Job Description:

The IT Compliance Services department is responsible for the oversight and coordination of all vulnerability management, password security, compliance-related functions and budget management responsibilities for hardware and software maintenance contracts for the Information Technology & Services (ITS) division. The IT Compliance Services Analyst plays a key role in carrying out this responsibility by providing leadership in the areas of information security, compliance, governance and process execution. The Analyst is responsible for ensuring the optimal balance between the requirements of password security, compliance and operational feasibility.
The vulnerability management, password security, compliance and budget management responsibilities of the department will be executed within the framework developed and maintained by the IT Compliance Services Manager and team in order to ensure consistent application of related processes and requirements across the ITS organization. The Analyst is responsible for developing and maintaining the processes, reporting and communications for assigned areas within the department.
The IT Compliance Services Analyst provides technical assistance and mentoring to stakeholders in the completion of complex processes. In this role, the Analyst provides oversight and guidance to ensure hardware and software maintenance contracts under ITS management are budgeted for and renewed appropriately and that software licenses are tracked and compliance is maintained. The Analyst may be asked to ensure cyber assets maintain the required level of password security standards, auditable CIP compliance controls and configurations. Additionally, the IT Compliance Services Analyst is called upon to serve as the lead for various projects, process ownership and initiatives related to the functions and responsibilities of the IT Compliance Services Department, as required.
In order to effectively perform these responsibilities, the IT Compliance Services Analyst must have effective communication skills, a proficiency in developing effective processes, a strong understanding of information password security fundamentals and principles, a deep understanding of the NERC CIP and SOC-1 compliance requirements and audit processes, budget management and accounting principles and a broad understanding of all areas of information technology. They must be able to identify preventative and corrective actions and understand audit quality evidence standards.

Because of COVID-19 this position will be temporarily working from home until a return to campus plan is finalized.

Essential Functions:

• Oversee the vendor license compliance audits for the ITS Division




• Lead the process design and execution for the hardware and software maintenance contract renewals




• Execute the process to manage the software license compliance monitoring for third party server software




• Manage the FlexNet Manager tool configuration to enable tracking of server license and software deployments




• Track and manage the >$22M budget planning and reforecasting processes for maintenance, support and subscription contracts covering all hardware and software in the PJM environment




• Manage the hardware and software renewal contract process with the owning managers, Procurement and Finance




• Develop and present budget reports for division goal tracking




• Responsible for preparation and/or review and sign-off on remediation activities as defined as a result of vendor audits, internal audits and compliance findings




• Support initiatives for capacity planning and coordination of software license management across the ITS division




• Responsible for preparation and/or review and sign-off on proposed management responses to Internal Audit findings




• Represent ITS Compliance Services on work management and process design efforts within ITS




• Work closely with IT Compliance Services manager to develop effective strategies and processes to support the evolution of password security and compliance practices within ITS




• As required, lead the creation, modification and implementation of ITS control activities to ensure compliance with new versions of the NERC CIP standards




• As required, lead role in audits by Regional Entities for those compliance requirements owned by ITS




• As required, lead the team in delivering against mitigation plan milestones and security control inspection and testing.




• Provide technical guidance and support to IT Compliance Services Analysts as appropriate and in conjunction with the manager




• Responsible for actively identifying opportunities for communication and training for ITS staff




• Participate in and/or provide oversight in security assessments conducted by IT Compliance Services Analysts

Characteristics and Qualifications:
Required

• Bachelor's degree in Computer Engineering, Computer Science, Information Systems




• At least 4 years of experience with MS-Excel data management and advanced techniques for managing large amounts of data OR security controls and overseeing compliance to externally defined standards such as NERC CIP, SOC-1, SOX 404, or HIPAA




• At least 5 years of experience Experience using Flexera FlexNet Manager




• Ability to produce high-quality work products with attention to detail




• Ability to communicate effectively in a team environment




• Experience in quantitative and qualitative analysis




• Experience using verbal and written communications skills




• Ability to use Microsoft Office Suite (MS-Word, MS-Excel and MS-PowerPoint)

Preferred:

• MBA degree in Business Administration




• At least 4 years of experience Understanding of relevant accounting and finance principle and practices at PJM




• Experience with PJM operations, markets, and planning functions




• Experience supporting any of PJM Committees