IT Compliance Analyst

2018-08-11
National Grid (https:\\careers.nationalgridus.com)
Other

/yr

  full-time   employee


Ayer
Massachusetts
United States

Description
Job Purpose:

National Grid recognized as a leader in theUtilities and Energy industry, is offering excellent career and growth opportunities.Our High Voltage DC (HVDC) site is currently looking for an IS Systems Analyst whowill have responsibility in designing and executing IS functions. Thisindividual will help meet NERC CIP compliance strategies and processes thatwill achieve and maintain mandated NERC CIP cyber security regulations andsupport HVDC Mission Critical IS requirements

KeyAccountabilities:

As an IS Systems Analyst, you willsupport the overall operation of National Grid's mission criticalinfrastructure for HVDC Operations. You will support IS infrastructure for HVDCSystem Control and Monitoring functions. You will participate as a project technicalresource to establish standards, content, and procedures for documentation inaccordance with company and industry best practices for real time and HVDCtransmission system applications. You will update and create documentation as acontributor to NERC CIP compliance deliverables as a subject matter expert.
Position Responsibilities (includingbut not limited to:
Establishes new server/system environments as needed, including designing and completing system installation, as well as defining, documenting, and enforcing system standards.
Active Directory administration (Group Policy planning and implementation)
Install and configure server hardware and operating systems. Manage various infrastructure systems and applications including Microsoft Active Directory, Windows Server, SQL Server, SharePoint (site access), and Antivirus updates.
Optimize system performance by monitoring, troubleshooting issues, and scheduling upgrades to maintain a secure and reliable environment.
Secures mission critical systems by establishing and enforcing security policies, as well as monitoring access.
Implement changes to production, development, stage and test environments to allow required application access.
Ensure that configuration and change management processes are documented accurately
Respond to major incidents as part of a team.
Interact with engineering and operations groups both within and external to the organization to resolve issues by troubleshooting and utilizing creative problem solving skills
Reviews and develops cost/benefit analysis as needed.
·Periodically interface withinternal and external auditors to support compliance activities.
Ability to work both independently as well as in a team environment.
Updates job knowledge and stays aware of security risks and industry trends by participating in educational opportunities, reading professional publications, and participating in professional organizations.
It is a requirement that supporting the real-time operation will include participation in an on-call rotation providing 7x24 hour support (not shift work).

Qualifications
Knowledge & Experience Required:
Bachelor's degree in Computer Science/Engineering and/or 5+ years of relevant experience.
Understanding of LAN/WAN networking concepts, topologies and protocols.
Competency with network/systems security and information security concepts and technologies.
Working knowledge of Windows/Active Directory.
Working knowledge of network firewalls and switches
Must possess strong writing, verbal communication and documentation skills and the ability to achieve and communicate with a sense of urgency.
Ability to develop long-range program plans, set goals/objectives, and prioritize.
Strong troubleshooting & problem solving skills.
Familiarity with thefollowing is desirable:
Experience with National Grid?s Change Control Procedures, Industrial Defender, Tripwire or other asset management applications are all pluses.
Incident response
Patch management and offline patching techniques
Software tools such as nMap, WireShark, Nessus, Winaudit, and monitoring tools.
Windows desktop operating systems ? embedded OS a plus.
Linux operating systems
Risk/vulnerability assessment methodologies
Firewalls, intrusion detection sensors, switches, and devices
Information protection strategies
Programming in any scripting language, such as Power Shell or Visual Basic.
Disaster recovery planning and system backups
Identity and access management
System development life cycle implementation steps for transitioning to production
Best practices in securing critical IS infrastructures
Regulatory Compliance Standards (e.g. Sarbanes-Oxley, NERC-CIP, etc.)
Basic knowledge of powerstation operation is an advantage
Must possess strong writing, verbal communication anddocumentation skills and the ability to achieve and communicate with a sense ofurgency.
Ability to work with a variety of personnel and be conversant with bothtechnical and business-oriented personnel.
Ability to articulate how people, process and technology, collectively,are essential in establishing and executing a NERC CIP compliance strategy.
Competency with network security and information security concepts andtechnologies.
Ability tomeet pressured deadlines, time constraints and periodic requirements.
Demonstrated ability to develop long-rangeprogram plans, set goals and objectives, and decisions on program prioritiesand analyze program effectiveness.
Prior experience with control systemfunctions and protections a plus.
Familiarity with the following:
Incident management response
Risk assessment methodologies
Information protection (including information classification)
Disaster recovery planning
Change management and control
General industry process control security standards
Identity and access management
Intrusion detection and prevention
Secure network architecture
Draft Standards for version 5
The Standards of Good Practice for Information Security
Sarbanes-Oxley
Basic knowledge of the Distribution & Transmission Control Centers and Energy Management Systems is a plus.
QualificationsRequired:
Bachelor's degree in any discipline and at leastthree (3) years of experience working in implementing regulatory/industrysecurity standards and compliance

Job Dimensions:

This position will report to the Manager of HVDC Operations.

Periodic interface with Internal Audit will be required to support audit and compliance activities.

Other departments requiring periodic routine interaction:

Information Services Security
Information Services Network
3rd party Managed Service Provider
Other Compliance related departments within National Grid (especially in the US Electric Transmission business area).
US Electric field personnel

National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise.We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve.National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.
Job
:Trans Commercial
Primary Location
:MA-Ayer
Organisation
:Trans Commercial
Schedule
:Full-time
Job Posting
:Aug 10, 2018, 3:17:50 PM
Unposting Date
:Ongoing