Compliance & Risk Analyst, Progression

Power up a career with us. Our people are our greatest investments. 

 

Be the light to help us keep our customers connected.  If you are interested in a career and not just a position, Tampa Electric is the place to be! Tampa Electric offers competitive pay, a comprehensive benefits package and opportunities for growth and development in a friendly and professional work environment. We embrace diversity and the inclusion of all. We believe our differences, unique perspectives and talents are our strengths and integral to the success of our company.

 

We’re honored to serve approximately 780,000 customers across West Central Florida and safely provide them with clean, affordable and reliable electricity. We’ve been doing it for more than 100 years, and there’s so much more ahead.  

 

Join our team of energy experts as we build on that legacy through innovation, continued solar investments, cost-effective and sustainable energy solutions all while keeping top-notch customer service at the center of all we do. 

 

Tampa Electric is a subsidiary of Emera Inc., a family of energy companies which also includes TECO Peoples Gas and New Mexico Gas Company. Emera provides energy to residential and commercial customers in the United States, Canada, and the Caribbean, with career opportunities available in all of these locations. 

 

 

TITLE:     Compliance & Risk Analyst, Progression
PERFORMANCE COACH:     IT Risk & Compliance Lead
COMPANY:    TECO
DEPARTMENT:     Information Technology & Telecommunciations:  Information Technology Quality Assurance & Compliance     

 

This position can be hired at any level within the Analyst job family, based on Education and Experience.

 

TITLE:  Compliance & Risk Analyst I

 

POSITION CONCEPT
Under general supervision, carries out procedures to ensure all information systems products and services meet IT&T organization standards and compliance obligations, including regulatory requirements, contractual requirements, and Emera requirements. Analyst is primarily responsible for the maintenance, training, assurance, monitoring and reporting of all IT standards and procedures, as well as IT&T related regulatory requirements for the TSI IT&T Department and individual business units as applicable.

 

PRIMARY DUTIES AND RESPONSIBILITIES (Each item should account for ≥10%).    
1.    Policies, standards, and processes: Analyzes best-in-class processes including IT Information Library (ITIL), National Institute of Standards and Technology (NIST) standards, and COBIT, and keeps current on all regulatory and compliance issues relating to Information Technology. Responsible for maintaining all IT standards, procedures and policies.  Maintains internal desk-level procedures.  [15%]
2.    Assurance and Information Management: Ensures that quality methods and procedures are executed by the IT department to stay in compliance with regulatory requirements, e.g., NERC Critical Infrastructure Protection (CIP), Sarbanes-Oxley (SOX), contractual requirements (e.g., Payment Card Industry (PCI) Data Security Standards (DSS), Defense Federal Acquisition Regulation System (DFARS) requirements, internal requirements, e.g., Emera, voluntary requirements, e.g. America Gas Association commitement to Department of Homeland Security (DHS) Transportation Safety Administration (TSA) Pipeline Security Guidelines, and customer requirements. Manages compliance related information and documentation consistent with retention requirements. Support collection, review and approval of compliance-related data. Facilitates and tracks deliverables for root cause analysis, compliance reporting, technical feasibility exceptions, and NERC Alerts.  [25%]
3.    Controls & Monitoring: Administers the IT Compliance Management Systems and Governance, Risk, and Compliance (GRC) tool(s). Collect and sample evidence to support demonstration of compliance. Escalates out of compliance items to senior management.  Participate in the implementation of technology-based tools (e.g. GRC) to support IT risk initiatives. Additionally, analyst adheres to company confidentiality and security requirements.  [20%]
4.    Reporting: Documents all quality problems and compliance issues, and assists in their resolution. Performs quality audits across various IT&T functions to ensure quality standards, procedures, and methodologies are being followed. Monitors and reports on exceptions, risks and exposures to IT senior management.  [20%]
5.    Training and Communications: Develops and delivers quality process training to technical staff and acts as an internal quality consultant to facilitate business or technical partners on the use of the IT standards and procedures.  [10%]
6.    Performance Management: Establishes and administers activities of performance analysis (e.g., metrics) within assigned area(s) of responsibility.  [10%]

 

SUPERVISION
Direct:      No direct reports.  Works under general supervision.

