Black Hills Corporation

IT Compliance Specialist Level II or Senior

Rapid City, SD

$71,100-$126,900

About This Job

Job Specifications

Black Hills Energy is people powered and purpose driven. Our team uses the power of energy to improve life for over one million customers in 800+ communities across the West and Midwest. We seek talented, caring people who embody our core values and contribute to a culture of inclusion and growth. As an organization, we believe the best part of working on our team is our commitment to making tomorrow better than today—for our customers, communities and each other.

Position summary:

The IT Compliance Specialist II will provide subject matter expertise in the development, implementation, and maintenance of IT compliance programs and procedures. They will review and analyze IT policies, procedures, and controls to ensure they align with current regulations and adopted controls. This role will also comprehensively conduct audits and risk assessments, identifying potential issues, and recommending remediation actions. They will support the program in developing and delivering IT compliance training to the organization. They will also assist in mentoring other IT Compliance Specialists.

Pay Range: This posting includes the full pay range for this position. Pay is based on a number of factors and may vary depending on job-related knowledge, skills, experience, and internal equity. Level II: $71,100 - $106,600 / Grade 13

Senior: $84,600 - $126,900 / Grade 15

Reporting Relationship: IT Compliance Manager

Location: Our Corporate Headquarters in Rapid City, South Dakota

Relocation Assistance: Relocation assistance is available based on individual circumstances! Details to be shared during the offer process.

Essential Functions:

•

Provide subject matter expertise in the creation, implementation and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with applicable technology related regulations including TSA Security Directives/Guidelines, NERC CIP, and SOX.

•

Comprehensively perform and monitor IT compliance activities including data collections, analysis and remediation throughout BHE, working with internal and external audit teams as required

•

Support management in the design and operating efficiency testing of the IT departments control activities processes.

•

Communicate and train on IT compliance related issues and activities. Partner within the organization to build IT compliance awareness. "

•

Support when there are complaints or violations of laws, regulations or internal policies and procedures, you will be responsible for investigating them, documenting your findings, and taking appropriate corrective action, including reporting violations to regulatory agencies.

•

Comprehensively understand and maintain knowledge of applicable standards, requirements and their application to the enterprise environment in cooperation with operational area SMEs.

•

Be engaged in industry forums and venues related to various Compliance topics; make recommendations to management at all levels to ensure that appropriate levels of compliance is maintained.

•

Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking state-of-the-art practices; participating in professional societies.

•

Facilitate IT responses to internal and external audits and regulatory reviews to ensure compliance with applicable regulatory standards and internal security policies and controls.

•

Act as Team Lead while supporting internal and external audit to perform audit testing, data collection and remediation of issues identified.

•

Occasional overnight travel as necessary to attend team meetings, meet with employees, support compliance activities, provide or receive training, and support remote systems. After hours response may be required for critical issues requiring management attention.

•

Comprehensively understand interrelationships and dependencies between business processes and functions, both internal and external to the company, and the associated impact on the effectiveness of the control environment with minimal assistance and oversight.

Additional Responsibilities:

•

Be actively engaged in industry forums and venues related to various Compliance topics; make recommendations to management at all levels to ensure that appropriate levels of compliance are maintained.

•

Work directly with non-IT compliance professionals such as legal, audit and corporate compliance to ensure organizational alignment.

•

Review compliance certifications including SOC1, SOC2 and ISO 27000. Provide guidance and mitigation controls based on the results of the review.

What Is Required: All Levels:

•

Bachelor's Degree IT, Business Administration, Compliance, Risk Management, Security, Information Technology, or similar role or equivalent combination of education and experience.

•

Experience in planning, organizing, and developing information technology policies, procedures and practices.

•

Certified Information Systems Auditor (CISA) or the ability to obtain CISA within 1 Year.

Level II:

•

Minimum of 3 years of experience in information technology, compliance, audit or similar role.

Senior:

•

Minimum of 5 years of experience in information technology, compliance, audit or similar role.

What Is Desired:

•

Strong understanding of internal controls, specifically IT General Controls (ITGC), CIS Controls and NERC CIP.

•

Broad knowledge and understanding of Information Technology concepts and IT and Business security controls, and processes. Ability to understand, comprehend and communicate technology. Demonstrated understanding of data processing, hardware platforms, operating systems, databases and enterprise software applications.

•

Knowledge of applicable state and federal regulations, including Sarbanes Oxley, NERC CIP requirements and TSA guidelines.

•

Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.

This description is not intended to be an all-inclusive list of responsibilities, duties, and requirements for employees in this position. Job descriptions may and do change periodically. Where positions are covered by a collective bargaining unit agreement, the terms and conditions of the agreement will apply.

About our Company: We are a customer, growth and safety focused utility company that is dedicated to our communities. We improve life with energy as an energy partner of choice. Our diverse culture fuels unique perspectives, opening doors to new insights and possibilities. Based in Rapid City, South Dakota, we have over 3000 employees and serve 1.3 million natural gas and electric utility customers across eight states (South Dakota, Montana, Wyoming, Colorado, Nebraska, Iowa, Kansas, and Arkansas).

Enjoy our Comprehensive Benefits Package! Annual discretionary bonuses, 401(k) (6% company match and up to 9% company retirement contribution), tuition reimbursement, generous paid time off benefits, including paid holidays and parental leave, company paid life insurance and disability benefits (short and long term), an employee assistance program and well-being benefits, and competitive medical, dental and vision insurance.

Candidates must successfully pass a pre-employment drug screen and background check. If there is anything that may show up in these reports that may conflict with the position requirements, feel free to contact the Black Hills Energy recruiting team at jobs@blackhillscorp.com.

Black Hills Energy does not sponsor applicants for work visas. All applicants must be legally authorized to work in the US.

We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or status as a protected veteran. If you require reasonable accommodation, please visit careers.blackhillsenergy.com for more information.

Similar Jobs