Website Duke Energy
This position is responsible for coordinating and facilitating the execution of compliance, oversight, and support tasks within the – ITC3 organization. Employees at this level, the 3rd level of the Cybersecurity Governance & Risk Analyst classification hierarchy, solve complex problems, manage work, and provide guidance to others in multiple areas of specialization, with minimal supervision and increased latitude for unreviewed work. This position coordinates activities within ITC3 working teams for self-certifications, audit preparation, self-reports, root cause analysis and mitigation plans, among other activities. The successful candidate will be expected to promote knowledge of compliance responsibilities for telecom and cybersecurity (SMEs) and facilitate education, information and training to achieve and sustain compliance success and enhanced grid reliability. Furthermore, the candidate is expected to participate on working groups and task force activities to represent Duke Energy interests and acquire information on best practices that can be implemented within Information Technology and Cybersecurity.
- Competent in the use of IT and Cybersecurity policy, standards, processes, controls, tools and research capabilities Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure they provide the intended level of protection.
- Correlate incident data to identify specific vulnerabilities and make recommendations that enable appropriate and prompt remediation.
- Exhibit a sense of urgency in completing assigned tasks for audits, initiatives and other department projects in accordance with prescribed milestones.
- Assist with the collection and validation of evidence for time based triggered events.
- Drive solutioning and strategy to problems impacting IT/Cyber Security or the Enterprise for adherence to the Duke Energy IT503 Program
- Provide leadership and mentoring to team members to ensure quality work and improved performance and increased knowledge over time.
- Support IT Compliance interactions with CIP Program Management and compliance teams from other business units; particularly as it relates to enterprise problems and solutions.
- Implement ongoing Cross-Training of technical and process knowledge.
- Perform quality assurance (QA) reviews and validation reviews of CIP-related implementations (processes, procedures, internal controls) and associated evidence to ensure compliance with Duke Energy’s NERC CIP cybersecurity policy and with the NERC CIP Standards.
- Able to work effectively with broadly defined direction requiring a great degree of judgment; recognizes appropriate times to raise issues and provide status updates.
- Ability to manage confidential information with a high degree of integrity and achieve consensus on decisions and communicate with impacted groups.
- Exhibits confidence and a proper level of assertiveness when needed; displays maturity in approach and ability to effectively handle stress and frustration.
- Demonstrates active-listening skills and puts forth the effort to understand the points of view of others.
- Ability to conduct challenging conversations in a tactful, professional manner and demonstrate a customer service-oriented attitude always.
- Skill in developing security compliance processes, job aids and/or audits for external services (e.g., cloud service providers, data center).
- Able to resolve complex issues that require significant freedom of action and sound judgment with little management oversight.
- Responds well to supervisors, easy to challenge and develop, and is coachable.
- Strong/advanced EXCEL and ACCESS user with the ability to seamlessly write, combine and debug formulas to productively use these tools.
- This includes knowing important keyboard shortcuts, mouse shortcuts, workarounds and customizations.
- Working knowledge of Cybersecurity frameworks such as NIST and networking concepts including firewalls, routers and switches, VPN, encryption, IDS/IPS sensors, SCADA systems and data interfaces to field devices (RTU, PLC, etc.).
Qualification & Experience:
- CISSP, CISM, CISA or equivalent certification(s).
- In addition to required degree, eight (8) years minimum utility, cyber security, auditing, compliance, regulatory, NERC CIP or related experience
- In lieu of Bachelor’s degree AND eight (8) years minimum experience listed above, 12 years minimum of utility, cybersecurity, audit, compliance, regulatory, years minimum experience in security operations center, firewall, network, military information security and/or system administration relevant work experience in IT, Cybersecurity and/or NERC CIP, without a degree.
- Bachelors’ degree in Cybersecurity or other related discipline
Company: Duke Energy
Vacancy Type: Full Time
Job Location: Charlotte, NC, US
Application Deadline: N/A