Sr Security Compliance Analyst

Consumers Energy is Michigan’s largest energy provider, providing natural gas and/or electricity to 6.8 million of the state’s 10 million residents in all 68 Lower Peninsula counties. Consumers Energy knows job number one is to keep the lights on for customers. We are committed to delivering reliable, clean, and affordable energy to our customers 24/7.  

 

Location: This is a hybrid (virtual/onsite) position with required onsite days on Monday, Tuesday and Thursday assigned to One Energy Plaza located in Jackson, MI.  The selected candidate must be within a commutable distance or willing to relocate (relocation package is available for those that qualify).

General Summary of Job Responsibilities

The Senior Security Compliance Analyst will manage compliance activities for one or more regulatory requirements such as NERC-CIP, PCI, FERC Hydro, TSA, API-1164, MARSEC, and NRC. The incumbent will design and monitor compliance controls and related tasks, audit preparation and participation, assessments, small projects, tracking weekly progress by utilizing the compliance database, and tracking defect resolution. Partner with other teams as necessary for a variety of needs including project management, process mapping/creation, security awareness, risk, and privacy.

Essential Duties and Responsibilities

• Able to step in as team lead when necessary and build consensus on what direction the team should follow and mentor/train others on the team.
• Review potential non-compliances by investigating what occurred vs what was intended and conducting conversations with key party(ies) to arrive at the true nature and extended impact of the incident.
• Document results in the correct forms and review with relevant directors, legal representatives, and external regulators.
• Actively participate in Daily/Weekly/Monthly operating reviews so that all work is known and transparent.
• Expected to be ready to intelligently talk about their daily/weekly/monthly workload, deadlines, expectations, hurdles, and any problems that need to be surfaced so that the work can be addressed appropriately.
• Document and review step-by-step work procedures to create Standard Work for the functions that you perform. Standard Work will be used by multiple analysts throughout the broader Security team, and will be reviewed by regulators (federal and others) multiple times per year as evidence of our compliance program.
• Talk to auditors and represent the company utilizing expertise in our processes, procedures, and control environment. Demonstrate our layered security approach in a concise and confident manner.
• Perform compliance tasks prescribed in the Compliance Database system to ensure we can evidence compliance activities completed to our regulators (federal, local, governmental). Ensure that the evidence is correct and complete.
• Apply knowledge of IT audit and compliance based on prior experience to our current workload and incoming work to arrive at decisions and solutions that are best for the company. Regularly meet with required stakeholders to discuss and review any questions that come up regarding compliance topics, so decisions and action items are documented and followed through.
• Perform remediation analysis and activities by reviewing solution(s) with required stakeholders (Operational Technology, IT, regulatory analysts, Corporate Security, etc.) to demonstrate non-compliances have been remediated. Document results in the correct forms and review with relevant directors, legal representatives, and external regulators.
• Other duties as assigned or may be necessary.

Knowledge/Skills/Abilities

• Demonstrated leadership-type capabilities.
• Technical skills required relating to cyber and physical security technologies.
• Strong communicator both internally and externally.
• Able to create and maintain visual management and status updates that can be shared broadly with all levels of employees/leadership.
• Able to function as a project manager for compliance-based projects by utilizing professional judgement for scope, budget, and timing.
• Understanding of critical infrastructure security issues.

Education & Experience

• Bachelor's Degree in Information Technology, Computer Science or related field with 4 years of experience in IT audit / compliance type of role, experience conducting and receiving audits, interacting with auditors and managing remediation plans; Experience in regulatory compliance including controls development, regulatory analysis, process development, audits, automation and technical capabilities [OR]
• Associate's Degree in Information Technology, Computer Science or related field with 6 years of experience in IT audit / compliance type of role, experience conducting and receiving audits, interacting with auditors and managing remediation plans; Experience in regulatory compliance including controls development, regulatory analysis, process development, audits, automation and technical capabilities [OR]
• High School Diploma and/or GED with 8 years of experience in IT audit / compliance type of role, experience conducting and receiving audits, interacting with auditors and managing remediation plans; Experience in regulatory compliance including controls development, regulatory analysis, process development, audits, automation and technical capabilities

Why should you join our team?

At Consumers Energy, we offer more than just a place to work. We foster a culture that supports career development, growth, and stability, and we take pride in offering our co-workers excellent benefits and compensation packages. We are deliberately creating an inclusive culture that makes our diverse team of co-workers feel valued, supported, and empowered every day. We're a company made up of thousands of people, all with different stories to share and work to do, but we stand united in our company purpose: world class performance delivering hometown service.

What we offer:

• Competitive compensation packages
• Medical, Dental and Vision
• 401k with company match
• Paid parental leave
• Up to 13 paid Holidays
• Paid time off
• Educational Assistance Program

Diversity, Equity & Inclusion: 

We, at CMS Energy, value Diversity, Equity, & Inclusion. It is part of our DNA. We treat our employees with respect, we treat each other fairly and we value the opinions of others. We are passionate about building and nurturing an environment where everyone feels included. We don’t discriminate. We seek to learn about each other and better understand our unique differences. Our uniqueness makes us authentic. We create safe spaces where everyone can be who they truly are. We invite difficult conversations and uncomfortable topics. We value diverse perspectives; this is what makes us great together. We harbor an inclusive environment where employees feel empowered to share their backgrounds, experiences, and ideas. Our Employee Resource Groups, Women in Energy (WE), Minority Advisory Panel (MAP), Pride Alliance of Consumers Energy (PACE), GENERGY, capABLE, Interfaith and Veterans Advisory Panel (VAP) are key enablers to living the values of our company culture: Caring, Empowered, Deliberate, Agility, and Ownership.

 

All qualified applicants will not be discriminated against and will receive consideration for employment without regard to protected veteran status, disability, race, color, religion, sex, age, sexual orientation, gender identity or national origin.