The IT Compliance Specialist's role is to assess technology-related compliance issues across the organization including information security, identity management, user access, and data integrity. This includes working with business owners, gatekeepers and administrators to identify, document and monitor current risks and controls.
SALARY RANGE: (Determined by the knowledge, skills and abilities of the applicant.)
Level II: $64,100 - $96,100
Senior Level: $76,300 - $114,450
REPORTING RELATIONSHIP: IT Compliance Manager
LOCATION: Our Corporate Headquarters in Rapid City, South Dakota
- You’ll find this is the ideal community to live, work and do business in. With hiking trails, the Black Hills, Mount Rushmore and Badlands National Park in your backyard, there are endless opportunities to enjoy nature. To learn more about our locations, please visit the locations page on our career website.
- Relocation assistance is available for this position! Package is based on distance/complexity of the move, and individual circumstances. Contents of our relocation program are subject to change and may vary based on position.
ESSENTIAL JOB FUNCTIONS:
- Perform and monitor IT compliance activities including data collections, analysis and remediation throughout BHE, working with internal and external audit teams as required.
- Support the design and operating effectiveness testing of the IT departments control activities processes.
- Communicate and train on IT compliance related issues and activities. Partner within the organization to build IT compliance awareness.
- Determine and maintain an inventory of all regulatory and technology compliance requirements.
- Facilitate the creation and modification of all technology compliance policies.
- Identify the associated IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio.
- Project lead supporting internal and external audit to perform audit testing, data collection and remediation of issues identified.
- Be recognized across the organization for IT Compliance and Internal General Controls expertise and consult on the design and implementation of such controls.
- Provide subject matter expertise in the creation, implementation and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with applicable technology related regulations including NERC CIP, and SOX.
- Lead IT compliance related projects and project teams while meeting project timelines and budget set forth by project.
- Be actively engaged in industry forums and venues related to various Compliance topics; make recommendations to management at all levels to ensure that appropriate levels of compliance are maintained.
- Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking state-of-the-art practices; participating in professional societies.
- After hours response may be required for critical issues requiring management attention.
- Ensure duties are performed in accordance with Company’s published policies and procedures.
- Work directly with non-IT compliance professionals such as legal, audit and corporate compliance to ensure organizational alignment.
- Interpret applicable standards, requirements and their application to the enterprise environment in cooperation with operational area SMEs.
- Understand and identify risks and work to ensure proper solutions are implemented as necessary.
- Review compliance certifications including SOC1, SOC2 and ISO 27000. Provide guidance and mitigation controls based on the results of the review.
- A minimum of three (3) years of experience in an IT technical support, system administration, computer systems or network maintenance is required.
- Bachelor’s degree in IT or equivalent combination of education and experience.
- A minimum of five (5) years of experience in an IT technical support, system administration, computer systems or network maintenance is required.
- Bachelor’s degree in IT or equivalent combination of education and experience.
- Strong understanding of internal controls, specifically IT General Controls (ITGC), CIS and NERC CIP.
- Broad knowledge and understanding of Information Technology concepts and IT and Business security controls, and processes.
- Organizing workgroups for cross functional projects required.
- Ability to understand, comprehend and communicate technology.
- Demonstrated understanding of data processing, hardware platforms, operating systems, databases and enterprise software applications.
- IT Audit management knowledge is required
- Knowledge of applicable state and federal regulations, including Sarbanes Oxley, NERC CIP requirements and TSA guidelines.
- Knowledge of how to apply and maintain regulations to the Black Hills systems and environment.
- Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.
- Experience in planning, organizing and developing information technology policies, procedures and practices.
- General knowledge of COBIT, Sarbanes Oxley, CIS, NIST, ITIL or other control frameworks.
- A working knowledge of accounting financial terms desired.
- A high-level knowledge of electric and gas control system desired.
- Ability to analyze risks and recommend appropriate controls to reduce or mitigate the risks.
- Knowledge of the regulated utility business is preferred.
- Knowledge of general IT audit practices is required.
- Ability to establish credibility and working relationships with a wide range of corporate personnel, including operations, management, executive and legal staff as well as external personnel, including auditors and regulators.
- Excellent verbal and written communication skills, including the ability to communicate technical information to non-technical personnel.
- Demonstrated success in building partnership across a diverse organization.
- Proven attention to detail.
- Ability to understand and interpret laws and regulatory requirement related to information protection and develop and implement appropriate processes to keep the Company in compliance.
- Proven ability to effectively manage competing priorities while meeting deadlines including compliance requirements with violations associated with non-compliance.
- Superior analytical, evaluative and problem-solving and isolation abilities.
- Ability to think and act independently and develop creative solutions to resolve complex problems.
- Ability to motivate in a team-oriented, collaborative environment.
- Excellent customer service and interpersonal skills.
- Accountable for all decisions and actions.
- Highly organized to meet deadlines and maintain priorities.
- Adaptability to changing business environments.
MENTAL/PHYSICAL DESCRIPTIONS AND WORKING CONDITIONS:
The mental and physical descriptions are representative of the activities an employee in an office job performs. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Mental description: Understand, remember, apply oral and/or written instructions or other information, and communicate routine factual information. Apply common sense in performing job functions, usually within a set of rules or guidelines.
While performing the duties of this job, the employee continuously accesses, inputs, and retrieves electronic information and communicates regarding the information. Employee frequently moves about the office space. Employee must be able to operate routine office equipment including computers and similar equipment. Must be able to routinely perform this work for an average of 6-8 hours per day and occasional extended hours as necessary. Must be capable of regular, reliable, and timely attendance.
Specific lifting abilities required by this job include: Sedentary work. Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or continuously to lift, carry, push, pull or sitting most of the time. Jobs are sedentary if moving about is only occasionally and all other sedentary criteria are met.
Work environment: Routinely perform work indoors in climate-controlled shared work area with moderate noise level. Willing to travel occasionally (less than 10 days per year) by automobile (as driver and passenger), commercial airlines, rental vehicles and public transportation and be able to lodge in public facilities.
This description is not intended to be an all-inclusive list of responsibilities, duties, and requirements for employees in this position. Job descriptions may and do change periodically. Where positions are covered by a collective bargaining unit agreement, the terms and conditions of the collective bargaining unit agreement will apply.
About our Company: We are a customer focused, growth-oriented utility company that is devoted to our communities. We have a mission to improve life with energy and a vision to be the energy partner of choice. Our diverse culture sparks unique perspectives, opening doors to new ideas and possibilities. Based in Rapid City, South Dakota, we have over 2900 employees and serve 1.2 million natural gas and electric utility customers across eight states (South Dakota, Montana, Wyoming, Colorado, Nebraska, Iowa, Kansas, and Arkansas).
Enjoy our Comprehensive Benefits Package: annual incentive program (based on percentage of eligible earnings), 401(k) (6% company match and up to 9% company retirement contribution), tuition reimbursement, paid time off, additional Veteran PTO, military leave differential pay, paid holidays and annual floating holidays, company paid short term and long term disability, paid maternity and paternity benefits, health and wellness program, and competitive medical, dental and vision insurance.
Candidates must successfully pass a pre-employment drug screen and background check.
Black Hills Corporation does not sponsor applicants for work visas. All applicants must be legally authorized to work in the US.
Black Hills Corporation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or status as a protected veteran.
Wage: 64100 to 96100