At Dominion Energy we love our jobs. That’s right. Love. Every day we go to work filled with passion to be excellent, to creatively problem solve and to innovate. These are exciting days for energy companies, and Dominion Energy aims to shape the future of energy in America. We are looking at all of our work with fresh eyes, retooling everything we do, in every part of the company, to operate more sustainably and to deliver energy more reliably than ever. We are looking for interesting, independent thinkers and doers who can help shape the culture of a forward-looking company that’s proud of its rich legacy. Are you a change agent? Do you think differently? Do you want to fall in love with your job? If you answered “yes,” then read on!
At this time, Dominion Energy cannot transfer nor sponsor a work visa for this position.
This position does not offer relocation assistance.
Maintains the SOX and PCI/DSS cyber regulatory compliance program for processes, applications and systems across business units.
This role defines guidance for how compliance is achieved, provides governance and oversight to the entire program; can provide technical guidance or evaluation of technical procedures towards achieving compliance; reduces or eliminates audit findings through fact verification; implements changes and ensures compliance with all regulatory requirements. Can lead and participate in compliance-related projects requiring advanced knowledge of regulatory requirements as well as knowledge of appropriate security architecture, technology best practices and business area requirements, limitations and unique system implementations. Ensures effective compliance processes and procedures are implemented for systems and applications. Evaluates processes for failure points and implements controls to mitigate those potential failures. Completes compliance-related data requests, investigates failures or breakdowns in processes and develops plans for remediation or prevention of future incidents. Identifies opportunities for strengthening compliance controls proactively. Raises awareness of current and upcoming policies, regulations, and requirements, and develops solutions for compliance.
Typical daily responsibilities, include, but are not limited to:
• Monitoring and acting on the Daily Compliance Report for terminations and SOX changes that affect the systems maintained by Compliance • Monitoring and acting on the Daily Exception Reports for changes to non-end user accounts and servers in support of SOX activities • Monitoring and acting on past due Executive Dashboard tasks, when outstanding for inordinate periods of time • Interacting with internal auditors, external auditors, and IT SOX teams to oversee information provided in support of SOX and internal audits • Coordinating and consulting with Accounting Controls to assist business area development and implementation of IT-related controls that reside within operations, SOX scope identification, and key control coverage • Maintaining job aids for IT SOX teams and internal procedures for the Cyber Security – Compliance function • Educating and advising IT SOX teams on internal control, application to SOX, and roles and responsibilities to support SOX and internal audits • Coordinating meetings between internal and external auditors and IT SOX teams
5 to 7 years of cyber or IT audit, compliance, or technology experience. IT SOX experience is highly preferred. Experience and understanding of Cyber regulatory standards and requirements. (Note: A Master's degree will count as one year of experience. A partial year of experience of six months or more will be rounded up to one year).
Previous experience creating and updating cyber & human performance controls for compliance requirements. Experience working with internal and external auditing firms. Experience in writing procedures and policies. Experienced translating procedures into operational steps. Root cause analysis understanding and/or training. Human performance failure analysis training and/or understanding. Understands IT Technology and Business Technology as required to successfully design and implement a compliance program. Understands current security architecture best practices. Understands current cyber security best practices. Possesses the drive to independently learn and become an expert in the evolving regulatory landscape and how that maps to an evolving DE IT and business technology landscape.
The company is actively seeking United States military veterans and service members who meet the qualifications outlined below.
Military service members and veterans with ranks from E5-E9, W1-CW5, or O3-O6, plus appropriate equivalent combination of education and years of experience as outlined above.
Degree or an equivalent combination of education and demonstrated related experience may be accepted in lieu of preferred level of education: Bachelor
Disciplines: Preferred: Computer Science; Information Systems; Information Systems Security; Information Technology; Auditing
Other disciplines may be substituted for the preferred discipline(s) listed above.
Certifications such as a CISA are preferred but not required.
Additional Salary Information: Salary is commiserate with experience
About Dominion Energy
We operate in 16 states, offering safe, clean, reliable and affordable energy to nearly 7 million customers. Headquartered in Richmond, VA, we invest in communities where we live and work, and protect our natural resources.
Our goal is to shape the future of energy in America.