Southern Company Cyber Compliance Coordinator (CIP) - Birmingham, AL in Birmingham, Alabama
Cyber Compliance Coordinator (CIP) - Birmingham, AL
Cyber Compliance Coordinator (CIP)
Southern Company Operations Compliance
This position will be located at APC Headquarters in Birmingham, AL
The position exists to provide staff support to the NERC Critical Infrastructure Protection (CIP) Cyber Compliance Assurance Manager responsible for developing and executing effective compliance assurance programs to achieve and maintain compliance and otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with federal regulatory standards and related Southern Company policies. The position also exists to ensure that Southern Company Operations Compliance Programs are consistent and coordinated with Southern Company and subsidiary Compliance Programs.
General position responsibilities fall into three primary categories: Program Management, Monitoring & Enforcement, and Liaison. Specific responsibilities include, but are not limited to:
Program Management - Performance of Corporate Compliance responsibilities associated with the overall Southern Company Operations Compliance Program including, but are not limited to:
Documenting and executing Operation's overall compliance program in conformance with the Southern Company Compliance Governance Model, including the identification of any areas that require improvement.
Executing the Operations Compliance Program for the CIP Cyber Security Standards including self-assessments, formal documentation of policies and procedures, and coordination with subject matter experts and operating company personnel to prepare for compliance filings.
Leading periodic cross-functional reviews of new regulatory standards, interpretations, and guidance documents; collecting, editing, revising, and submitting comments on behalf of Southern Company and subsidiaries.
Developing and maintaining compliance related documentation including policies, procedures, risk assessments, and audit evidence.
Monitoring and Enforcement
Monitoring compliance and cyber related initiatives within the utility industry and from the Federal Energy Regulatory Commission (FERC), the North American Electric Reliability Corporation (NERC) and its Regional Entities (for example, SERC), the U.S. Department of Homeland Security (DHS), and the U.S. Department of Energy (DOE).
Supporting preparations for CIP Cyber Security Standards audits, Technical Feasibility Exceptions, and other compliance activities as required.
Leading efforts to work with stakeholders to identify and remediate areas of potential non-compliance, and drafting associated self-reports and mitigation plans that are consistent with compliance, reliability, and safety goals; tracking compliance with any plans filed with regulators.
Representing Operations Compliance as part of the CIP Governance Framework and providing leadership by serving the organization as a Subject Matter Expert on the CIP Cyber Security Standards.
Directly supporting the development and maintenance of the CIP Cyber Security Policy and CIP Procedures Manual by working with stakeholders to ensure documentation is up to date and effectively communicated.
Supporting compliance with the CIP Cyber Security Standards and their revisions by coordinating the consistent and repeatable cross-functional implementation of corporate efforts, projects, processes and technical solutions across various business units and affiliate Operating Companies.
Developing, delivering, and tracking completion of compliance-related training for employees, contractors, and management.
Bachelor's degree required.
Certified Information System Security Professional (CISSP), Certified Information System Auditor (CISA), Systems Security Certified Practitioner (SSCP), or Certified Authorization Professional (CAP) accreditation preferred.
3 years Operations experience in Generation, Transmission, or similar preferred.
3 years Cyber Security or Information Technology experience applying cyber security standards (e.g. CIP Cyber Security Standards) preferred.
Experience leading team or organizational efforts to comply with regulatory requirements.
Experience identifying opportunities for process efficiencies and implementing process improvements.
Experience developing and maintaining compliance related documentation including policies, procedures, risk assessments, and audit evidence.
Experience developing technical documentation including process related charts, flow-charts, estimates, spreadsheets, business cases, and evidentiary documentation to support regulatory compliance filings and requests for information.
Experience developing and delivering communications that address cyber security, physical security, and compliance related topics to a cross-functional audience.
Experience with cyber and/or physical security practices and layered defenses.
Experience implementing and managing compliance processes related to electronic and/or physical access control and credentialing.
Knowledge, Skills, and Abilities:
Strong oral and written communication, evaluation, presentation, analytical skills, and attention to detail are required to be successful in this role.
Technical proficiency with advanced cyber security concepts in the areas of access control, telecommunications and networking, information systems architecture and design, database management, applications development, vulnerability assessment and remediation, or incident and disaster recovery is strongly desired.
Thorough understanding of energy regulation laws and standards and of company policies and corporate governance processes designed to ensure compliance with energy sector laws and regulations.
Ability to design and execute compliance monitoring programs, interpret control frameworks and regulations, identify and prioritize risks, and assist in the design of programs and internal controls to effectively manage compliance risks.
Ability to manage multiple projects and demonstrate effective project management skills including planning, organizing, and directing.
Ability to design and deliver compliance-related training programs on behalf of management.
Strong interpersonal skills to effectively communicate, consult, and build effective working partnerships with business unit stakeholders.
Proficiency with information systems applications, including MS Office applications (Word, PowerPoint (presentations), Excel, Project, Outlook) as well as the ability to quickly learn other compliance-related software applications (e.g., Cool Compliance).
Demonstrate Southern Company Values – Safety First, Unquestionable Trust, Superior Performance, and Total Commitment.
Continual learner, team player, flexible/adaptable, committed to diversity, positive attitude and open to change, able to overcome obstacles to making progress towards objectives, interested in learning and applying new technology.
This position can require some travel – approximately 25% per year.
This will include some overnight travel
Relocation assistance is available if the selected candidate currently resides outside the area.
Please submit an updated resume with your application.
Excellent benefits packages which includes:
Medical and dental coverage
Defined Benefit Pension plan
401(k) plan with a generous company match
Southern Company at http://www.southerncompany.com/ (NYSE: SO at http://investor.southerncompany.com/stockquote.cfm ) is America’s premier energy company, with 44,000 megawatts of generating capacity and 1,500 billion cubic feet of combined natural gas consumption and throughput volume serving 9 million electric and gas utility customers through its subsidiaries. The company provides clean, safe, reliable and affordable energy through electric utilities in four states, natural gas distribution utilities in seven states, a competitive generation company serving wholesale customers across America and a national recognized provider of customized energy solutions, as well as fiber optics and wireless communications. Southern Company brands are known for excellent customer service, high reliability and affordable prices that are below the national average. Through an industry-leading commitment to innovation, Southern Company and its subsidiaries are inventing America’s energy future by developing the full portfolio of energy resources, including carbon-free nuclear, 21st century coal, natural gas, renewables and energy efficiency, and creating new products and services for the benefit of customers. Southern Company has been named by the U.S. Department of Defense and G.I. Jobs magazine as a top military employer, recognized among the Top 50 Companies for Diversity by DiversityInc, listed by Black Enterprise magazine as one of the 40 Best Companies for Diversity and designated a Top Employer for Hispanics by Hispanic Network. The company has earned a National Award of Nuclear Science and History from the National Atomic Museum Foundation for its leadership and commitment to nuclear development and is continually ranked among the top utilities in Fortune’s annual World's Most Admired Electric and Gas Utility rankings. Visit our website at www.southerncompany.com at http://www.southerncompany.com/ .
Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.
Job Field: Legal & Compliance
Job Type: Standard
Primary Location: Alabama-Metro Birmingham/Eastern AL-Birmingham
Operating Company: Southern Company Services
Job Type: Standard
Travel (Up to...): Yes, 25 % of the Time
APC Corporate Headquarters - 600 North 18th Street (600BIRMINGHAM)
600 North 18th Street
Req ID: SCS2006753