IT Risk and Compliance Analyst w/ ITIL

Strategic Staffing Solutions has an immediate hybrid contract to hire opportunity for an IT Risk and Compliance Analyst with ITIL and CISA. This is a contract to hire opportunity in Tampa, FL.

Note-Must be local to Tampa, FL. No relocation assistance. No Corp. to Corp.

Certifications:

• ITIL Certification Required
• Audit (Certified Information Systems Auditor [CISA] or security-related (e.g., Certified Information Systems Security Professional [CISSP], Certified Information Security Manager [CISM]) certification.-Highly Preferred

Required:

• Minimum of 7 years experience in an IT, security and audit with other controls-based role.
• 3 years NERC CIP compliance program experience.
• 5 years' experience maintaining an expert level knowledge of IT governance frameworks and compliance standards including NERC CIP, SOX, PCI DSS, DFARS, COBIT, NIST Cyber Security Framework, DHS TSA Pipelines Security Guidelines.
• Broad technical knowledge (e.g., infrastructure, security, change management, SDLC); capability to zero in on essential information.
• Broad utility industry business understanding.
• Ability to reconcile conflicting information and lead groups to consensus.
• Ability to advise IT projects as they related to compliance.
• Project management capabilities. Ability to train large groups on IT regulatory requirements. High tolerance for stress and managing competing priorities.

5 years experience performing the below:

• Governance: Lead or participate in the implementation and administration of relevant compliance programs. Leads and incorporate new regulatory requirements and other compliance obligations into the TECO (TSI, TEC, PGS, NMG) compliance management systems. [20%]
• Risk Management: Monitor external compliance obligations; research, analyze and communicate potential impact to TECO affiliates. Work directly with business units, corporate areas and management in the development of industry comments and voting recommendations for relevant compliance obligations as needed (e.g., NERC CIP standards) and participate in development of standards by attending virtual committee meetings to inform the design and implementation of new requlatory requirements. Provide input to IT Compliance and Risk Roadmap and associated workplan to ensure the TECO affiliates are in compliance with IT requlatory, contractual, Emera existing and new standards. [20%]
• Policies and Procedures: Ensure integration of IT compliance obligations into IT, corporate and business policies, standards, procedures, and processes, including flow diagrams. Rapidly research, develop and maintain deep understanding of compliance obligations as well as our current IT&T, corporate, and business environments and serve as consultant/liaison with affected IT&T, corporate areas and business units to advise on potential impact and facilitate the evaluation, design and implementation of effective methodologies, procedures and controls to comply with new and existing regulatory requirements and other compliance obligations. Collaborate with project manager(s) to identify relevant project tasks and associated pre-requisites/dependencies, timing, and associated automation to ensure departmental procedures are developed, implemented, and integrated. [20%]
• Training and Communications: Provides training, guidance, industry insight and business liaision for staff/contractors to ensure quality results. Coordinates with Information Security to communicate results across areas of the business. Recommend external education and future training. [10%]
• Risk Controls & Monitoring: Identify and design methods of monitoring and sampling, including use of security tools. Able to meet project timeframes and communicate with all stakeholders to avoid problems. [10%]
• Reporting & Performance Management: Advise on and/or execute compliance concern investigations, performance analysis (e.g., metrics), and report on status of applicable compliance programs. [10%]
• Information Management: Investigates corporate readiness and designs plans for improving the cybersecurity baselines; work with cross-functional SMEs to design and implement methods to collect and/or automate compliance-related data. [10%]