Associate Information Security Analyst - Compliance (Hybrid)

About The Position

Requirements

• A Bachelor's degree (BA, BS) in Computer Science, Information Technology, Management of Information Systems, or related technical field required.
• This is an entry-level position, no experience required.
• Coursework or experience in any of the following areas is desirable: IT related fields, NERC CIP compliance, reviewing and preparing compliance related requests, information systems and network security administration, communications protocols, methodologies and standards related to information security, access control systems, or encryption.
• Working knowledge of application systems, network architecture, multiple platforms including Unix and Windows OS, and knowledge of up-to-date information security technologies including firewalls, real-time intrusion detection and related applications is a plus.
• Demonstrates the ability to work effectively in a team environment as a facilitator and team member.
• Ability to provide practical and feasible solutions to problems, keeping multiple conflicting considerations into account.
• Strong interpersonal, communication, and writing skills required.
• Strong analytical skills are required, including the ability to effectively communicate complex technical materials and concepts in a non-technical manner.
• Must be able to handle a dynamic and changing work environment, and work independently.
• Strong computer skills in Microsoft Office Suite.
• Self-motivated, problem solving skills and the ability to influence others without direct authority.

Nice To Haves

• CISSP, CCNA, and/or Unix Certification helpful.
• Knowledge or experience in the energy sector, with FERC, NERC, or CIP standards, or security practices, such as NIST and ISO is helpful.

Responsibilities

• Responsible for tracking and supporting mitigation efforts for non-CIP issues and provides reporting to management.
• Logs issues reported to the Information Security Compliance team and participates in the preliminary review for completeness of data.
• Assists with assignment of issues to appropriate team members, tracks issues in database, supports the collection of information and evidence from the liaison, and assists corporate compliance with closing the issue.
• Learns to administer and maintain the Centric GRC tool for the info sec compliance team, including how to create and assign tasks, collect evidence, manage reports and KPI.
• Provides support and assists liaisons with evidence collection and corporate compliance with pulling needed historical compliance information.
• Tracks and participates in reviewing evidence for annual self-certification and NERC, WECC or AAS audits.
• Learns the policies, procedures and standards the team is responsible for and assists the corporate policy team with maintaining and routing required compliance documents for review.
• Provides information to SMEs and technical teams on info sec compliance processes and procedures and refers to manager or senior team members as appropriate.
• Assists manager with tracking and assigning non-PMO projects to liaisons for assessment.
• Participates and supports SMEs with collecting additional details for their review and assessment.
• Collaborates as needed with IT architecture to incorporate feedback into assessments.

Benefits

• The California ISO is committed to the health, safety, and work/life integration of its employees, and is proud to offer flexible work arrangements.
• Relocation assistance is available.