Information Security Analyst - NERC/CIP Compliance (REMOTE)
Company: California ISO
Location: San Antonio
Posted on: June 25, 2022
The California Independent System Operator (ISO) manages the flow
of electricity across the high-voltage, long-distance power lines
that make up 80 percent of California's power grid. We safeguard
the economy and well-being of 30 million Californians by operating
the grid reliably 24/7.
As the impartial grid operator, the California ISO opens access to
the wholesale power market that is designed to diversify resources
and lower prices. It also grants equal access to 25,865
circuit-miles of power lines and reduces barriers to diverse
resources competing to bring power to customers.
The California ISO's function is often compared to that of air
traffic controllers. It would be grossly unfair for air traffic
controllers to represent one airline and profit from allowing that
company's planes to go through before others. In the same way, the
California ISO operates independently-managing the electron traffic
on a power grid we do not own-making sure electricity is safely
delivered to utilities and consumers on time and reliably.
The California ISO is committed to the health, safety, and
work/life integration of it employees and is proud to offer
flexible work arrangements. This position would be eligible to
participate in a fully remote schedule.
Under the general direction of the Manager, supports the
information security compliance requirements and company risk
tolerance to ensure a culture of information security compliance.
Supports the security, controls and lifecycle process to ensure
alignment and compliance with security policy and regulatory
compliance requirements. Assists in security compliance programs,
creating assessments, and tracks risk mitigation and remediation
What You Will Be Doing
- Maintains IT governance, risk and compliance (GRC) tool that
cross references standards against CAISO policies, procedures and
controls. Identifies gaps and helps develop CAISO specific
policies, procedures and controls that meet external requirements
and CAISO information security needs.
- Assists in the evaluation of compliance of all processes,
procedures, and standards applicable to the position including (but
not limited to): SSAE18 (Statement on Standards for Attestation
Engagements No. 16), NERC CIP (Critical Infrastructure Protection),
and ISO 27000 series (Information Security Management Systems
(ISMS) standards as defined by the International Organization for
Standardization), NIST Cyber Security Framework (CSF).
- Ensures consistent compliance with applicable requirements,
supporting the requirement owners with identification and proactive
collection of evidence for audits. Supports requirement owners with
remedies to findings.
- Collects evidence for quarterly NERC CIP Compliance and SSAE18
reviews. Leverages GRC tool for collection.
- Maintains schedules, reports, and materials for
compliance-related activities pertaining to IT and other
- Maintains tracking tools and reports for compliance measures.
Assists in preparation of reports and briefs explaining standards
issues and compliance status.
- Supports the team in benchmarking existing and planned IT
- May identify trends and predict future issues to effectively
implement courses of action.
Level of Education and Discipline:
A Bachelor's degree (BA, BS) or equivalent education, training or
experience in Computer Science, Engineering, or related technical
field. Master Degree preferred.
Amount Of Experience
Equivalent years of education and training, plus two (2) or more
years related experience.
CISSP, CISA or equivalent professional certifications desired.
Type Of Experience
Experience in an Information Security corporate environment.
Experience in IT Audit, IT Risk, system administration, network and
application security concepts. Experience with NERC Reliability
Standards including NERC CIP. Direct experience or exposure to the
following technologies: Windows, Linux, or other UNIX operating
systems, SSO, LDAP, Java, XML, Enterprise Directory or Active
Directory Domain Administration. Familiarity following Governance
and Access Control models required. Experience with IT GRC
(Governance, Risk and Compliance) tools such as Archer or
Experience In One Or More Of The Following Areas
- One or more directories, including Active Directory, IBM
Directory Server, and SunONE Directory Server, Novell e-Directory,
Open LDAP, or CA Directory
- Audit management and internal audit standards.
- Process control design and testing methods
- Risk Management methodologies and tools
- Business Continuity and Disaster Recovery methodologies
- Governance frameworks including ISO27000, NIST-800, and/or
- Compliance Standards including NERC-CIP, SSAE-16, SOX, HIPPA,
- In depth knowledge of regulatory compliance requirements and
risk management. Ability to solve business problems through
- Experience in a cross platform environment.
Additional Skills And Abilities
Must be able to work effectively in a team environment as
facilitator and team member. Excellent analytical, verbal and
written communication and documentation skills required, with a
demonstrated attention to detail. Excellent planning and
organizational skills. Ability to use deductive reasoning and
analytical thinking with sound judgment and decision-making skills.
Strong interpersonal and conflict resolution skills are also
essential. Must be self-starting and willing and able to work
independently in a dynamic corporate organization under pressure of
tight deadlines and aggressive expectations. Self-motivated,
problem solving skills and the ability to influence others without
- We will also consider this position at the Senior level, which
requires A Bachelor's degree (BA, BS) or equivalent years of
education, training, or Computer Science, Engineering or related
technical field, plus five (5) or more years related
All your information will be kept confidential according to EEO
Keywords: California ISO, San Antonio , Information Security Analyst - NERC/CIP Compliance (REMOTE), Professions , San Antonio, Texas
Didn't find what you're looking for? Search again!