Gov Risk

Overall Purpose:

The Information Security Governance, Risk, and Compliance ("GRC") team is responsible for ensuring that Duquesne Light's information security objectives are met. This group focuses on compliance with the company's IT and Information Security policies and procedures.

Job Responsibilities:

• Develop, enhance and maintain information systems, platforms and IT operating compliance procedures and processes.
• Ensure timely completion of various Information Security compliance deliverables including: risk assessment, remediation, and compliance efforts including documentation reviews, recovery exercises, asset baselines and user reviews
• Monitor metrics that measure the IT and Information Security Framework
• Track and ensure adequate and timely resolutions to all audit/review issues relating to security.
• Assist with execution and tracking of the 3rd party vendor risk assessment program.
• Utilize analytical skills to assist in developing future strategies to resolve compliance issues.
• Prepare for and support compliance audits conducted by internal resources, consultants or regulatory organizations.
• Provide Information Security risk advisory and consultative services to internal customers, including IT, business, and risk and compliance stakeholders.
• Provide guidance to other operational staff, including training to new project managers and other employees in completion of compliance practices and procedures.

Education/Experience:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related discipline required.
• Two (2+) or more years of relevant experience required.

Skills and Abilities Utilized in this Role Include:

• Excellent verbal and written communication skills
• Ability to work collaboratively within various levels of the Company and across all disciplines
• Ability to coordinate and prioritize multiple tasks
• Strong organizational skills
• Strong attention to detail
• Experience with SQL, Powershell

Must possess a positive attitude and strong values that fit with DLC’s core values:

• Energized to shape the future;
• Bold in thinking and exploration of new possibilities;
• Collaborative in approaching all challenges;
• Responsible in commitment to safety, management of assets and finances and interaction with others;
• Selfless in serving the community, both on the job and through volunteerism.

Scope:

Primary focus is on daily deliverables, outputs and reporting. Typically accountable for managing one’s own time and workflow. Responsible for using prescribed guidelines to analyze situations and solve problems. Work is typically of moderate complexity, requiring the incumbent to draw on previous knowledge to perform role. Continues to build knowledge base and develop capabilities by partnering with more experienced staff as needed

Decision Impact:

Problems and issues faced are vague but may be recognizable based on past experience. Accountable for some direct level of reasoning and decision making in straightforward situations based on precedents.

Hybrid Work:

Position follows our hybrid work model, with a minimum of two days working in the office and the remaining days working remotely. Reporting location and frequency may be subject to change based on job role and department needs.

Storm Roles:

All Non-Union Employees will serve in storm roles as appropriate to their role and skillset. Please be sure to discuss storm roles with the hiring manager for this position, as duties can vary across the Company. Examples of storm roles could include but aren’t limited to duties such as: working with operations for service center support or with the communications, customer service or government affairs teams to respond to public and customer requests for information, etc.

Data Governance:

Utilize data to make business decisions as appropriate for the position, support data stewardship activities and partner with IT on underlying data needs.

Disclaimer:

The above information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.