Compliance Analyst

Overall, 5 years’ experience in Information Technology with knowledge of Windows, Linux, VMware operating systems.

Key skills

• 3-5 years of Compliance or Cyber security
• 1-3 years’ experience in NERC CIP Compliance
• 1-3 years’ experience in Utilities domain
• 1-3 years’ experience in scripting python, Perl, power shell, etc
• 1-3 years’ experience in security tools like Splunk, tenable, Industrial Defender, etc

Description

• Provide subject matter expertise for Security and Compliance requirements of SCADA systems during Project Design and Implementation phase and evaluation of POC results.
• Technical feasibility exception (TFE) preparation and submittal; compliance evidence gathering, quality verification, packaging, and storage. Cyber assets classification and validation.
• Assess risk of security vulnerabilities, patches for servers and workstations, and assess the applicability and risk of newly discovered vulnerabilities. Liaise with System Administrators to remediate risk. Ensure Electronic/physical security controls adherence, and system security administration.
• Perform in depth analysis of technical solutions and implement to resolve technical issues and ensure
  security and compliance requirements are met.
• Perform periodic (annual, quarterly, monthly, weekly, daily) compliance activities as required.
• Experience in asset configuration management and familiar with basic change management process.
• Experience in system security event monitoring and ability to review and identify abnormal events.
• Ability to work independently and in a team environment, including identifying project needs, prioritizing multiple projects, and following through all assignments.
• Provide timely updates on tasks and meet internal and client deadlines with high quality deliverable Excellent communication and interpersonal skills

Skills:

• Bachelor’s Degree in Computer Science, Information Systems, Engineering, or related technical major.
• Five (5) years of experience in Information Technology field performing complex analysis, consulting, and providing recommendations.
• Three (3) years of combined hands-on experience in one or more of the following areas:
  Experience with NERC Critical Infrastructure Protection standards V6.
  Experience with UNIX scripting/LINUX and Windows Operating Systems.
  Experience with PowerShell, Python Scripting, and understanding of the OSI/TCP IP Model.
  Three (3) years of experience with Process design (Workflow, Visio, documentation, templates).
  Three (3) years of experience with Office Suite – (Microsoft Word, Excel, PowerPoint, and Project).
  Experience working within a SCADA/ Industrial Control System environment.
  Experience or working knowledge of Splunk or Tenable.
  CISA, CISM or CISSP.

Note: Security is the key requirement, however they would expect the candidate to understand the NIST framework and their controls, few listed below

• Access Management
• Configuration Management
• Patch management
• Vulnerability scanning
• Logging and Monitorin