Website New Hampshire Electric Cooperative, Inc.

Senior Information Security Compliance Analyst

Mission

The Senior Information Security Compliance Analyst will help develop, plan, and implement the information security program for NHEC. This position is responsible for shaping the direction of the information security program by monitoring the evolving cybersecurity threat landscape while minimizing risks and recommending technologies and processes to secure the information technology environment. The Senior Information Security Compliance Analyst will work in cooperation with IT, business leaders, consultants, and the audit committee to reduce risks and assist in the management of cost, schedules, and performance. This role interacts with business leaders so blending a strong technical background with exceptional communications skills, strong business acumen, and experience driving change in complex business environments is essential for success.

Responsibilities

  • Overall management responsibility for the information security program
  • Identify and understand potential and emerging information security threats, vulnerabilities, and technical control implementation applicable to the electrical distribution industry
  • Support the development, maintenance and monitoring of an information security, compliance, and risk management program
  • Engage and coordinate cross functional business participation in risk profiling, investigation, escalation, and resolution
  • Participate in the development and management of key information security and risk metrics
  • Utilize risk management principles from established frameworks (NIST/CIS/etc) to help improve cybersecurity performance and reduce risk across the enterprise
  • Develop and maintain a risk register to track identified risks
  • Conduct, participate and/or oversee all periodic risk assessment updates and audits
  • Manage the business feedback loop using the results from the risk assessment

Knowledge, skills and abilities

  • At least 7+ years of experience managing an information security program
  • Experience and understanding of implementing cyber security frameworks and mitigating risks while balancing the functional needs of business operations
  • Solid working knowledge of digital, cybersecurity & data privacy laws, regulations, and best practices
  • Ability to lead initiatives with limited supervision while collaborating effectively with local and remote teams
  • Experience in project management, engineering management, or another related subject of comparable complexity and responsibility
  • Knowledge of the risk management process
  • Demonstrated ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes
  • Excellent verbal and written communications skills
  • Must be a team player with demonstrated negotiating skills and capable of maintaining solid working relationships with all business leads

Education

  • Bachelor’s degree is required, preferably in an IT discipline
  • One or more of the following certifications:
    • Certified Information Security Manager (CISM)
    • Certified Information Systems Security Professional (CISSP)
    • Certified in Risk and Information System Control (CRISC)

Working Conditions

  • Partial telecommuting is acceptable with management approval, however on-site office work in the Plymouth NH area will be required periodically. Occasional after-hours work is expected. All employees are required to assist with power restoration efforts as needed. All employees must provide a personal phone number where they can be reached after hours. This number is for internal use only. A valid motor vehicle operator’s license is required.

NHEC offers an excellent compensation and benefits package.  Please apply at www.nhec.com

NHEC is an Equal Opportunity/Affirmative Action Employer