Info Compliance Analyst/Sr Info Compliance Analyst
Apply NowCompany: Berkshire Hathaway Energy
Location: Urbandale, IA 50322
Description:
Job Description
Supports the implementation and maintenance of information security systems in support of ISO 27001 and ISO 27019 certification. Supports change management of changes to the information security policy and procedures and supporting IT controls. Manages continuous improvement program activities for cyber security for the one or more BHE US Affiliates. Performs risk assessments and manages remediation of risk mitigation actions. Researches, analyzes, develops and implements new strategies, programs, and/or processes in response to changing internal and external conditions. Coordinates or executes IT controls.
Responsibilities
This is a multi-level posting
Identify, prescribe, and implement key cyber security initiatives in support of ISO 27001 and ISO 27019 controls for the pipeline group. Act as advocate for the programs.
Support the development and maintenance of Information Security Management System (ISMS) for one or more BHE US affiliate.
Supports and/or leads special projects, studies and analyses, develops alternatives, presents recommendations to management and influences management decisions.
Researches, analyzes, develops and implements new strategies, programs, and/or processes in response to changing internal and external conditions.
Support the development and maintenance of information security policies, procedures, standards, controls and other related documents
Coordinate and lead interactions with internal and external cyber security auditors
Execute control activities to evidence our compliance with IT controls
Lead cyber security maintenance and continuous improvement activity identified through internal processes or cyber security related audits.
Support the development and documentation BHE US Affiliate third party services and service levels for ISO 27001 and ISO 27019 scoping for the affiliates.
Consult with management, teams and individuals to provide strategical and tactical direction regarding enterprise information security requirements, policies, procedures and standards.
Coordinate updates to training materials that support the information security policies and procedures
Oversee and coordinate efforts to assess and mitigate cyber security risks and threats.
Coordinate with BHE IT and information security staff as well as BHE chief security officer staff to share best practices and cyber security initiatives.
Support reporting related to information security key performance indicators and status reporting
Support business continuity planning, cyber security incident response and management. Coordinate incident response plan creation and updates
Support the enterprise as an information security subject matter expert.
Manage and coordinate forensic and investigation activities
Perform other duties as assigned
Qualifications
This is a multi-level posting
Bachelor's degree in information systems, computer science, accounting, finance, business, information systems, computer science, or a related technical field; or equivalent work experience. (Typically four years of related, progressive work experience would be needed for candidates applying for this position who do not possess a bachelor's degree; a minimum of four years directly-related technical experience in audit, finance, accounting, or information security program compliance support is required.)
Employee must be able and willing to travel to perform pre-audit inspections and support external auditor at site locations. Travel is typically up to one week at a time and may make up 10% to 25% of the work schedule.
Eight years of progressively advanced technical experience in an information security, accounting or audit role for the Sr Information Compliance Anayst.
Demonstrated knowledge of information security best practices as evidenced through achievement or pursuit of one or more advanced certifications, such as CISM or CISSP.
Deep technical knowledge of operating systems, databases, networks and disaster recovery practices.
Excellent oral and written communication skills, including presentation skills.
Ability to recognize, respond, escalate and manage complex technical problems.
Effective interpersonal and customer relationship skills.
Effective analytical, problem-solving and decision-making skills.
Ability to prioritize and handle multiple enterprise level assignments.
Accessible after business hours to guide, manage and support on-call staff in escalation situations.
About Us
MidAmerican Energy Company, a Midwest utility, provides regulated electric and natural gas service to more than 1.6 million customers in Illinois, Iowa, Nebraska and South Dakota. The company owns and operates a portfolio of power-generating assets, approximately 61% of which is wind generation.
About the Team
At MidAmerican Energy Company, we celebrate diversity, equity and inclusion. MidAmerican Energy Company is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or religious creed, age, national origin, ancestry, citizenship status (except as required by law), gender (including gender identity and expression), sex (including pregnancy), sexual orientation, genetic information, physical or mental disability, veteran or military status, familial or parental status, marital status or any other category protected by applicable local, state or U.S. federal law.
