IT Compliance Specialist II or Senior

Job Description

Job Specifications

The IT Compliance Specialist II will provide subject matter expertise in the development, implementation, and maintenance of IT compliance programs and procedures.  They will review and analyze IT policies, procedures, and controls to ensure they align with current regulations and adopted controls.  This role will also comprehensively conduct audits and risk assessments, identifying potential issues, and recommending remediation actions.  They will support the program in developing and delivering IT compliance training to the organization. They will also assist in mentoring other IT Compliance Specialists.  

SALARY RANGE:  (Determined by the knowledge, skills and abilities of the applicant.)

• Level II: $67,650 - $101,450
• Senior: $80,550 - $120,800

REPORTING RELATIONSHIP: IT Compliance Manager

LOCATION:   Our Corporate Headquarters in Rapid City, South Dakota

• Relocation financial assistance is available, amount may vary based on individual circumstances. 

ESSENTIAL JOB FUNCTIONS: 

• Provide subject matter expertise in the creation, implementation and maintenance of appropriate enterprise programs, policies, and procedures to be aligned with applicable technology related regulations including TSA Security Directives/Guidelines, NERC CIP, and SOX.
• Comprehensively perform and monitor IT compliance activities including data collections, analysis and remediation throughout BHE, working with internal and external audit teams as required.
• Support management in the design and operating efficiency testing of the IT departments control activities processes. 
• Communicate and train on IT compliance related issues and activities.  Partner within the organization to build IT compliance awareness. 
• Support when there are complaints or violations of laws, regulations or internal policies and procedures, you will be responsible for investigating them, documenting your findings, and taking appropriate corrective action, including reporting violations to regulatory agencies.
• Comprehensively understand and maintain knowledge of applicable standards, requirements and their application to the enterprise environment in cooperation with operational area SMEs.
• Be engaged in industry forums and venues related to various Compliance topics; make recommendations to management at all levels to ensure that appropriate levels of compliance is maintained.
• Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking innovative practices; participating in professional societies.
• Facilitate IT responses to internal and external audits and regulatory reviews to ensure compliance with applicable regulatory standards and internal security policies and controls.
• Act as Team Lead while supporting internal and external audit to perform audit testing, data collection and remediation of issues identified. 
• Occasional overnight travel as necessary to attend team meetings, meet with employees, support compliance activities, provide or receive training, and support remote systems.  After hours response may be required for critical issues requiring management attention.
• Comprehensively understand interrelationships and dependencies between business processes and functions, both internal and external to the company, and the associated impact on the effectiveness of the control environment with minimal assistance and oversight.

ADDITIONAL RESPONSIBILITIES: 

• Be actively engaged in industry forums and venues related to various Compliance topics; make recommendations to management at all levels to ensure that appropriate levels of compliance are maintained.
• Work directly with non-IT compliance professionals such as legal, audit and corporate compliance to ensure organizational alignment.
• Review compliance certifications including SOC1, SOC2 and ISO 27000. Provide guidance and mitigation controls based on the results of the review.

QUALIFICATIONS:
Level II:

• Minimum of (3) three years of experience in information technology, compliance, audit or similar role required.
• Bachelors in IT, Business Administration, Compliance, Risk Management, Security, Information Technology, or similar role or equivalent combination of education and experience required.

Senior:

• Bachelor's degree in Information Technology, Business Administration, Compliance, Risk, Security, or  equivalent combination of education and experience required.
• Minimum of five (5) years of experience in information technology, compliance, audit or similar role required.

KNOWLEDGE/SKILLS/ABILITIES: 

• CISA certification required or the ability to obtain CISA in 1 year 
• Strong understanding of internal controls, specifically IT General Controls (ITGC), CIS Controls and NERC CIP.
• Broad knowledge and understanding of Information Technology concepts and IT and Business security controls, and processes.  Ability to understand, comprehend and communicate technology. Demonstrated understanding of data processing, hardware platforms, operating systems, databases and enterprise software applications.
• Knowledge of applicable state and federal regulations, including Sarbanes Oxley, NERC CIP requirements and TSA guidelines.
• Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.
• Experience in planning, organizing, and developing information technology policies, procedures and practices.

This description is not intended to be an all-inclusive list of responsibilities, duties, and requirements for employees in this position. Job descriptions may and do change periodically. Where positions are covered by a collective bargaining unit agreement, the terms and conditions of the agreement will apply.

About our Company: We are a customer, growth and safety focused utility company that is dedicated to our communities. We improve life with energy as an energy partner of choice. Our diverse culture fuels unique perspectives, opening doors to new insights and possibilities. Based in Rapid City, South Dakota, we have over 3000 employees and serve 1.3 million natural gas and electric utility customers across eight states (South Dakota, Montana, Wyoming, Colorado, Nebraska, Iowa, Kansas, and Arkansas).

Enjoy our Comprehensive Benefits Package!  Annual discretionary bonuses, 401(k) (6% company match and up to 9% company retirement contribution), tuition reimbursement, generous paid time off benefits, including paid holidays and parental leave, company paid life insurance and disability benefits (short and long term), an employee assistance program and well-being benefits, and competitive medical, dental and vision insurance.

Candidates must successfully pass a pre-employment drug screen and background check. 

Black Hills Energy does not sponsor applicants for work visas. All applicants must be legally authorized to work in the US.

We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or status as a protected veteran.  If you require reasonable accommodation, please visit  careers.blackhillsenergy.com for more information.