Power up a career with us. Our people are our greatest investments.Be the light to help us keep our customers connected. If you are interested in a career and not just a position, Tampa Electric is the place to be! Tampa Electric offers competitive pay, a comprehensive benefits package and opportunities for growth and development in a friendly and professional work environment. We embrace diversity and the inclusion of all. We believe our differences, unique perspectives and talents are our strengths and integral to the success of our company.We’re honored to serve approximately 780,000 customers across West Central Florida and safely provide them with clean, affordable and reliable electricity. We’ve been doing it for more than 100 years, and there’s so much more ahead.Join our team of energy experts as we build on that legacy through innovation, continued solar investments, cost-effective and sustainable energy solutions all while keeping top-notch customer service at the center of all we do.Tampa Electric is a subsidiary of Emera Inc., a family of energy companies which also includes TECO Peoples Gas and New Mexico Gas Company. Emera provides energy to residential and commercial customers in the United States, Canada, and the Caribbean, with career opportunities available in all of these locations.TITLE: IT Risk and Compliance Assurance LeadPERFORMANCE COACH: Manager, Compliance & AssuranceCOMPANY: Tampa Electric CompanyDEPARTMENT: IT Compliance and AssurancePOSITION CONCEPTLeads a team which does the following: Responsible for supporting activities directly related to assuring and maintaining Tampa Electric’s adherence with the NERC CIP standards and requirements. Includes assessing and assuring relevant systems, assets, processes, controls, procedures, and evidence of compliance are accurate, demonstrate compliance with applicable requirements, are effective on a continuous basis, and that all periodic activities needed for ongoing compliance have been performed in a timely manner. Ensures audit readiness and detects issues that may lead to non-compliance and act to prevent the non-compliance, as well as identify potential NERC CIP non-compliance issues. Creates and performs internal technical controls to produce evidence of ongoing compliance.Utilizes critical thinking skills and in-depth understanding of the NERC CIP standards and requirements, expertise in the review, testing, and development of processes, procedures, technical controls, and evidence of compliance to demonstrate control effectiveness and compliance.PRIMARY DUTIES AND RESPONSIBILITIES INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING:
Oversee independent assessment and assurance of the effectiveness and efficiency of the NERC CIP control environment. Administers and monitors the execution of TEC compliance program by sampling compliance deliverables for acceptable content and assessing risk. Utilize technical security tools to further sample content. [30%]
a. Lead the testing and validation of existing NERC CIP assets, processes, procedures, technology and people to assure their continued compliance with NERC CIP standards and requirements.b. Provides ongoing validation, guidance and oversight of work completed by NERC CIP stakeholders to ensure quality results.c. Identify, evaluate, and recommend plans that assist in the mitigation/remediation areas of cyber security compliance risks and vulnerabilities identified during related assurance duties, especially key risk indicators and preventive controls including alerts and/or automation.d. Ensure compliance issues are investigated and reported to appropriate authority.
Advance assurance program. Maintain, monitor, and report on status of the assurance program [including identification and monitoring of performance metrics. [20%]
a. Lead efforts to monitor, assess, detect, and report on the continued effectiveness of implemented security controls by leveraging administrative processes and technologies.b. Coordinate and collaborate with affected stakeholders in response to identified control misconfigurations or systems in a potential non-compliant state (e.g., unauthorized ports, misconfigured password settings, etc.).c. Create new internal controls to verify performance of ongoing compliance-related processes.
