Analyst III, Cybersecurity Compliance

Purpose

The Analyst III, Cybersecurity Compliance reports into the Manager, IT Security, Risk and Compliance and is responsible for IT and OT cybersecurity compliance requirements. 

#LI-Hybrid

Accountabilities

• Provide guidance and participate in audits and assessments and assist with risk management reviews and third-party assessments. 
• Work to ensure the confidentiality, integrity, and availability (CIA) of Liberty’s data and IT/OT systems is established
• Plan, execute and lead security and compliance audits across Liberty related to SOX, NERC, PCI, Data Protection and other compliance initiatives
• Highlight shortcomings in the operation of platform security and compliance processes ensuring they are appropriately addressed
• Use tools to coordinate efforts for IT/OT internal and external audits within Liberty e.g., Archer GRC, SailPoint IAM, ServiceNow
• Use existing Liberty policies and standards, and applicable industry regulations to plan, maintain, and operate compliance activities
• Develop, review, prepare and analyze compliance and assessment documents and make improvements where required
• Conduct periodic reviews/audits of IT/OT systems to insure adherence to current procedures and policies within Liberty
• Work with business units and IT/OT support staff to design remediation where deficiencies are identified
• Perform ad-hoc vulnerability assessments and develop related mitigation strategies
• Work with outside consultants as appropriate for independent security audits and/or testing
• Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards to validate maintenance of secure configurations.
• Map regulatory requirements and track enterprise compliance across multiple security frameworks including SOC 2, NIST and NERC and maintain up-to-date records of requirements and corresponding mitigating controls.
• Monitor third-party risk assessments and assist in performing internal risk assessments.
• Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle and provide any guidance from a security, risk, and compliance perspective
• Monitor Liberty’s change management process to ensure compliance.
• Develop key performance metrics to track and ensure compliance with established policies and standards.
• Support development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.
• Participate in the development of security, risk, compliance, and privacy awareness training in conjunction with other members of the Security Compliance group.
• Work with the other groups in the Cybersecurity team on knowledge sharing, updates and training when require.
• Report to IT Leadership on status of Cybersecurity Compliance initiatives.

Education and Experience

• University - Bachelor degree or equivalent
• 5+ years of cybersecurity compliance experience, Including experience in both IT and OT cybersecurity compliance 
• Certified Information Systems Auditor (CISA) and/or Certified in Risk and Information Systems Control (CRISC) and/or Certified Information Systems Security Professional (CISSP) strongly preferred. 
• Knowledge of and/or experience with maintaining Cybersecurity Compliance requirements in the Utility industry e.g., SOX, NERC, SOC Reporting 
• Experience with using tools and frameworks that help with maintaining Cybersecurity Compliance e.g., RSA Archer, SailPoint IAM, ServiceNow, NIST 800.53/CSF