Description
Job ID 6854BR
Position Purpose
Assist with developing and implementing LG&E and KU Energy LLC and Subsidiaries' (Company's) policies, procedures, and programs to maintain and demonstrate compliance with NERC Critical Infrastructure Protection (CIP) reliability standards for the IT department. The position actively participates in NERC CIP compliance and audit preparation, including participating as a subject matter expert (SME) as necessary during audits.
This position will be filled at the appropriate level given the candidate's education and experience.
Required Education & Experience
- Bachelor's degree and a minimum of two years of experience in IT with emphasis in Cyber Security, networking, systems engineering, or application security, or an equivalent combination of education and experience on a year-for-year basis, is required.
- Must effectively deal with the rapid technological and business change while maintaining enthusiasm and displaying sound judgment and common sense.
Preferred Qualifications
- A successful academic or work background indicating a demonstrated ability to absorb information, apply conceptual skills in practical applications, and achieve desired results in a highly technical, operating environment.
- Excellent presentation, written and verbal communication skills.
- Strong analytical and problem-solving background; good project management skills with ability to multitask and manage multiple small projects in a cross-functional environment.
- Experience in any of the following areas is preferred: NERC CIP Compliance, Cyber Security, IT Systems Architecture, IT Systems Engineering, IT Auditing.
- Skills in effectively adapting to rapidly changing technology and ability to apply it to business needs and to merge multiple tools together to solve problems. Strong analytical and problem-solving background; good project management skills with ability to multitask and manage multiple small projects in a cross-functional environment.
Job Description
- Assists in developing and maintaining an integrated program to protect the integrity, confidentiality and availability of the company's information resources on a corporate-wide basis.
- Assists in developing information protection procedures and guidelines to support various aspects of the company's information security program.
- Assists operational departments to develop and maintain written documentation of plans, programs, procedures, and other evidence necessary to comply with the requirements and measures of the NERC CIP Standards.
- Participates in regulatory audits, spot-checks, and self-certifications including mock audits. Assist in preparing for compliance audits conducted by NERC/SERC. Responsibilities include developing Reliability Standard Audit Worksheets (RSAWs) and compiling supporting evidentiary documentation.
- Provides on-going consulting assistance in addressing security issues and in implementing security policies, procedures and measures, including serving as a SME for a defined set of NERC CIP standards.
- Assists in identifying security risks and exposures by participating in security reviews, evaluations and risk assessments.
- Assists in designing and developing security and control measures to address identified risks.
- Works effectively as part of the Information Security & Risk Management team under the direction of more senior team members to address the teams' objectives and priorities.
- Assists in determining 'reasonableness' of policies requested by resource owners.
- Defines, develops and communicates process for implementing new policies.
- Provide analysis of security exposures and opportunities on multiple platforms, including UNIX, Internet/Intranet, Windows, network firewalls and security servers.
- Identifies unauthorized changes to authentication and authorization systems and notifies Manager of Security & Risk Management. Review computer logs and messages to identify and report on possible violations of security.
- Coordinates, documents and reports on internal investigations of possible security violations.
- Assists with the design, implementation and administration of security solutions in a distributed systems environment.
- Identifies and prioritizes issues and provide strong customer service.
- All other duties and projects as assigned.
Work Conditions
Normal office environment.
Physical Effort
Primarily sitting with optional standing and walking. General mobility; some travel required.
Contact
Louisville Gas and Electric Company and Kentucky Utilities Company
220 W Main St
Louisville
Kentucky États-Unis
lge-ku.com/
From the same category : information technology (it)
