Apply online at www.aecc.com
Manager – Security Compliance Program
Little Rock, AR, USA
IT Security and Compliance / Full Time
Arkansas Electric Cooperative Corporation (AECC) is an organization with a rich history and a bright future. As a leader in the energy industry we look to our employees to help us grow, change, and provide power to over 500,000 members of our 17 electric distribution cooperatives.
A Manager of Security Program Compliance manages and coordinates the implementation, administration, and maintenance of AECC's compliance program for cyber and physical security, which includes but is not limited to the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance obligations. In this position, you will be given the opportunity to work alongside peers who are versatile, enthusiastic, and continuing to strive to push AECC and our mission forward.
· Manages and administers the compliance activities and corresponding processes detailed in AECC's NERC Compliance Plan, as those activities and processes apply to the NERC CIP Reliability Standards and other CIP compliance activities, including but not limited to monitoring, reviewing, and assessing new and existing CIP regulations to understand their impact on AECC.
· Documents and tracks resolution of CIP compliance issues and risks. Facilitates AECC's compliance reporting, including without limitation, self-certification, self-reporting and data submittals, for security compliance obligations to ensure all reporting requirements are met.
· Develops, analyzes and enhances metrics that tracks AECC's performance in meeting its CIP compliance obligations; develops and delivers CIP compliance training to AECC employees; serves as AECC's liaison for CIP audits, mock audits, investigations, and mitigation plans; and participates in new NERC CIP Standard interpretation, and/or standards-under-development activities.
· Works collaboratively with the AECC's subject matter experts and functional area management to ensure that AECC maintains a security program that complies with all applicable laws, rules and regulations related to cyber and physical security, including AECC's NERC CIP, HIPAA and PCI DSS compliance obligations.
· Develops and maintains effective collaborative relationships, communication, and contact with internal staff as well as applicable external parties, i.e., applicable regulatory personnel.
· Participate in technical discussions that may have compliance-related impacts and provides guidance and recommendations as appropriate.
· Evaluate AECC's existing security processes and procedures, suggests improvements, and works collaboratively with AECC's subject matter experts and functional area management to identify and implement process improvement, including but not limited to identifying automation and process integration opportunities, automating repetitive compliance activities, and standardizing compliance processes and tools.
· Bachelor's degree in Computer Science, Mathematics, Computer Systems Engineering or related field, plus at least ten (10) years of experience in leading IT-related projects or teams, with at least five (5) of those years of experience being in cyber security and NERC CIP regulatory standards. An equivalent combination of education and experience may be considered.
· Certified Information Systems Auditor (CISA) Certificate
· Certified Information Systems Security Professional (CISSP) Certificate
· 2 Retirement Plan Options
· Vacation and sick leave accruals
· 9 Paid holidays
· Educational and training assistance
· Free confidential Employee Assistance Program
· Health, Dental and Vision Insurance
· Long-term disability
· Short-term disability
Ready to begin your career with AECC? Apply online at www.aecc.com!
Should you elect to apply for this position, AECC/AECI will review your qualifications. If after reviewing the qualifications and experience of all applicants, your skills and credentials meet our needs, someone from our organization may contact you. Please be advised that the time required to complete the applicant review process typically takes between 30 and 90 days, but could extend beyond that. Once the position has been filled, all applicants will be notified via email.
Arkansas Electric Cooperative Corporation and Arkansas Electric Cooperatives, Inc. are Equal Opportunity Workplace and an Affirmative Action Employers. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, age or any other protected category.