The IT Compliance Services department is responsible for the oversight and coordination of all vulnerability management, password security, compliance-related functions and budget management responsibilities for hardware and software maintenance contracts for the Information Technology & Services (ITS) division. The IT Compliance Services Analyst plays a key role in carrying out this responsibility by providing leadership in the areas of information security, compliance, governance and process execution. The Analyst is responsible for ensuring the optimal balance between the requirements of password security, compliance and operational feasibility. The vulnerability management, password security, compliance and budget management responsibilities of the department will be executed within the framework developed and maintained by the IT Compliance Services Manager and team in order to ensure consistent application of related processes and requirements across the ITS organization. The Analyst is responsible for developing and maintaining the processes, reporting and communications for assigned areas within the department. The IT Compliance Services Analyst provides technical assistance and mentoring to stakeholders in the completion of complex processes. In this role, the Analyst provides oversight and guidance to ensure hardware and software maintenance contracts under ITS management are budgeted for and renewed appropriately and that software licenses are tracked and compliance is maintained. The Analyst may be asked to ensure cyber assets maintain the required level of password security standards, auditable CIP compliance controls and configurations. Additionally, the IT Compliance Services Analyst is called upon to serve as the lead for various projects, process ownership and initiatives related to the functions and responsibilities of the IT Compliance Services Department, as required. In order to effectively perform these responsibilities, the IT Compliance Services Analyst must have effective communication skills, a proficiency in developing effective processes, a strong understanding of information password security fundamentals and principles, a deep understanding of the NERC CIP and SOC-1 compliance requirements and audit processes, budget management and accounting principles and a broad understanding of all areas of information technology. They must be able to identify preventative and corrective actions and understand audit quality evidence standards.
Because of COVID-19 this position will be temporarily working from home until a return to campus plan is finalized.
Essential Functions:
Oversee the vendor license compliance audits for the ITS Division
Lead the process design and execution for the hardware and software maintenance contract renewals
Execute the process to manage the software license compliance monitoring for third party server software
Manage the FlexNet Manager tool configuration to enable tracking of server license and software deployments
Track and manage the >$22M budget planning and reforecasting processes for maintenance, support and subscription contracts covering all hardware and software in the PJM environment
Manage the hardware and software renewal contract process with the owning managers, Procurement and Finance
Develop and present budget reports for division goal tracking
Responsible for preparation and/or review and sign-off on remediation activities as defined as a result of vendor audits, internal audits and compliance findings
Support initiatives for capacity planning and coordination of software license management across the ITS division
Responsible for preparation and/or review and sign-off on proposed management responses to Internal Audit findings
Represent ITS Compliance Services on work management and process design efforts within ITS
Work closely with IT Compliance Services manager to develop effective strategies and processes to support the evolution of password security and compliance practices within ITS
As required, lead the creation, modification and implementation of ITS control activities to ensure compliance with new versions of the NERC CIP standards
As required, lead role in audits by Regional Entities for those compliance requirements owned by ITS
As required, lead the team in delivering against mitigation plan milestones and security control inspection and testing.
Provide technical guidance and support to IT Compliance Services Analysts as appropriate and in conjunction with the manager
Responsible for actively identifying opportunities for communication and training for ITS staff
Participate in and/or provide oversight in security assessments conducted by IT Compliance Services Analysts
Characteristics and Qualifications: Required
Bachelor's degree in Computer Engineering, Computer Science, Information Systems
At least 4 years of experience with MS-Excel data management and advanced techniques for managing large amounts of data OR security controls and overseeing compliance to externally defined standards such as NERC CIP, SOC-1, SOX 404, or HIPAA
At least 5 years of experience Experience using Flexera FlexNet Manager
Ability to produce high-quality work products with attention to detail
Ability to communicate effectively in a team environment
Experience in quantitative and qualitative analysis
Experience using verbal and written communications skills
Ability to use Microsoft Office Suite (MS-Word, MS-Excel and MS-PowerPoint)
Preferred:
MBA degree in Business Administration
At least 4 years of experience Understanding of relevant accounting and finance principle and practices at PJM
Experience with PJM operations, markets, and planning functions