Description:
Our Operation Services Department is looking for a Compliance & Risk Analyst to join their Risk Management team. This position will work within the NERC CIP Center of Excellence, which is focused on identifying, specifying, and continuously monitoring indicators of NERC Critical Infrastructure Protection (CIP) compliance across all business units.
The Selected Candidate For This Role Will
- Identify root cause of process failures.
- Develop and monitor mitigation plans that include an effective extent of condition.
- Perform process capability assessments for completeness, accuracy, quality of evidence, failure modes, and ability to satisfy compliance.
- Identify failure modes and determine the process defect escape probability (FMEA).
- Identify and assess effectiveness of process internal controls.
- Understand the elements of and perform risk assessments.
- Identify methods to design, measure, implement, and assess Internal Controls for effectiveness to reduce inherent risk of failure mode.
- Risk assessments – identify inherent risk within a process and residual risk after internal controls are implemented.
- Develop and measure metrics to monitor compliance.
- Develop and implement opportunity for improvements.
This job supports teams facilitating internal solution development across business units, to align Cybersecurity risk, leading technology solutions, and user experience. This position is responsible for various aspects of achieving compliance of cybersecurity including developing, implementing and enforcing IT policies, standards, methodologies and awareness using a risk based approach. Employees in this role develop a deep understanding of NextEra’s technology footprint, technology strategy, threat landscape and risks, to establish a collective Cyberstrategy.
Job Duties & Responsibilities
- Builds processes and tools to provide the business visibility of cybersecurity risks and drive accountability
- Develops and maintains policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate cyber risk while maintaining corporate compliance with mandated security regulations
- Assesses and reviews security and controls to ensure sustainable regulatory compliance
- Develops processes and monitoring to identify, quantify, analyze, and report risk and compliance status
- Coordinates cyber risk management efforts including identification, assessment, tracking and resolution of risk management activities across all levels of the organization
- Assists with training, including training material development and deployment to ensure that compliance and risk becomes a sustainable business practice
- Gathers and prepares documentation to support audits, self-assessments, data requests, etc.
- Performs other job-related duties as assigned
Required Qualifications
- High School Grad / GED
- Bachelor’s or Equivalent Experience
- Experience: 2+ years
Preferred Qualifications
- Bachelor’s Degree
- Certified Information Systems Aud (CISA) certification
- Project Management Professional (PMP)
- Six Sigma Green Belt Certified