Utilizes expertise and leadership skills to manage and independently resolve NERC CIP compliance related issues to ensure day-to-day activities and project goals are met. Collaborate with IT Project teams and management to reduce risk by ensuring NERC CIP technical requirements are integrated into projects, and those projects/tasks are fully compliant with NERC CIP requirements. Lead the validation of new assets NERC CIP assets introduced into Tampa Electric, to ensure they comply with the NERC CIP standards and requirements. Provide guidance in the drafting of plans, processes, and work practices in support of NERC CIP compliance so that those documents and practices produce verifiable evidence of compliance which can be reviewed for completion and correctness. Create, review, test, collect and organize required evidence which demonstrate compliance with NERC CIP standards and requirements, such as evidence for access controls, ports and services, physical port security, malicious code prevention, security event monitoring, account management, and baseline components. [10%]
Coordinate and collaborate with affected stakeholders in response to vulnerabilities identified during annual vulnerability assessments to ensure their successful remediation. [10%]
Support internal and external audits, review applicable findings and recommendations, and implement/oversee necessary corrective and/or preventive actions. Provide input and compose management responses to internal/external NERC CIP audits and data requests in collaboration with respective management and staff. [10%]
Collaborate in the implementation of relevant administrative, technical, and physical controls and evidence design required to ensure compliance with new NERC CIP requirements. Ensure integration of IT compliance obligations into IT and NERC CIP policies, standards, procedures, processes, plans, RSAWs, standards, including flow diagrams and automated reporting, and other supporting evidence as needed. [10%]
Contribute to Compliance, Assurance and Risk Workplan to ensure the TECO affiliates comply with IT regulatory, contractual, and Emera new and existing standards. Assists with the IT Compliance and Assurance team strategy, goals development, and team communication. 10%
SUPERVISIONDirect: Supervises the day-to-day activities of staff of 2-3 IT QA and Compliance team members. As needed, supervise and mentor BCE Student, Co-op, and/or Intern.Indirect: Indirect supervision of contract project manager. As needed, supervise third-party consultant(s)RELATIONSHIPSKey Internal: Directly accountable to the Manager, IT Compliance & Assurance. Interacts with all levels of IT&T; selected individuals in Energy Delivery, Energy Supply, Renewables, Corporate Security, Facility Services, Human Resources, Emergency Management, Regulatory Affairs; and Emera Compliance and Cyber Security.Key External: Build and maintain external relationships with vendors, contractors, consultants, industry contacts, regulatory auditors, and other utility partners.QUALIFICATIONSEducation/TrainingRequired: Four (4) year degree in computer science, information systems, or other IT-related discipline.Required: Expected to obtain Information Technology Infrastructure Library (ITIL) Certification within 6 months of employment in this position.Audit (Certified Information Systems Auditor [CISA] or security-related (e.g., Certified Information Systems Security Professional [CISSP], Certified Information Security Manager [CISM]) certification or similar certifications such as those from these certification vendors: (ISC)2, GIAC, ISACA, SANS, CompTIA, e-Council, etc.).ExperienceRequired: Minimum of 7 years’ experience in an information technology, compliance audit or utility business environment is required, with at least 3 years in an IT security, audit or controls-based role such as cyber security, industrial control systems, NIST Cybersecurity Framework (CSF)/Risk Management Framework (RMF), Sarbanes-Oxley IT General Controls, or NERC CIP.Preferred: 5+ years IT security, compliance, audit, or other controls experience. Leadership experience or experience leading teams or projects is preferred.Knowledge/Skills/Abilities (KSA)Required: Maintains an expert level knowledge of regulatory, contractual, and internal compliance standards and how to ensure compliance. Understanding of Risk Management principles. Risk assessment skills. Ability to lead groups to consensus. Ability to oversee IT projects as they related to compliance. Must be able to complete highly complex duties involving a wide variety of situations requiring critical thinking/analytical skills, judgment and interpersonal organizational relationships. Ability to train large groups on IT regulatory requirements. High tolerance for stress and managing competing priorities. Broad technical knowledge (e.g., infrastructure, security, change management, SDLC). Strong listening, oral, written and digital communication skills for reporting and auditing purposes. Ability to foster a positive work environment by building relationships among peers and other business partners. Working knowledge and understanding of major operating system security and network security principles, major security systems and functions such as Firewalls, IDS/IPS, Antivirus/Antimalware, SIEM, Incident Response, Threat Prevention, Change and Configuration Management, File Integrity Monitoring, and Governance, Risk and Compliance solutions, and understanding of the Vulnerability Management Lifecycle and its application in enterprise settings.#LI-SACTECO offers a competitive Benefits packageCompetitive Salary 401k Savings plan w/ company matching Pension plan Paid time off Paid Holiday time Medical, Prescription Drug, & Dental Coverage Tuition Assistance Program Employee Assistance Program Wellness Programs On-site Fitness Centers Bonus Plan and more!Nearest Major Market: TampaJob Segment: Sustainability, Computer Science, Drafting, Information Security, Information Systems, Energy, Technology, Engineering