Ameren Digital & Cyber Compliance Analyst in St. Louis, Missouri
If end date is listed, the posting will come down at 12:00 am on that date:
About The Position
The Digital & Cybersecurity Compliance Analyst will build, develop, and maintain relationships with various stakeholders to design and enhance compliance and security controls solutions for Ameren across the various segments. It is imperative this role anticipates methods and processes employed by both internal and external auditors/regulators to effectively design and re-design controls, as well as perform controls assessments across our compliance programs and projects.
Key responsibilities include:
• Support and drive the analysis, development, and implementation of policies, processes, procedures, standards, guides, security and compliance controls, and tools across the Digital organization to enable and automate control execution and associated control activities while providing assurance that the appropriate artifacts exist for operational continuity and compliance.
• Collaborate with Digital/IT and Business stakeholders to assess the sufficiency, relevance, and reliability of their control documentation and control design as part of the various compliance and security controls frameworks.
• Support internal and external audit engagements, which may include but is not limited to: coordinating the collection of evidence, evaluating and staging audit evidence, coordinating subject-matter expert interviews, and engaging directly with the audit team.
• Collaborates with internal and external parties (e.g. industry, regulatory, etc.) that would influence and/or impact existing policies, processes, procedures, or controls frameworks.
• Act as an advisor in implementing leading practices for areas related to the compliance security controls programs, which also includes providing guidance to various stakeholders around automation and optimization opportunities.
• Aggregate observations, deviations, and exceptions identified through surveillance activities, risk assessments, audit engagements, and control design/redesign efforts to manage an effective corrective action process that seeks to remediate non-compliance within required timelines.
• Assist with tracking and updating key metrics that indicate the current health of controls and overall compliance programs.
• Leverage industry frameworks (NIST CSF, CIS, etc.) to develop control sets that provide the necessary security to address risks with the variety of systems in use.
• Assists with the management of the NERC CIP, SOX, and NIST compliance programs, as well as drive and support key initiatives around compliance and security objectives.
• Ensure that enterprise-wide security, privacy, and compliance standards are enforced throughout the entire organization.
• Evaluate new and emerging products and technologies based upon security, compliance, and regulatory needs.
• Establish and maintain business relationships with individual contributors as well as management.
• Bachelor’s Degree required with a major in Cybersecurity, Computer Science, Management Information Systems, Engineering, or equivalent computer or applicable business related major.
• Two or more years of relevant experience in Cybersecurity and/or technology field specializing in controls (e.g. Cybersecurity, IT or Advisory) required.
• Will consider candidates without a degree if they have shown/demonstrated having 2+ additional years of equivalent, relevant experience in the tools, systems, and initiatives leveraged by Ameren.
• Two or more years of relevant Cybersecurity experience focused on the design and implementation or assessment of controls preferred.
• Professional certification preferred (e.g. CISSP, CISA, CRISC, GIAC).
In addition to the above qualifications, the successful candidate will demonstrate:
• Proven analytical skills with the ability to make sound decisions with ambiguous information, as well as possess a high level of organizational skills and autonomy.
• Ability to communicate clearly, effectively, persuasively and credibly with internal management and external senior level oversight entities.
• Ability to establish and maintain productive business relationships.
• Conceptual knowledge around managing and securing various technologies, common security tools, as well as defensive security techniques.
• Working knowledge in the following areas: system policy and compliance verification techniques; auditing principles; risk management concepts and techniques; software development methodologies and controls; SOX, HIPAA, PCI, NERC CIP, TSA, NIST CSF, and NRC cybersecurity standards; evaluating new and emerging technologies.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, ethnicity, age, disability, genetic information, military service or status, pregnancy, marital status, sexual orientation, gender identity or expression, or any other class, trait, or status protected by law.
St. Louis-based Ameren Corporation powers the quality of life for 2.4 million electric customers and more than 900,000 natural gas customers in a 64,000-square-mile area through its Ameren Missouri and Ameren Illinois rate-regulated utility subsidiaries. Ameren Illinois provides electric transmission and distribution service and natural gas distribution service. Ameren Missouri provides electric generation, transmission and distribution service, as well as natural gas distribution service. Ameren Transmission Company of Illinois develops, owns and operates rate-regulated regional electric transmission projects. For more information, visit Ameren.com, or follow us on Twitter at @AmerenCorp, Facebook.com/AmerenCorp, or LinkedIn/company/Ameren.