Supports the implementation and maintenance of information security systems in support of ISO 27001 and ISO 27019 certification. Supports change management of changes to the information security policy and procedures and supporting IT controls. Manages continuous improvement program activities for cyber security for the one or more BHE US Affiliates. Performs risk assessments and manages remediation of risk mitigation actions. Researches, analyzes, develops and implements new strategies, programs, and/or processes in response to changing internal and external conditions. Coordinates or executes IT controls.
Responsibilities
This is a multi-level posting
Identify, prescribe, and implement key cyber security initiatives in support of ISO 27001 and ISO 27019 controls for the pipeline group. Act as advocate for the programs.
Support the development and maintenance of Information Security Management System (ISMS) for one or more BHE US affiliate.
Supports and/or leads special projects, studies and analyses, develops alternatives, presents recommendations to management and influences management decisions.
Researches, analyzes, develops and implements new strategies, programs, and/or processes in response to changing internal and external conditions.
Support the development and maintenance of information security policies, procedures, standards, controls and other related documents
Coordinate and lead interactions with internal and external cyber security auditors
Execute control activities to evidence our compliance with IT controls
Lead cyber security maintenance and continuous improvement activity identified through internal processes or cyber security related audits.
Support the development and documentation BHE US Affiliate third party services and service levels for ISO 27001 and ISO 27019 scoping for the affiliates.
Consult with management, teams and individuals to provide strategical and tactical direction regarding enterprise information security requirements, policies, procedures and standards.
Coordinate updates to training materials that support the information security policies and procedures
Oversee and coordinate efforts to assess and mitigate cyber security risks and threats.
Coordinate with BHE IT and information security staff as well as BHE chief security officer staff to share best practices and cyber security initiatives.
Support reporting related to information security key performance indicators and status reporting
Support business continuity planning, cyber security incident response and management. Coordinate incident response plan creation and updates
Support the enterprise as an information security subject matter expert.
Manage and coordinate forensic and investigation activities
Perform other duties as assigned
Qualifications
This is a multi-level posting
Bachelor's degree in information systems, computer science, accounting, finance, business, information systems, computer science, or a related technical field; or equivalent work experience. (Typically four years of related, progressive work experience would be needed for candidates applying for this position who do not possess a bachelor's degree; a minimum of four years directly-related technical experience in audit, finance, accounting, or information security program compliance support is required.)
Employee must be able and willing to travel to perform pre-audit inspections and support external auditor at site locations. Travel is typically up to one week at a time and may make up 10% to 25% of the work schedule.
Eight years of progressively advanced technical experience in an information security, accounting or audit role for the Sr Information Compliance Anayst.
Demonstrated knowledge of information security best practices as evidenced through achievement or pursuit of one or more advanced certifications, such as CISM or CISSP.
Deep technical knowledge of operating systems, databases, networks and disaster recovery practices.
Excellent oral and written communication skills, including presentation skills.
Ability to recognize, respond, escalate and manage complex technical problems.
Effective interpersonal and customer relationship skills.
Effective analytical, problem-solving and decision-making skills.
Ability to prioritize and handle multiple enterprise level assignments.
Accessible after business hours to guide, manage and support on-call staff in escalation situations.
About Us
MidAmerican Energy Company, a Midwest utility, provides regulated electric and natural gas service to more than 1.6 million customers in Illinois, Iowa, Nebraska and South Dakota. The company owns and operates a portfolio of power-generating assets, approximately 61% of which is wind generation.
About the Team
At MidAmerican Energy Company, we celebrate diversity, equity and inclusion. MidAmerican Energy Company is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or religious creed, age, national origin, ancestry, citizenship status (except as required by law), gender (including gender identity and expression), sex (including pregnancy), sexual orientation, genetic information, physical or mental disability, veteran or military status, familial or parental status, marital status or any other category protected by applicable local, state or U.S. federal law.