You are viewing a preview of this job. Log in or register to view more details about this job.

Information/Operational (IT/OT) Compliance Advisor

Calpine Corporation
Email
The Information Technology/Operational Technology (IT/OT) Compliance Advisor will join the IT Governance, Risk & Compliance (IT GRC) Team to support and enhance Calpine’s Information Security Program. This will include, but is not limited to; Administration of Regulatory Compliance Programs, Ensuring Adherence to Policies & Procedures, Performing Risk Assessments, Ensuring programs and initiatives adhere to Calpine’s Control Framework, and supporting cybersecurity Supply Chain Risk Management efforts.
Responsibilities
  • Administer IT/OT Compliance Programs including North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC-CIP), Transportation Security Administration (TSA) Guidelines & Directives, Sarbanes Oxley Act (SOX), Payment Card Industry – Data Security Standard (PCI-DSS), Data Security Agreement (DSA) 
  • Develop and update IT/OT Policies and Standards aligned with best practices and working knowledge of the following frameworks (NIST 800-53, NIST 800-171, NIST 800-82, ISO 27001)
  • Enforce adherence to IT/OT Policies, Standards & Procedures by being an integral part of as part of ongoing and ad hoc initiatives
  • Perform risk assessments to evaluate the implementation of new technologies or significant changes to existing architectures and technologies
  • Implement security related contract language into agreements during the purchase of IT/OT services and technologies 
  • Maintain awareness and knowledge of current changes within legal, regulatory, and technology environments, which may affect operations. 
  • Experience with IT GRC systems and tracking, and metrics of controls
  • Ensure senior management and staff are informed of any changes and updates in a timely manner.
  • Work with multiple business units, cultures and service providers to pull together accomplish department’s mission
  • Create high quality deliverables in terms of both content and presentation
  • Independently prioritize and manage work responsibilities across multiple work streams
  • Make decisions on complex issues
  • Use independent judgment requiring in-depth evaluation of variable factors. Independently select methods, techniques, analytical approach and evaluation criteria
  • Establish and maintain appropriate network of professional contacts. 
  • Maintain membership in appropriate professional organizations and publications. 

Job Requirements:
  • Must have legal authorization to work in the US on a full-time basis for anyone other than current employer. 
  • Minimum of Ten (10) years of hands-on technical experience in IT/OT GRC related positions
  • Bachelor’s Degree or equivalent
  • Demonstrated experience administering IT/OT Compliance Programs NERC-CIP, TSA Guidelines & Directives, SOX, PCI-DSS, DSA
  • Strong written and verbal communication skills. 
  • Ability to research, analyze and resolve complex problems with minimal supervision and escalate issues as appropriate 
  • Strong analytical skills 
  • Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts. 
  • Ability to balance project work with day-to-day administrative tasks and troubleshooting in a highly dynamic business environment
  • Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable
  • Demonstrated working knowledge of IT/OT control frameworks (NIST 800-53, NIST 800-171, NIST 800-82, ISO 27001), security concepts and strategies 
  • Applicable Certifications: All preferred but not required depending on experience/background :
  • CISSP (Certified Information Systems Security Professional)
  • CISA (Certified Information Systems Auditor)
  • CISM (Certified Information Security Manager)

Vaccine Information:
Calpine requires an individual who is newly hired into this position to be vaccinated for COVID-19 within the first 28 days of employment - if not already vaccinated prior to starting employment. If you have any concerns regarding compliance with this requirement, you will need to discuss your concerns with Calpine’s HR department after a decision has been made about whether or not to make you a conditional offer of employment. Calpine does not require applicants to discuss vaccination status prior to receipt of a conditional offer of employment and complies with all applicable laws requiring reasonable accommodation.