Duke Energy Lead IT Compliance Analyst - NERC CIP in Charlotte, North Carolina

Title: Lead IT Compliance Analyst - NERC CIP Location: North Carolina-Charlotte-DE Busn Svcs-Headquarters (093) Job Number: 140537

The Lead IT Compliance Analyst leads the development and implementation of programs, processes and procedures to maintain and demonstrate compliance for Duke Energy’s NERC CIP environments. This position actively participates in NERC CIP compliance and audit activities, including participating as a subject matter expert (SME) as necessary during audits.

Responsibilities include but are not limited to:

Carries out individual work assignments in development and support of IT NERC CIP compliance program to meet regulatory and company requirements

Works with multiple IT / Cybersecurity teams to ensure that solutions adhere to NERC CIP requirements

Participates in regulatory audits, spot-checks, and self-certifications including mock audits

Provides on-going consulting assistance in addressing security issues and in implementing security policies, procedures and measures, including serving as a SME for a defined set of NERC CIP standards

Assists with the review, evaluation and root cause identification of deficiencies, and participates in mitigation plans with corrective actions

Works directly with customers, external contractors, and vendors to ensure project goals are met and/or issues are escalated, classified and documented properly

Provides technical guidance on compliance-related security controls, including vulnerability resolution activities, network segmentation, etc.

Documents complex processes and procedures into easily understood documentation, which meets reliability standards

Serves as an interface between team members, IT functional areas, corporate areas, contractors, and vendor support to ensure appropriate communication and problem resolution

Working Condition: Must pass a personnel risk assessment including seven (7) year background screening and annual cyber security training #LI-POST Qualifications: Required/Basic Qualifications:

Bachelors’ degree in a related field and four (4) or more years of utility, cyber security, auditing, compliance, regulatory or related experience; OR 10 or more years of utility, cyber security, auditing, compliance, regulatory or related experience in lieu of a degree

Experience with IT audits, IT controls, IT security and related industry regulatory issues Desired Qualifications:

Working knowledge of security and networking concepts including: firewalls, routers and switches, VPN, encryption, IDS/IPS sensors

Four (4) or more years of utility, cyber security, auditing, compliance, regulatory or related experience with at least 2 years NERC Compliance experience in addition to a degree

Understanding of basic principles of power system protection theory, practices, and application

Knowledge and expertise with SCADA systems and data interfaces to field devices (RTU, PLC, etc.)

Advanced degree in Computer Science, Engineering, Legal or related field

Experience working directly with NERC CIP, PCI, SOX or similar regulatory compliance frameworks

Experience working directly with IT assessments, Regulatory or Financial Audits

Experience understanding and evaluating FERC guidelines and NOPRs (Notice of Pending Regulations)

Experience understanding and evaluating NIST 800 series, ISO/IEC 27001, PCI/DSS, COBIT or similar cybersecurity / control frameworks.

Certifications: Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), Certified Government Auditing Professional Certification (CGAP), NIST Cybersecurity Framework Foundation (CSF), or other related certifications

Strong problem solving, critical thinking and logical structuring skills

Ability to collaborate with staff in multiple business areas and external organizations

Excellent verbal and written communication skills Job: IT Development and Administration