Information Security Compliance Analyst

Eagle Creek Renewable Energy, LLC

Badin, NC

JOB DETAILS
JOB TYPE
Full-time
SKILLS
Alternative Energy, Analysis Skills, Anti-Virus Software, CISA - Certified Information Systems Auditor, CISSP - Certified Information Systems Security Professional, Computer Security, Cross-Functional, Documentation, Electrical Utility, Encryption Software, Energy & Utilities, Firewalls, Gap Analysis, IT Requirements, Incident Response, Industry Standards, Information Technology & Information Systems, Information/Data Security (InfoSec), Internet Security, Intrusion Detection Systems, Leadership, Legal, Maintain Compliance, Metrics, Monitor Regulations, Network Monitoring, Network Security, Network Systems, Operational Support, Operations Security (OPSEC), Performance Metrics, Physical Security, Problem Solving Skills, Regulations, Regulatory Compliance, Regulatory Requirements, Reporting Skills, Risk, Risk Analysis, Risk Management, Security Analysis, Security Attacks, Security Compliance, Security Infrastructure, Security Monitoring, Status Reports, Team Player, Test Plan/Schedule, Testing, U.S. National Institute of Standards and Technology (NIST), Vehicle Fleets, Vulnerability Scanners, Writing Skills
LOCATION
Badin, NC
POSTED
Today
About the role: Eagle Creek Renewable Energy is seeking an experienced Information Security Compliance Analyst to join our team and help safeguard our organization's regulatory standing and the security of the critical generation assets across our fleet of hydropower facilities. The ideal candidate will have a strong background in monitoring network security, investigating breaches, and implementing strategies to maintain a secure environment in support of regulatory compliance, with the ability to translate complex requirements into clear, defensible, and well-documented controls. In addition, knowledge and experience with NERC CIP and NIST standards are essential for this role.

What You’ll Do:
  • Monitor networks for security breaches: Proactively monitor our organization's networks and systems to identify and respond to any security breaches or suspicious activities. Implement necessary measures to mitigate risks and ensure the integrity and confidentiality of our information. Conduct thorough investigations into security incidents, document findings, and create detailed reports for management. Collaborate with relevant teams to address identified vulnerabilities and recommend improvements to prevent future incidents.
  • Monitor regulatory change and perform gap analysis: Stay up to date with new and revised NERC standards, FERC orders, and relevant guidance, and assess their impact on our organization. Conduct gap analyses against current practice and translate regulatory change into actionable requirements for IT, security, and facility teams, tracking remediation to completion.
  • Develop and test internal controls and policies: Develop, maintain, and test internal controls and policies that demonstrate sustained compliance rather than point-in-time conformance.
  • Collaborate cross-functionally and report compliance status: Partner within IT and with operational technology and facility personnel to ensure controls are implemented, documented, and audit-ready. Produce compliance status reporting, metrics, and KPIs for leadership, and support incident reporting and recovery documentation requirements.
  • Support operational security and incident response: Support day-to-day security monitoring, vulnerability management, and the investigation of and response to security incidents, and help review proposed changes to systems and infrastructure for both security and compliance impact.
What Skills and Experience You’ll Need:
  • Education and Experience:
    • Bachelor’s degree in information security, information systems, business, engineering, or a related field, or equivalent experience.
    • Proven experience in regulatory compliance, audit, GRC, or internal controls, ideally in electric utility, energy, or another regulated or critical-infrastructure environment.
    • Working knowledge of the NERC CIP compliance lifecycle, including self-certification, self-reporting, mitigation, and audit.
  • Compliance and Regulatory Knowledge:
    • In-depth knowledge of security technologies, such as firewalls, intrusion detection systems, antivirus software, encryption methods, and vulnerability scanning tools.
    • Familiarity with industry security standards and frameworks, including NERC CIP and NIST.
  • Analytical Skills:
    • Excellent analytical and problem-solving abilities to translate regulatory requirements into practical, defensible controls.
    • Ability to assess complex, multi-site environments and identify compliance gaps and risks.
  • Communication and Collaboration:
    • Strong written communication and documentation discipline to produce audit-ready evidence and clear compliance reporting.
    • Ability to collaborate and work cross-functionally with teams such as IT, operational technology, physical security, legal, and management.
  • Certifications (preferred):
    • Certified Information Systems Security Professional (CISSP).
    • Certified Information Systems Auditor (CISA).
    • Certified in Risk and Information Systems Control (CRISC).
    • Global Industrial Cyber Security Professional (GICSP) or NERC CIP compliance training.

Powered by JazzHR

About the Company

E

Eagle Creek Renewable Energy, LLC