POSITION CONCEPT
Under general supervision, carries out procedures to ensure all information systems products and services meet IT&T organization standards and compliance obligations, including regulatory requirements, contractual requirements, and Emera requirements. Analyst is primarily responsible for the maintenance, training, assurance, monitoring and reporting of all IT standards and procedures, as well as IT&T related regulatory requirements for the TSI IT&T Department and individual business units as applicable.
Please keep in mind that these are the minimum requirements for a Compliance & Risk Analyst position. This position does have various levels, so if an applicant meets more of the preferred skills, they may qualify for a higher level of position.
PRIMARY DUTIES AND RESPONSIBILITIES
- Policies, standards, and processes: Analyzes best-in-class processes including IT Information Library (ITIL), National Institute of Standards and Technology (NIST) standards, and COBIT, and keeps current on all regulatory and compliance issues relating to Information Technology. Responsible for maintaining all IT standards, procedures and policies. Maintains internal desk-level procedures.
- Assurance and Information Management: Ensures that quality methods and procedures are executed by the IT department to stay in compliance with regulatory requirements, e.g., NERC Critical Infrastructure Protection (CIP), Sarbanes-Oxley (SOX), contractual requirements (e.g., Payment Card Industry (PCI) Data Security Standards (DSS), Defense Federal Acquisition Regulation System (DFARS) requirements, internal requirements, e.g., Emera, voluntary requirements, e.g. America Gas Association commitment to Department of Homeland Security (DHS) Transportation Safety Administration (TSA) Pipeline Security Guidelines, and customer requirements. Manages compliance related information and documentation consistent with retention requirements. Support collection, review and approval of compliance-related data. Facilitates and tracks deliverables for root cause analysis, compliance reporting, technical feasibility exceptions, and NERC Alerts.
- Controls & Monitoring: Administers the IT Compliance Management Systems and Governance, Risk, and Compliance (GRC) tool(s). Collect and sample evidence to support demonstration of compliance. Escalates out of compliance items to senior management. Participate in the implementation of technology-based tools (e.g. GRC) to support IT risk initiatives. Additionally, analyst adheres to company confidentiality and security requirements.
- Reporting: Documents all quality problems and compliance issues, and assists in their resolution. Performs quality audits across various IT&T functions to ensure quality standards, procedures, and methodologies are being followed. Monitors and reports on exceptions, risks and exposures to IT senior management.
- Training and Communications: Develops and delivers quality process training to technical staff and acts as an internal quality consultant to facilitate business or technical partners on the use of the IT standards and procedures.
- Performance Management: Establishes and administers activities of performance analysis (e.g., metrics) within assigned area(s) of responsibility.
QUALIFICATIONS
Education
Required: Bachelor's degree in Computer Science, Information Systems or a related field with a minimum three (3) years of experience in an information technology, audit or utility business.
OR Associates Degree with a minimum five (5) years of experience in an information technology, audit or utility business
OR Valid high school diploma or GED with a minimum seven (7) years of experience in an information technology, audit or utility business may be considered in lieu of a 4 year degree
Preferred: Two (2) years of direct IT Audit or Controls experience strongly preferred. Four (4) year degree in Computer Science, Information Systems, or related information technology discipline strongly preferred.
Licensing/Certification
Required: Expected to obtain Information Technology Infrastructure Library (ITIL) Certification within 6 months of employment in this position.
Preferred: Current ITIL Certification. Certified Information Systems Auditor (CISA) or related certifications.
Related Experience
Required: Minimum of 3 years experience in an information technology, audit, or utility business environment is required.
Preferred: 2 years IT experience, especially security or network technologies, IT audit.
Knowledge/Skills/Abilities
Required: Excellent writing skills for creating IT-related compliance documents. An extensive knowledge and understanding of IT regulatory standards and control frameworks. Ability to apply regulatory requirements within all aspects of the IT Department. Demonstrates the ability to work with all levels of team members throughout the company.
Preferred: Knowledge of Utility IT regulations. Knowledge of Sharepoint document management and workflow.
Read the full posting.TECO Energy
702 N Franklin St
Tampa
Florida États-Unis
www.tecoenergy.com
