TOC Cybersecurity Governance & Risk Analyst

Important Application Submission Information

Build an exciting, rewarding career with us - help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.

The Telecom Operations Compliance (TOC) team provides delivery, validation, and business area support throughout the lifecycle of commissioned Telecom cyber assets to support the NERC CIP and TSA compliance programs. The successful candidate will support the NERC Refresh Project and must possess or develop a strong understanding of North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) reliability standards, the Duke Energy IT503 Cybersecurity Program, and generate evidence required to demonstrate compliance with both.

Keen attention to detail, coupled with a continuous questioning attitude is essential. The individual is expected to be competent in the use of compliance concepts and procedures, and demonstrate critical thinking skills to identify problems, develop solutions, and take actions to carry out processes.

Responsibilities

• Demonstrates working knowledge of IT and Compliance policy, standards, processes, controls and functional areas

• Ability to recognize a possible compliance violation and take appropriate action to report the incident as required

• Support device cutover activities for the Telecom NERC Refresh Project

• Generate, review, and store the required compliance evidence

• Engage with project team to understand potential NERC CIP impacts and provide guidance to ensure compliance

• Effectively uses skills and experience to identify and improve processes to meet regulatory compliance requirements

• Ability to develop Ansible playbooks

• Demonstrates effective communication skills when presenting evidence to either internal or external audit teams

• Bachelor's degree in a related discipline

• In addition to required degree, two (2) years minimum of related work experience

• In lieu of Bachelor's degree AND two (2) years minimum of related work experience listed above, High School/GED AND six (6) years minimum related work experience

• Previous Duke Energy experience

• Excellent organization, communication, and interpersonal skills

• Strong team player with the ability to effectively manage multiple tasks and assignments

• Understanding of NERC Standards

• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)

• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy

• Demonstrates good listening skills and puts forth the effort to understand other points of view

• Has the ability to manage confidential information with a high degree of integrity

• Hybrid Mobility Classification - Work will be performed from both remote and onsite locations after the onboarding period. However, hybrid employees should live within a reasonable daily commute to a Duke Energy facility.

• 2+ years utility, cyber security, auditing, compliance, regulatory or related experience.

Travel Requirements

Privacy

Do Not Sell My Personal Information (CA)

Terms of Use

Accessibility