Director IT Regulatory & Compliance
Location: Dallas, TX Posted Date: November 12, 2014
Employer: To view company name. See instructions below Apply By: January 8, 2015
Employer Job Id: CareerMine Job Id: 1143447
[Company] is a Dallas-based, privately held energy company with a portfolio of competitive and regulated energy companies.[Company] , [Company] primary businesses, serve the high-growth Texas electricity market, which is one of world's largest and among the nation's most successful competitive markets. These businesses serve the high-growth Texas electricity market, which is one of the world's largest and among the nation's most successful competitive markets.
Summary
The Director of IT Compliance & Regulatory (DCR) is responsible for interpretation and auditing of all legislated requirements that impact security for[Company] . This includes but is not limited to Sarbanes Oxley Section 404, NERC CIP, NEI, NRC, Payment Card Industry (PCI) requirements, COBIT, ISO 27000 Standards, and NIST SP 800 Guidelines.
The DCR oversees and coordinates IT security efforts across the [Company] business units including security policies, standards, procedures and initiatives. In these functions, the DCR works closely with Internal Audit, Legal, Supply Chain, Government Affairs and business unit personnel.
The DCR defines and ensures compliance with IT General Controls, including Access Control functions, across all business units.
The DCR ensures alignment and up-to-date threat intelligence with industry groups including UNITE & EEI, and works with government organizations such as FBI, NERC and others
Key Roles & Responsibilities Other duties may be assigned. Directly or through others, the incumbent:
Controls & Compliance:
Manages all implications of mandated and regulated security requirements such as Sarbanes-Oxley, NERC CIP, NRC and PCI including corporate IT policies. Manage staff supporting those compliance efforts across business units. Report any gaps and drive remediation efforts.
Leads cross-functional teams in performing reviews and tests of IT internal controls to ensure that existing IT systems are operating as designed and that they contain adequate controls (ITGC’s).
Provides oversight regarding audit, regulatory and risk management activities across IT functional areas, such as the development and maintenance of regulatory documentation and responses (e.g., Sarbanes-Oxley Act compliance).
Coordinates the IT component of both internal and external audits, federal and state examinations.
Possesses detailed knowledge of industry regulatory environment and risk management practices, and thorough understanding
Works collaboratively with corporate compliance, internal auditing and corporate risk management and various technical teams in the design and implementation of audit, risk assessment and regulatory compliance practices for IT.
Proactively promotes enhancement of technology-related internal controls awareness and training across IT and business units.
Acts as “single point of contact” for Legal, Regulatory, Supply Chain, Corporate Security and other business functions.
Defines and enforces standards for 3rd Party security capabilities and security-related compliance to contracts
Directs IT functional teams in the development, implementation, monitoring and reporting of control processes, documentation and compliance routines. Advises IT and business executives on the status of technology compliance issues based on assessment results and information from various monitoring and control systems.
Support business-led Segregation of Duties activities
Support employee investigations and oversee computer forensics procedures
Interacts frequently with individual BU management on internal and external operations that are impacted by security issues both internal and external to[Company] . This includes the review and approval of all major contracts for services and equipment in both [Company] and business unit IT groups.
Independently manages yearly penetration testing and other user-related security testing (e.g. Phishing)
Prior work experience with GRC tools such as Archer and CA’s Governance Minder
Data Privacy:
Drives data classification policy and standards for cloud and mobile computing.
Drives Personal Identifiable Information handling standards and TXUE customer privacy standards
Works closely with both internal and external auditors regarding SOX and all other compliance.
Policies & Standards
Manages the development and implementation of enterprise IT security policy, standards (including image standards), guidelines and procedures to ensure both regulatory compliance and the ongoing maintenance of IT security.
Assists in the development and helps ensure consistency in [Company] policies relating to IT (e.g. clean desk, confidential information, breach response, etc.)
User Awareness & Training:
Provides enterprise-wide direction and training on the implementation of security polices, programs, and technologies for all enterprise operations, including those in business units and subsidiaries.
Oversee internal web content and employee outreach activities / communications relating to security
Other External:
Maintains relationships with local, state and federal governmental and technology security agencies.
Active participation in industry and government-sponsored security organizations
Education, Experience, & Skill Requirements
A BS or BA degree in technical field or computer science with an emphasis in information technology and a minimum of eight to ten years of experience in computing, security, IT Audit or similar compliance background
Excellent verbal and written communication skills, previous leadership, management and supervisory experience, and excellent time management abilities.
Demonstrate initiative, exercise good judgment, exhibit strong profit orientation, and have the ability to achieve results through others.
Solid understanding of information technology and information security (including firewalls, VPNs, penetration testing and other security devices.)
Ability to work and effectively prioritize in a highly dynamic work environment.
Very strong conceptual, analytical, judgment and communication abilities are critical
Possess the relationship skills, cultural awareness, and organizational prowess required to work effectively in a large, highly-matrixed organization
One or more of the following certifications or similar work experienced desired - CIS
It is the policy of the company to comply with all employment laws and to afford equal employment opportunity to individuals in all aspects of employment, including in selection for job opportunities, without regard to race, color, religion, sex, national origin, age, disability, genetic information, veteran status, or any other consideration protected by federal, state or local laws.
Home 