The Information Technology (IT) Information Security Governance Risk and Compliance (GRC) Analyst II s under the direction of the Information Security Manager to assess and enhance the CoServ working environment by establishing a system of governance, evaluating existing and future risk, and validating compliance to Information Security (Cyber Security) standards and policies.
Primary Position Responsibilities
Develops security and security-related governance (e.g., policies, standards, and processes) as required.
Crosswalks security governance leveraging multiple security compliance frameworks and regulations to ensure holistic governance strategy.
Collaborates with IT leaders and teams to ensure enterprise support, awareness, and supportability.
Periodically reviews and updates CoServ security governance documents and training materials to ensure they remain current and relevant.
Stays informed of changes to security best practices, standards, and regulatory requirements (e.g., OWASP Top Ten, NIST, ISO 27001, HIPPA, and PCI) and ensures programs and processes are being updated accordingly.
Consistently reviews and continuously improves security governance and processes.
Defines a risk assessment and management methodology for technology and security risks that aligns to CoServ’s risk tolerance.
Conducts comprehensive risk assessments, security-related control assessments, and compliance audits to identify technology and security program risks.
Executes a technology and security risk management program which includes risk identification, root cause analysis, assignment of ownership, collaborative creation of risk remediation plans, tracking of progress, closure, and reporting.
Performs technology and security risk assessment and management processes for projects and vendor/contract relationships.
Develops and reports appropriate metrics on the current CoServ Information Security landscape through (or by) understanding business, technology, and security requirements.
Enhances, maintains, and monitors an effective security awareness and training program that aligns with organizational goals and industry best practices, and helps ensure reduction of organizational risk to security-related challenges (e.g., phishing).
Complies with established CoServ safety and operating rules, procedures and guidelines including reporting unsafe practices to a supervisor.
Complies with established CoServ Information Security Handbook, policies, procedures, and guidelines including reporting suspected information security incidents to Tech Support.
Secondary Position Responsibilities
Possesses a high-level understanding of Regulatory Requirements and Information Security Frameworks and responds to efforts to meet CoServ Information Security obligations.
Collaborates with the incident response team to provide guidance and support during data security incidents, breaches, or data leaks.
Collaborates with subject matter experts to incorporate the latest security trends and threats into training content including ensuring that employees are aware of and adhere to information security policies and procedures.
Performs other duties and activities as directed.
Supervisory Responsibilities
None
Education and Certifications Required
High School Diploma or G.E.D equivalency.
Bachelor’s Degree in IT, Information Security, Risk Management, or equivalent work experience.
Education and Certifications Preferred
One or more of the following certifications: ISC2 CISSP, GIAC GSEC, ISACA CRISC or comparable certifications.
Experience Required
5 years progressive experience within the Energy or Utility Industry in IT, Information Security, or GRC.
Working experience within a GRC program leveraging an established security-related framework to establish and maintain governance, identify and manage risks, and assess and audit compliance.
Operational familiarity with governance structure, theory, methodologies, and practical and operational implications and applications.
Experience Preferred
8+ combined years progressive experience in IT, Information Security, and GRC.
3+ years' experience in Information Security within the Energy or Utility Industry.
Working experience managing a GRC program leveraging an established security framework such as NIST-CSF, ISO27001, C2M2, or CMMC.
Working experience with IT/OT Risk, Vendor and Supply Chain Risk, and Project Security Risk management.
Experience as an IT or Information Security tech writer of policies, standards, procedures and controls.
Skills and Abilities Required
An analyst mindset with the ability to analyze large bodies of data for key findings and themes, create story-telling metrics and messages, and communicate results effectively.
Familiarity and knowledge of fundamental security/ IT concepts (e.g., retention, data classification, change management, access control, asset management, third party risk).
Ability to work independently in a fast-paced environment, manage multiple projects and tasks.
Ability to effectively communicate security requirements to technical and non-technical members across the business.
Strong organizational skills with the ability to manage multiple tasks and projects while demonstrating prioritization and decision-making skills to not miss deadlines or drop assignments.
Strong written, grammar, composition, and verbal skills, including the ability to translate complex or technical information into concepts that are easily understood and actionable.
Skills and Abilities Preferred
Experience with GRC tools.
Experience with reporting tools such as PowerBI.
Excellent briefing skills.
Physical Requirements
Operates office equipment such as a computer, telephone, fax machine, copier, etc.
Indoor, office environment.
Ability to lift a minimum of 25 pounds.
Ability to drive occasionally as needed.
Ability to sit for long periods of time.
Requires frequent sitting, standing, walking, bending, and reaching.
Other Requirements
Must have and maintain a valid Texas driver's license.
Must have reliable home high-speed Internet service for situations where remote work is necessary.
Works extended hours as needed or directed.
Must be able to respond to security incidents during off hours as needed.
CoServ is an electric and gas distribution company serving North Texas since 1937. Doing business as CoServ Electric since 1998, we now have over 9,800 miles of electric infrastructure serving more than 300,000 meters across Denton, Collin, Cooke, Grayson, Tarrant and Wise counties. Our natural gas affiliate, CoServ Gas, was established in 1998 and serves more than 125,000 gas meters in Denton, Collin and Kaufman counties.
North Texas is growing, and so is CoServ. We value innovative and dedicated Employees and are committed to providing them with a stable work environment filled with opportunities to learn and grow. Guided by our Core Values—Respect, Accountability, Integrity, Service, Excellence and Safety—we serve each other as we serve our Members and Customers. We offer a wide variety of careers—from Customer Care Representatives and Billing Clerks to Linemen and Engineers. CoServ is a company you can believe in.