The Regulatory Compliance & Cyber Security Compliance Auditor will work in a team environment in coordination with other Family of Companies (FOC) functions. These functions includes GTC Operations & Maintenance (O&M), Georgia System Operations (GSOC) Cyber Security Operations, GSOC NERC Compliance, GSOC Information Technology, and GSOC Audit & Consulting to conduct internal controls testing, perform compliance monitoring, and provide consulting support to GTC as it relates to cyber security risks and NERC Critical Infrastructure Protection Standards. The primary function of this position is to provide assurance that cyber security and other reliability risks are appropriately identified and mitigated and to ensure on-going compliance with CIP and O&M reliability standards. This position will provide expertise in risk assessment and information technology and may serve in an advisory role to improve risk assessments, internal controls, and strategic goals.
Education: Bachelor's Degree in Accounting, Information Technology, Cyber Security, Engineering, or related field from accredited institution. Advanced degree desirable.
Experience: Eight (8) plus years’ auditing experience in information technology, cyber security, internal control design and effectiveness and compliance evidence monitoring; with five (5) plus years’ experience in the utility industry and/or working knowledge of NERC CIP Standards is highly desirable.
Equivalent Experience: If education requirement is not met, an additional Six (6) years' of experience as described above will be required.
Licenses, Certifications and/or Registrations: Certified Information Systems Auditor (CISA), Certified Risk & Information Systems Control (CRISC), Certified Information Security Manager (CISM) and/or Certified Information Security Professional (CISP) desired; or other auditing related designations such as Certified Public Accountant (CPA), Certified Internal Auditor (CIA) with strong working knowledge of information systems and cyber security practices and internal controls.
Specialized Skills (e.g., typing, computers, software, tools and equipment uses, etc.): Microsoft Office (Word, Excel, Outlook, PowerPoint, and SharePoint) proficiency required. Working knowledge of internal auditing professional standards; information systems and cyber security practices, and internal control frameworks. Strong verbal and written communication skills; ability to establish and maintain effective working relationships; work collaboratively with all levels of the organization and external auditors; discuss business risks, audit results and develop agreed upon action plans. Strong commitment to on-going quality assurance and improvement; ability to manage multiple projects and meet deadlines.