Associate Information Security Analyst - Compliance (Hybrid)

Company Description

The California Independent System Operator (ISO) manages the flow of electricity across the high-voltage, long-distance power lines that make up 80 percent of California's power grid. We safeguard the economy and well-being of 30 million Californians by operating the grid reliably 24/7.

As the impartial grid operator, the California ISO opens access to the wholesale power market that is designed to diversify resources and lower prices. It also grants equal access to 25,865 circuit-miles of power lines and reduces barriers to diverse resources competing to bring power to customers.

The California ISO's function is often compared to that of air traffic controllers. It would be grossly unfair for air traffic controllers to represent one airline and profit from allowing that company's planes to go through before others. In the same way, the California ISO operates independently—managing the electron traffic on a power grid we do not own—making sure electricity is safely delivered to utilities and consumers on time and reliably.

The California ISO is committed to the health, safety, and work/life integration of its employees, and is proud to offer flexible work arrangements. This position would be eligible to participate in a hybrid work capacity,

Relocation assistance is available.

Job Description

Under the close supervision of the Manager, develops the skills, knowledge and ability to support the information security compliance program and ensure compliance with industry and company standards and objectives. Supports and participates in assessments of security risks related to vendors, new technology and new products. Learns from and assists subject matter experts (SMEs) in evaluating and improving internal controls. Supports team with compliance assessments for NERC CIP standards and ISO information security requirements. Administers and maintains the GRC tool, including creation of tasks, alignment with controls, and evidence collection. Learns to administer the compliance issue reporting process and supports issues through the process life cycle.

What You Will Be Doing:

• Responsible for tracking and supporting mitigation efforts for non-CIP issues and provides reporting to management. Logs issues reported to the Information Security Compliance team and participates in the preliminary review for completeness of data. Assists with assignment of issues to appropriate team members, tracks issues in database, supports the collection of information and evidence from the liaison, and assists corporate compliance with closing the issue.
• Learns to administer and maintain the Centric GRC tool for the info sec compliance team, including how to create and assign tasks, collect evidence, manage reports and KPI. Provides support and assists liaisons with evidence collection and corporate compliance with pulling needed historical compliance information.
• Tracks and participates in reviewing evidence for annual self-certification and NERC, WECC or AAS audits.
• Learns the policies, procedures and standards the team is responsible for and assists the corporate policy team with maintaining and routing required compliance documents for review. Provides information to SMEs and technical teams on info sec compliance processes and procedures and refers to manager or senior team members as appropriate.
• Assists manager with tracking and assigning non-PMO projects to liaisons for assessment. Participates and supports SMEs with collecting additional details for their review and assessment. Collaborates as needed with IT architecture to incorporate feedback into assessments.

Qualifications

Level of Education and Discipline:

A Bachelor's degree (BA, BS) in Computer Science, Information Technology, Management of Information Systems, or related technical field required.

Amount of Experience:

This is an entry-level position, no experience required.

Certifications:

CISSP, CCNA, and/or Unix Certification helpful.

Type of Experience:

Coursework or experience in any of the following areas is desirable: IT related fields, NERC CIP compliance, reviewing and preparing compliance related requests, information systems and network security administration, communications protocols, methodologies and standards related to information security, access control systems, or encryption. Working knowledge of application systems, network architecture, multiple platforms including Unix and Windows OS, and knowledge of up-to-date information security technologies including firewalls, real-time intrusion detection and related applications is a plus. Knowledge or experience in the energy sector, with FERC, NERC, or CIP standards, or security practices, such as NIST and ISO is helpful.

Additional Skills and Abilities:

Demonstrates the ability to work effectively in a team environment as a facilitator and team member. Ability to provide practical and feasible solutions to problems, keeping multiple conflicting considerations into account. Strong interpersonal, communication, and writing skills required. Strong analytical skills are required, including the ability to effectively communicate complex technical materials and concepts in a non-technical manner. Must be able to handle a dynamic and changing work environment, and work independently. Strong computer skills in Microsoft Office Suite. Self-motivated, problem solving skills and the ability to influence others without direct authority.

Additional Information

The pay range for the Associate Information Security Analyst - Compliance is $37.83 - $52.96 hourly.

All your information will be kept confidential according to EEO guidelines.