IT Principal - Risk and Compliance

Job Summary

The IT Principal – Risk and Compliance is a leadership role responsible for the successful development and implementation of plans related to internal policy, process, controls, documentation and training pertaining to cybersecurity risk and compliance as well as supporting related compliance tools.

Job Responsibilities

• Support the management of priorities for compliance activities, develop, implement and maintain processes to sustain compliance for regulatory standards.
• Perform and advise on risk assessment techniques, change management, incident reporting and response planning.
• Support the enterprise cyber risk strategy to identify and classify risks, define appropriate tolerances, prioritize mitigation activities, and measure risk levels.
• Advise leadership of potential impact to governance/risk/compliance requirements; participate in the development of future standards and requirements in collaboration with industry peers.
• Review enterprise-wide cybersecurity policies and minimum standards in line with business objectives, laws, and regulations; oversee metrics and exception management process for cybersecurity policies, tools and architecture.
• Manage enterprise-wide cybersecurity awareness training program to drive desired security behaviors across WEC.
• Support NERC CIP audit for application controls, present as subject matter expert before auditors, provide day to day support of the NERC CIP compliance program and compliance control processes and tools.
• Provide work direction, guidance and mentoring to project teams, employees, contractors, and student specialists.
• A base of both technical and business knowledge is necessary for success. This work will be conducted in a strong team environment that is committed to client service.

Minimum Qualifications

• Bachelor's Degree
• 8 years in an information systems support role and experience in an occupation requiring project leadership with a wide range of experiences.
• Strong technical understanding of application development practices and strong analytical skills.
• This position requires unescorted access to certain critical cyber assets which would require applicants to satisfy all Company and NERC Critical Infrastructure Protection Standard 004 security requirements, which includes a background investigation.

Preferred Qualifications

• Bachelor's Degree in Computer Science or Information Systems/Technology
• Strong and proven ability to influence peers on cybersecurity matters
• Strong knowledge of current and emerging cybersecurity risks
• Proven ability to develop talent and assemble a highly effective team
• Knowledge in cybersecurity program structure, processes and current cybersecurity trends/issues
• Familiarity with compliance and regulations relating to IT risk management, compliance and cybersecurity
• Threat and Vulnerability Analysis and Management
• Data/Network/Application security
• Change and configuration management experience
• Cybersecurity technologies