Business Systems Analyst

DESCRIPTION:
The NERC Critical Infrastructure Protection (CIP) IT Senior Analyst is responsible for performing activities relating to designing, building, testing, implementing and maintaining solutions, products and processes under the guidance of a Lead Analyst or Manager to evaluate the regional entity's adherence to the NERC CIP Rules of Procedure (Requirements), Compliance Monitoring and Enforcement Program, specifically as it pertains to the NERC CIP security standards. This includes maintaining compliance for version 3 and projects focus to implement version 5 and beyond. Potential travel.

PRIMARY DUTIES AND ACCOUNTABILITIES:

- Be the Subject Matter Expert (SME) for assigned compliance requirements and solutions.
- Represent IT and Business as the SME during all activities including activity execution and project planning.
- Perform, document and assist in executing work activities relating to projects, sub-projects, or processes.
- Participate as SME in activities to analyze requirements, design, build, and test IT software solutions in accordance with IT project management standards.
- Enhance, maintain or support existing IT products, processes and procedures to the defined service level agreement.
- Maintain and enhance engagement with business and IT partners and other stakeholders including internal and external audit.
- Seek to understand business needs and identify solutions.
- Assist less experienced personnel.
- Proactively build business/IT knowledge to provide solutions.
- Utilize best practices to improve products and services.
- Apply and verify compliance to standards as defined within the NERC CIP Management Model.
- Draw on experience with compliance to regulatory requirements (NERC CIP, SOX or other) and/or IT auditing processes to execute ongoing NERC-CIP compliance activities.
- Track, enforce and execute recurring compliance tasks as required in relation to:
- Cyber Asset Inventory Management,
- Access Control & Management (Physical, Electronic and Information)
- Change Control and Configuration Management
- Cyber Vulnerability Assessments
- Systems Security Management (Testing, Baseline Ports & Services, Patching, Malware Prevention, Account Management, Cyber Asset Disposal/Redeployment)
- Incident Response Planning (Work with IT security)
- Recovery Plans, Exercises, Backup, and Restore

SKILLS:

SKILLS/QUALIFICATIONS:

- Bachelor's degree in Computer Science or related discipline and typically 3 to 5 years in related experience.
- Ability to manage and solve complex problems.
- Ability to work independently.
- Ability to work with geographically dispersed project teams.
- Excellent communications skills (written and verbal).
- Requires knowledge of best practices for securing IT systems like Windows, Unix/Linux, Oracle, Networking, Applications and Scripting
- Experience with different operating systems and general knowledge of IT networking and security to assist in the ongoing development, execution, and improvement of NERC CIP compliance monitoring and enforcement of program policies, procedures, and regulatory requirements
- Knowledge of regulatory compliance in an IT environment.