Sign upLog in
JobsJobs in North CarolinaJobs in Charlotte, NCManagement Jobs

Program Manager - Energy Services Government Oversight

Recruiting Engine (MLS)

Charlotte, NC

Apply
JOB DETAILS
SKILLS
Analysis Skills, Architectural Analysis, Auditing, Benchmarking, Budget Management, CISA - Certified Information Systems Auditor, CISSP - Certified Information Systems Security Professional, Change Management, Cloud Computing, Communication Skills, Computer Security, Concept of Operations (CONOPS), Consulting, Corrective Action, Data Collection, Data Processing, Defense Federal Acquisition Regulations Supplement (DFARS), Documentation, Energy Management, External Audit, Government, Identify Issues, Industry Standards, Information Technology & Information Systems, Information Technology/Systems Audit, Information/Data Security (InfoSec), Insurance Documentation, Internal Audit, Internet Security, Leadership, Maintain Compliance, Mathematical Modeling, Network Operations Center, Onboarding, Operations Processes, Outsourcing, PCI, Performance Analysis, Performance Metrics, Performance Reviews, Policy Development, Presentation/Verbal Skills, Problem Solving Skills, Process Improvement, Project/Program Management, Regulations, Regulatory Compliance, Requirements Management, Requirements Validation/Verification, Risk, Risk Analysis, Risk Management, Risk Management Framework (RMF), Secondary School, Security Architecture, Security Compliance, Statistical Modeling, Strategic Planning, Supply Chain, Supply Chain Management, Sustainability, System Lifecycle, Technical Research, Technical Support, Trend Analysis, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Evaluation
LOCATION
Charlotte, NC
POSTED
11 days ago
Third level of the Cybersecurity Governance & Risk Analyst classification hierarchy. Employees at this level solve more complex problems, in multiple areas of specialization, with general supervision. Responsibilities * Develop interpretations of Federal Compliance Programs (i.e. NERC CIP, TSA, DFARS) using a variety of inputs such as regulatory guidance and industry benchmarking to produce unambiguous descriptions of compliance obligations for internal stakeholders to use as guidance for implementation * Develop modifications to the Federal Compliance Programs for cybersecurity policy that are triggered by: new and/or changing Compliance Requirements, newly published guidance from regulators, and by internal requests for improvements * Prepare evidence and review reports on the results of internal reviews of compliance evidence, including categorization of findings and recommendations to be addressed * Perform Evidence Reviews * Support implementations of technologies to augment Duke Energy"s Federal Compliance Programs to drive consistency, efficiency, and sustainability in the pursuit of both compliance and operational goals * Perform internal consulting with business area personnel to ensure that they understand, plan for, and implement compliance requirements * Perform training, change management, and communication support for ongoing compliance activities * Influence and improve awareness of new compliance requirements development through industry and regulatory interaction * Demonstrates working knowledge of IT/OT and Cybersecurity policy, standards, processes, controls and functional areas, in relation to the NIST framework and other industry accepted standards: * Competent in the use of IT/OT and Cybersecurity tools, procedures, and research capabilities * Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure they provide the intended level of protection. * Perform or assist in security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in risk mitigation strategy. * Perform, assist in and/or analyze cyber defense trend reporting * Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation * Assist in the assessment of the effectiveness of security controls * Collaborate with Cybersecurity leadership and architects to make sure security technologies, processes, and people align with Duke"s strategic plan and budget * Influence Duke"s security standards, security baselines, performance metrics, plan, and initiate periodic performance reviews for the cybersecurity architecture and assessment team and vendors * Communicates with customers to understand compliance requirements * Communicates problems and resolutions to manager and/or customers * Provides input on process improvements to IT/OT compliance program * Communicate compliance information in a clear and concise manner

Required/Basic Qualifications * Bachelors degree in Cybersecurity or Other Related Degree * 5 years related work experience * In lieu of Bachelors degree(s) AND 5 year(s) related work experience listed above, High School/GED AND 9 year(s) related work experience Desired Qualifications * Masters degree in Cybersecurity * In addition to desired degree, 5 years related work experience * CISA and/or CISSP Additional Preferred Qualifications * Experience in Cybersecurity, preferably with risk identification and management, audit and compliance, policy development and maintenance, evaluation of control requirements, security and related industry regulatory issues * Knowledge in validating the organization against policies/guidelines/procedures/regulations/laws to ensure compliance * Knowledge in reviewing service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up * Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products. * Expert knowledge of Cybersecurity frameworks such as NIST * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). * Skill in developing security compliance processes and/or audits for external services (e.g., cloud service providers, data center) * Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risks * Works directly with customers, external contractors, and vendors to ensure project goals are met and/or issues are escalated, classified and documented properly * Interface with internal and external auditors for risk assessment * Validate minimum security requirements are being followed according to Cybersecurity standards * Review or conduct audits of information technology (IT) programs and projects * Able to work effectively with defined direction * Demonstrated ability to work independently with supervisory review and direction * Demonstrated excellent listening and communication skills; able to present complex information in an understandable manner both verbal and written to peer levels within the organization and multiple levels within the organization as well as regulatory entities and other utility representatives * Demonstrated ability to absorb change and continue with positive results * Exhibits confidence and a proper level of assertiveness when needed; displays maturity in approach and ability to effectively handle stress and frustration * Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. * Skill in conducting audits or reviews of technical systems. * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). * Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. * Knowledge of Personally Identifiable Information (PII) data security standards. * Knowledge of Payment Card Industry (PCI) data security standards. * Skill in performing impact/risk assessments. * Skill in processing collected data for follow-on analysis. * Provide input to the Risk Management Framework process activities and related documentation (e.g. system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). * Review authorization and assurance documents to confirm the level of risk is within acceptable limits for each software application, system, and network. * Provide input to the Risk Management Framework process activities and related documentation (e.g. system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). * Review authorization and assurance documents to confirm the level of risk is within acceptable limits for each software application, system, and network. * Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. * Skill in conducting audits or reviews of technical systems. * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). * Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. * Knowledge of Personally Identifiable Information (PII) data security standards. * Knowledge of Payment Card Industry (PCI) data security standards. * Skill in performing impact/risk assessments. * Skill in processing collected data for follow-on analysis. * Demonstrates good listening skills and puts forth the effort to understand others points of view. Has the ability to manage confidential information with a high degree of integrity. Responds well to supervisors, is easy to challenge and develop, and is easily coachable. Able to work effectively with defined direction * Perform cyber defense trend analysis and reporting. * Skill in creating and utilizing mathematical or statistical models. * Research current technology to understand capabilities of required system or network. * Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures. Working Conditions * Hybrid Mobility Classification ? Work will be performed from both remote and onsite locations after the onboarding period.

About the Company

R

Recruiting Engine (MLS)

Similar Job Searches

Area Director Jobs in Charlotte, NCArea Manager Jobs in Charlotte, NCArea Supervisor Jobs in Charlotte, NCAssistant Director Jobs in Charlotte, NCAssistant General Manager Jobs in Charlotte, NCAssistant Manager Jobs in Charlotte, NCAssistant Supervisor Jobs in Charlotte, NCClub Manager Jobs in Charlotte, NCDepartment Manager Jobs in Charlotte, NCDepartment Supervisor Jobs in Charlotte, NC