This position is located in our headquarters in Jackson, MI with required hybrid, in office working days of Monday, Tuesday, and Thursday in office. Leadership may reserve the right to change the required working days.
General Summary of Job Responsibilities
The Senior Principal Technical Compliance Analyst ensures transparency, due diligence, and deliberate actions regarding both cyber and physical security requirements to prevent life safety, financial, regulatory, and reputational harm to the company. This role involves managing compliance activities for various regulatory requirements, including NERC-CIP, PCI, FERC Hydro, TSA, API-1164, MARSEC, NRC, and SOX. Key responsibilities include designing and monitoring compliance controls, preparing for and participating in audits and assessments, managing small projects, problem-solving, and implementing root cause mitigations. The analyst ensures compliance with security requirements, facilitates the review of technical and non-technical requirements, and translates technical requirements for stakeholders. They establish effective working relationships with various stakeholders, including IT and OT, and engage with external regulators to ensure all requirements are met. Emphasis is placed on quality and continuous improvement in adherence to regulations and risk mitigation. The position requires strong critical thinking and analytical skills, the ability to work independently, and a commitment to quality and continuous improvement in regulatory adherence and risk mitigation.
Essential Duties and Responsibilities
- Provide project manager style support for compliance based projects by utilizing professional judgement for scope, budget, and timing. Able to create and maintain visual management and status updates that can be shared broadly with all levels of employees / leadership.
- Develop, implement, and sustain compliance programs for network and software systems to comply with requirements.
- Collaborate closely with IT, legal, and other departments to ensure comprehensive compliance coverage. Work with engineering and architecture teams to evaluate new security tools and platforms, ensuring they meet regulatory requirements, best practices, and company needs.
- Acts as the Security SME for regulatory reviews and audits, including NERC CIP, FERC Hydropower, and TSA Pipeline. Leverages deep compliance knowledge to advise on designing and implementing compliant solutions.
- Participate in operational reviews and other meetings to ensure all work is known and transparent. Discuss workload, deadlines, expectations, escalations, and barriers intelligently and effectively.
- Proficient and confident in engaging with auditors and representing the company. Capable of articulating our layered security approach clearly and concisely to both internal and external auditors.
- Leverage expertise to make informed decisions and solutions for current and incoming work, demonstrating clear, thoughtful approaches and situational awareness to all leadership levels. Regularly meet with stakeholders (Operational Technology, IT, regulatory analysts, Corporate Security, Internal Controls, etc.) to address compliance questions, ensuring decisions and action items are documented and executed. Exhibit subject matter mastery in all interactions.
- Other essential duties as assigned or may be necessary.
- Ownership of remediation analysis and activities, including reviewing solutions with required stakeholders (Operational Technology, IT, regulatory analysts, Corporate Security, etc.) to demonstrate that non-compliances have been remediated. Document results and review with relevant parties. Independently own and demonstrate broad thinking that considers matters across several departments, displaying professional judgment and decision-making. Additionally, own the review of potential non-compliances by investigating incidents, comparing actual occurrences to expected outcomes, and conducting conversations with key parties to determine the true nature and extended impact of incidents. Document results and review with relevant parties.
- Provide backup support as team lead when necessary and build consensus on what direction the team should follow and to mentor/train others. Utilize critical thinking and ability to present ideas well to all levels of personnel, including executive directors, directors, sr. managers, etc.
Knowledge/Skills/Abilities
- Leadership-type capabilities
- Technical skills required relating to cyber and physical security technologies
- Strong communicator with peers, regulators, and legislators, demonstrating excellent interpersonal, presentation, and listening skills
- Conducting and receiving audits, interacting with auditors and managing remediation plans
- Ability to build relationships through integrity and trust
- Knowledge in regulatory compliance including controls development, regulatory analysis, process development, audits, automation and technical capabilities
- Understanding of physical and cyber security terminology and concepts
Education / Experience
- Bachelor's Degree in IT, Cyber Security, Computer Science or Related Field with 10 years of experience in IT or Cyber Security OR
- Associates Degree in IT, Cyber Security, Computer Science or Related Field with 12 years of experience in IT or Cyber Security OR
- High School Diploma or GED with 14 years of experience in IT or Cyber Security
Consumers Energy
1 Energy Plz
Jackson
Michigan United States
www.consumersenergy.com
