Eversource Energy IT Compliance Manager in Berlin, Connecticut
Job Description Summary:
The IT Compliance Manager is responsible for managing the Compliance program for the Information Technology (IT) department. Specifically, the IT Compliance Manager will ensure that IT maintains a control environment, consistent with the Eversource compliance initiatives, including but not limited to Sarbanes Oxley, NERC CIP, and various privacy requirements. The IT Compliance Manager will ensure that the IT controls are effective through periodic testing of the controls and through working with the IT Applications, Security, and Infrastructure groups, remediate any deficiencies or missing controls. This role will also supervise a team of analysts and contractors who will implement the Compliance program developed by the IT Compliance Manager.
- Ensure compliance with Eversource Policies, Standards and Procedures.
- Interprets and applies laws, regulations, policies, standards, or procedures to specific issues.
- Interprets patterns of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program.
- Presents technical information to technical and non-technical audiences.
- Provides guidance on laws, regulations, policies, standards, or procedures to management, personnel, or clients.
- Liaises with external auditors.
- Maintains current knowledge of applicable federal and state compliance requirements.
- Serves in a leadership role for IT Compliance Committee activities.
- Collaborates on cyber regulatory and security policies and procedures.
- Collaborates with cyber security personnel on the security risk assessment process to address compliance and risk mitigation.
- Coordinates with the appropriate Executives re: procedures for documenting and reporting self-disclosures of any evidence of compliance violations.
- Acts as a compliance liaison to the information systems department.
- Develops compliance training materials and other communications to increase employee understanding of company IT policies, data handling practices and procedures.
- Conducts on-going compliance training and awareness activities.
- Directs and oversees Compliance specialists and coordinates the Sarbanes Oxley and NERC CIP Internal Control Testing activities.
- Provides leadership in the planning, design and evaluation of compliance and security related projects.
- Periodically revises the compliance program in light of changes in laws, regulatory or company policy.
- Provides development guidance and assists in the identification, implementation and maintenance of organization information policies and procedures in coordination with organization management and administration and legal counsel.
- Assures that the use of technologies maintains, and do not erode, compliance protections on use, collection and disclosure of personal information and other company data.
- Monitors systems development and operations for security and compliance.
- Participates in the implementation and ongoing compliance monitoring of all third parties, to ensure all Compliance concerns, requirements and responsibilities are addressed.
- Acts as, or work with, counsel relating to business partner contracts.
- Mitigates effects of a use or disclosure of personal information by employees or business partners.
- Develops and applies corrective action procedures.
- Manages the Identity and Access Management services for Eversource.
- Maintains metrics regarding quality and service delivery for all access type requests.
Technical Knowledge/Skills: Mastery knowledge in: administration functions of primary security products; ability to integrate primary products into overall security program; access control systems; and security models, principles and concepts. Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge of cybersecurity principles. Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications. Knowledge of applicable laws (e.g. Sarbanes Oxley, NERC CIP, CT/MA/NH State Privacy and Data Protection). Skill in creating policies that reflect the business’s core compliance objectives. Ability to work across departments and business units to implement organization’s IT Compliance principles and programs, and align compliance objectives with security objectives. Working knowledge of operating systems, networking, databases, browser technology, programming, and IT general control processes. Knowledge of applicable business processes and operations of customer organizations. Skill in communicating with all levels of management (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience). Ability to develop clear directions and instructional materials. Mastery skill in day to day issues: problem solving, change management, etc. Working knowledge and expertise of General Project Management.
Education : Bachelor of Science degree from an accredited four-year college or university in Computer Science, Engineering, or related discipline, or equivalent work experience and technical training.
Experience: A minimum of 10 years of related experience.
Number of Openings:
Eversource Energy is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, sex, sexual orientation, gender identity, national origin, religion, disability status, or protected veteran status.
VEVRRA Federal Contractor