Program Manager - Energy Services Government Oversight

Third level of the Cybersecurity Governance & Risk Analyst classification hierarchy. Employees at this level solve more complex problems, in multiple areas of specialization, with general supervision.

• Develop interpretations of Federal Compliance Programs (i.e. NERC CIP, TSA, DFARS) using a variety of inputs such as regulatory guidance and industry benchmarking to produce unambiguous descriptions of compliance obligations for internal stakeholders to use as guidance for implementation
• Develop modifications to the Federal Compliance Programs for cybersecurity policy that are triggered by: new and/or changing Compliance Requirements, newly published guidance from regulators, and by internal requests for improvements
• Prepare evidence and review reports on the results of internal reviews of compliance evidence, including categorization of findings and recommendations to be addressed
• Perform Evidence Reviews
• Support implementations of technologies to augment Duke Energy"s Federal Compliance Programs to drive consistency, efficiency, and sustainability in the pursuit of both compliance and operational goals
• Perform internal consulting with business area personnel to ensure that they understand, plan for, and implement compliance requirements
• Perform training, change management, and communication support for ongoing compliance activities
• Influence and improve awareness of new compliance requirements development through industry and regulatory interaction
• Demonstrates working knowledge of IT/OT and Cybersecurity policy, standards, processes, controls and functional areas, in relation to the NIST framework and other industry accepted standards:
• Competent in the use of IT/OT and Cybersecurity tools, procedures, and research capabilities
• Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure they provide the intended level of protection.
• Perform or assist in security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in risk mitigation strategy.
• Perform, assist in and/or analyze cyber defense trend reporting
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
• Assist in the assessment of the effectiveness of security controls
• Collaborate with Cybersecurity leadership and architects to make sure security technologies, processes, and people align with Duke"s strategic plan and budget
• Influence Duke"s security standards, security baselines, performance metrics, plan, and initiate periodic performance reviews for the cybersecurity architecture and assessment team and vendors
• Communicates with customers to understand compliance requirements
• Communicates problems and resolutions to manager and/or customers
• Provides input on process improvements to IT/OT compliance program
• Communicate compliance information in a clear and concise manner