requirements, company
- 3 - 5 years of system administration experience
- At least 2 years of leading a team in an IT function
- Utility Experience
- CLIENT experience within the related line of business.
- Project lead and consulting experience
- May require certification applicable to the technology being supported.
|
No comments:
Post a Comment