Oglethorpe Power Corporation logo
Company Name:
Approximate Salary:
Not Specified
Location:
Tucker, Georgia
Country:
United States
Industry:
Information Technology - System Security
Position type:
Full Time
Experience level:
2 - 5 years
Education level:
Bachelor's Degree
ID
200730
Job Title:
Cyber Security & Regulatory Compliance Auditor

Cyber Security & Regulatory Compliance Auditor

 

Description

Georgia System Operations Corporation, located in Tucker, Georgia, has an excellent opportunity for an auditor with cyber security auditing experience.  The successful candidate will be hired at an appropriate level based on experience as described below.

Auditor: The Cyber Security & Regulatory Compliance Auditor will work in a team environment in coordination with the Georgia System Operations, Georgia Transmission and Oglethorpe Power Corporation (Family of Companies) regulatory compliance functions and the IT internal audit function to conduct internal controls testing,  compliance monitoring and provide consulting support to the Family of Companies.  The primary function is to provide assurance that cyber security risks are mitigated and ensure on-going compliance with North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) reliability standards. 

This position is responsible for testing the design and effectiveness of internal controls developed to mitigate cyber security, information technology and NERC CIP risks, assessing the accuracy and timeliness of NERC CIP compliance evidence, working collaboratively with management and key stakeholders to develop action plans necessary for improvements, and monitoring completion of action plans developed.  This position will also prepare and issue reports to senior management that provide summary conclusions on audit objectives and detailed action plans developed for improvement. 

Sr. Auditor: The Sr. Cyber Security & Regulatory Compliance Auditor will work in a team environment in coordination with the Family of Companies compliance functions and the IT audit function to plan, coordinate, schedule, conduct and/or lead audits of internal controls, compliance monitoring and provide consulting support to the Family of Companies to provide assurance that cyber security risks are mitigated and ensure on-going compliance with NERC CIP reliability standards.

This position leads audit teams and/or independently conducts testing of the design and effectiveness of internal controls developed to mitigate cyber security, information technology and NERC CIP risks, assess accuracy and timeliness of NERC CIP compliance evidence, work collaboratively with management and key stakeholders to develop action plans necessary for improvements, and monitor completion of action plans developed.

This position will also prepare and issue audit reports to senior management that provide summary conclusions on audit objectives and detailed action plans developed for improvement.  The incumbent will act as a subject matter expert, solve complex problems work independently and identify solutions for improvements. 

Principal Auditor:  The Principal Cyber Security & Regulatory Compliance Auditor will work in a team environment in coordination with the Family of Companies regulatory compliance functions and the IT audit function to plan, coordinate, schedule, conduct and/or lead audits of internal controls, compliance monitoring and provide consulting support to the Family of Companies to provide assurance that cyber security risks are mitigated and ensure on-going compliance with NERC CIP reliability standards.  This position will perform the same duties as the Sr. Auditor position above at a more in-depth and advanced level, provides expertise in risk assessment and information technology and may serve in an advisory role to improve risk assessments, internal controls and strategic goals.

Education: Bachelor’s Degree in Information Technology, Cyber Security, Engineering, Accounting, or related field from accredited institution. Advanced degree desirable. 

Experience: 

Auditor: 3+ years’ experience in information technology, cyber security, internal control design and effectiveness testing and compliance evidence monitoring; with one to two years’ experience in the utility industry and/or working knowledge of NERC CIP Standards is highly desirable. 

Sr. Auditor: 5+ years’ experience in in information technology, cyber security, internal control design and effectiveness testing and compliance evidence monitoring; three to five years' experience in the utility industry and/or working knowledge of NERC CIP Standards is highly desirable.

Principal Auditor:  8+ years auditing experience in information technology, cyber security, internal control design and effectiveness and compliance evidence monitoring; 5+ years’ experience in the utility industry and/or working knowledge of NERC CIP Standards is highly desirable.

Equivalent Experience: If education requirement is not met, then an additional 6 years of experience as described above will be required.

Licenses/Certifications: Certified Information Systems Auditor (CISA), Certified Risk & Information Systems Control (CRISC), Certified Information Security Manager (CISM) and/or Certified Information Security Professional (CISP) strongly desired; or other auditing related designations such as Certified Public Accountant (CPA), Certified Internal Auditor (CIA) with strong working knowledge of information systems and cyber security practices and internal controls.

Specialized Skills:

  • Microsoft Office (Word, Excel, Outlook, PowerPoint, and SharePoint) proficiency required.
  • Working knowledge of internal auditing professional standards; information systems and cyber security practices, and internal control frameworks.
  • Strong verbal and written communication skills; ability to establish and maintain effective working relationships; work collaboratively with all levels of the organization and external auditors; discuss business risks, audit results and develop agreed upon action plans.
  • Strong commitment to on-going quality assurance and improvement; ability to manage multiple projects and meet deadlines. 

 

Apply for this job

Options

More Jobs Like This