Job Specifications
The IT Compliance Specialist II will provide subject matter expertise in the development, implementation, and maintenance of IT compliance programs and procedures. They will review and analyze IT policies, procedures, and controls to ensure they align with current regulations and adopted controls. This role will also comprehensively conduct audits and risk assessments, identifying potential issues, and recommending remediation actions. They will support the program in developing and delivering IT compliance training to the organization. They will also assist in mentoring other IT Compliance Specialists.
SALARY RANGE: (Determined by the knowledge, skills and abilities of the applicant.)
- Level II: $67,650 - $101,450
- Senior: $80,550 - $120,800
REPORTING RELATIONSHIP: IT Compliance Manager
LOCATION: This position may be located at our corporate headquarters in Rapid City, South Dakota or Remote.
- Remote: This position is remote eligible in the United States. Currently, Black Hills Energy may have employees in the following states: AR, CO, IA, NE, KS, SD, WY, TX, or IN. This role may also require occasional work at a Black Hills Energy office as agreed to with your manager. This list is continuously evolving and being updated, please check back with us if the state you live in is not currently eligible.
- In-Office Location: Our corporate headquarters in Rapid City, South Dakota.
- Relocation financial assistance is available, amount may vary based on individual circumstances.
ESSENTIAL JOB FUNCTIONS:
- Provide subject matter expertise in the creation, implementation and maintenance of appropriate enterprise programs, policies, and procedures to be aligned with applicable technology related regulations including TSA Security Directives/Guidelines, NERC CIP, and SOX.
- Comprehensively perform and monitor IT compliance activities including data collections, analysis and remediation throughout BHE, working with internal and external audit teams as required.
- Support management in the design and operating efficiency testing of the IT departments control activities processes.
- Communicate and train on IT compliance related issues and activities. Partner within the organization to build IT compliance awareness.
- Support when there are complaints or violations of laws, regulations or internal policies and procedures, you will be responsible for investigating them, documenting your findings, and taking appropriate corrective action, including reporting violations to regulatory agencies.
- Comprehensively understand and maintain knowledge of applicable standards, requirements and their application to the enterprise environment in cooperation with operational area SMEs.
- Be engaged in industry forums and venues related to various Compliance topics; make recommendations to management at all levels to ensure that appropriate levels of compliance is maintained.
- Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking innovative practices; participating in professional societies.
- Facilitate IT responses to internal and external audits and regulatory reviews to ensure compliance with applicable regulatory standards and internal security policies and controls.
- Act as Team Lead while supporting internal and external audit to perform audit testing, data collection and remediation of issues identified.
- Occasional overnight travel as necessary to attend team meetings, meet with employees, support compliance activities, provide or receive training, and support remote systems. After hours response may be required for critical issues requiring management attention.
- Comprehensively understand interrelationships and dependencies between business processes and functions, both internal and external to the company, and the associated impact on the effectiveness of the control environment with minimal assistance and oversight.
ADDITIONAL RESPONSIBILITIES:
- Be actively engaged in industry forums and venues related to various Compliance topics; make recommendations to management at all levels to ensure that appropriate levels of compliance are maintained.
- Work directly with non-IT compliance professionals such as legal, audit and corporate compliance to ensure organizational alignment.
- Review compliance certifications including SOC1, SOC2 and ISO 27000. Provide guidance and mitigation controls based on the results of the review.
QUALIFICATIONS:
Level II:
- Minimum of (3) three years of experience in information technology, compliance, audit or similar role required.
- Bachelors in IT, Business Administration, Compliance, Risk Management, Security, Information Technology, or similar role or equivalent combination of education and experience required.
Black Hills Corporation
625 Ninth St
Rapid City
South Dakota United States
www.blackhillscorp.com