 

RELATIONSHIPS
Internal:     Directly accountable to the IT Quality Assurance and Compliance Director. Indirectly accountable to the Lead Compliance Analyst for day-to-day and project activities. Interacts with all levels of TSI IT&T selected individuals in TEC Energy Delivery, Energy Supply, Corporate Security, Facility Services, Human Resources, Emergency Management, Customer Experience, Regulatory Affairs, Audit Services, Corporate Accounting; PGS Compliance, Gas Operations; NMGC Compliance, Customer Service, Gas Operations; and Emera Compliance and Cyber Security.
External:     Analyst is responsible for building and maintaining external relationships with vendors, contractors, and external auditors. 

 

QUALIFICATIONS
Education
Required:     Bachelor’s degree in Computer Science, Information Systems or a related field with a minimum three (3) years of experience in an information technology, audit or utility business.
OR Associates Degree with a minimum five (5) years of experience in an information technology, audit or utility business
OR Valid high school diploma or GED with a minimum seven (7) years of experience in an information technology, audit or utility business may be considered in lieu of a 4 year degree
Preferred:     Two (2) years of direct IT Audit or Controls experience strongly preferred.  Four (4) year degree in Computer Science, Information Systems, or related information technology discipline strongly preferred.

Licensing/Certification
Required:     Expected to obtain Information Technology Infrastructure Library (ITIL) Certification within 6 months of employment in this position.
Preferred:     Current ITIL Certification.  Certified Information Systems Auditor (CISA) or related certifications.

Related Experience
Required:     Minimum of 3 years experience in an information technology, audit, or utility business environment is required. 
Preferred:     2 years IT experience, especially security or network technologies, IT audit.

Knowledge/Skills/Abilities
Required:    Excellent writing skills for creating IT-related compliance documents.  An extensive knowledge and understanding of IT regulatory standards and control frameworks.  Ability to apply regulatory requirements within all aspects of the IT Department.  Demonstrates the ability to work with all levels of team members throughout the company.  
Preferred:    Knowledge of Utility IT regulations.  Knowledge of Sharepoint document management and workflow.

 

TITLE: Compliance & Risk Analyst II

 

POSITION CONCEPT
Under general supervision, carries out procedures to ensure all information systems and services meet IT & T organization standards and compliance obligations, including regulatory requirements, contractual requirements, and Emera requirements. The Compliance & Risk Analyst II is primarily responsible for audit readiness, compliance issue investigation and reporting, compliance information management, and controls/monitoring for multiple stakeholder sets.  Advises to IT projects to ensure appropriate compliance posture.  Acts as subject matter expert for certain compliance obligations.

 

Primary DUTIES AND RESPONSIBILITIES (in addition to those of Compliance Analyst I)
1.    Responsible for one or more IT compliance programs (e.g., NERC CIP, PCI DSS, SOX, DFARS, Emera Cyber Security, DHS TSA Pipeline Security).  This includes facilitation of and tracking of deliverables for root cause analysis, violation reporting, technical feasibility exceptions, mitigation plan development, evidence reviews, external audit preparations, and NERC Alerts responses. Support the development of flow diagrams or other illustrations showing key steps associated with a given process or sub-process affected by applicable regulations and/or contract terms.  As needed, coordinates and facilitates technical feasibility exception audits, mitigation plan completion audits, and other audit spot checks with external auditors.  [30%]
2.    Policies & Procedures: Liaise with IT&T areas such as IT Security, IT Project Management Office, IT Infrastructure, Telecom, Access Adaministration, and affected corporate areas and business units to facilitate the evaluation, design and implementation of effective methodologies, procedures and controls to comply with new and existing regulatory requirements.  [25%]
3.    Controls & Monitoring: Provide independent assessment and assurance of the effectiveness and efficiency of the IT control environment. Administers and monitors the execution of TEC compliance program by sampling compliance deliverables for acceptable content and assessing risk. Utilize security tools to further sample content.   Participate in the implementation of technology-based tools (e.g. GRC) to support IT compliance and risk initiatives.  [20%]
4.    Responsible for one or more other areas within department as assigned  [25%]:
a.    As needed, provides updates to Business Strategy related to cybersecurity and impact of new legislation/regulatory requirements on TEC business operations. 
b.    Risk Management: Work with technology teams and business stakeholders in the design, implementation, and optimization of IT risk assessment practices. 
c.    Policies & Procedures: 
i.    Act as ruleset liaison for assigned areas of compliance. 
ii.    Act as ruleset Subject Matter Expert (SME) for 
1.    Information Protection Program and assigned CIP compliance related to BES Cyber System Information. 
2.    NERC CIP Awareness Program.
3.    NERC CIP Training Program.
4.    NERC CIP Security Management Controls.
d.    Training & Communication:
i.    Ensure mandatory training is conducted, tracked, and recorded.
ii.    Develop and facilitate compliance training for subject matter experts.
iii.    Develops and/or provides input into IT Security awareness program. 
e.    Performance Management: Develops and coordinates the assessment of cybersecurity awareness via phishing campaigns utilizing tool.

 

 SUPERVISION
Direct:      No direct reports.  Works under general supervision.
Indirect:      N/A.

 

RELATIONSHIPS
Internal:     Directly accountable to the IT Quality Assurance and Compliance Director. Indirectly accountable to the Lead Compliance Analyst for day to day and project activities. Interacts with all levels of TSI IT&T selected individuals in TEC Energy Delivery, Energy Supply, Corporate Security, Facility Services, Audit Services, Human Resources, Emergency Management, Customer Experience, Regulatory Affairs, Corporate Accounting; PGS Compliance, Gas Operations; NMGC Compliance, Customer Service, Gas Operations; and Emera Compliance and Cyber Security.
External:     Build and maintain external relationships with vendors, contractors, industry contacts, and external auditors. 

 

QUALIFICATIONS
Education/Training
Required:     Bachelor’s degree in Computer Science, Information Systems or related field.  Experience may be considered in lieu of formal education. 
Preferred:     N/A

Licensing/Certification
Required:     Expected to obtain Information Technology Infrastructure Library (ITIL) Certification within 6 months of employment in this position.
Preferred:     Current ITIL Certification.  Audit (Certified Information Systems Auditor [CISA] or security-related (Certified Information Systems Security Professional [CISSP], Certified in Risk and Information Systems Control [CRISC], Certified Information Security Manager [CISM]) certification.

Related Experience
Required:     Minimum of 5 years experience in an information technology, audit or utility business environment is required, with at least two years in an IT security, audit or other controls-based role.
Preferred:     3 – 4 years IT security, IT audit or other controls experience.    

Knowledge/Skills/Abilities
Required:    Maintains a working level knowledge of applicable regulatory requirements.  Ability to organize, document and facilitate meetings.  Good project management skills. Must be able to complete highly complex duties involving a wide variety of situations requiring considerable analytical skills, judgment and interpersonal relationships.  Ability to lead groups to consensus in a timely manner.  High tolerance for stress. 
Preferred:    Knowledge of Sharepoint document management and workflow.

 

#LI-SAC

 

TECO offers a competitive Benefits package!!

 

Competitive Salary *401k Savings plan w/ company matching * Pension plan * Paid time off* Paid Holiday time * Medical, Prescription Drug, & Dental Coverage  *Tuition Assistance Program * Employee Assistance Program * Wellness Programs * On-site Fitness Centers * Bonus Plan and more!