Manager Cybersecurity Compliance

PLEASE NOTE:  this is a Hybrid role - on premise three times a week to one of our local offices in Louisville, KY; Allentown, PA or Providence, RI.

The Cybersecurity organization advances the overall state of security at PPL through critical initiatives and coordination of large security and customer-focused projects. The organization builds and procures technologies, tools, and processes to better enable teams at PPL to develop secure platforms and protect data and systems with appropriate security controls. IT Cybersecurity also develops systems to monitor and respond to attacks against our systems, provides educational awareness on security best practices, and ensures data sharing relationships with third parties securely protect PPL information.

The Manager-Cybersecurity Compliance leads a motivated cybersecurity team responsible for developing and implementing policies, procedures, technologies, and programs to maintain, demonstrate and improve IT security compliance. Working closely with the business and IT organization, implement and maintain compliance programs for IT NERC Critical Infrastructure Protection (CIP) Reliability Standards, Sarbanes-Oxley (SOX) Controls & Regulatory Compliance for the IT department, the Transportation Security Administration (TSA) security directive for natural gas pipeline security, and other cybersecurity compliance regulations, directives, and frameworks. This position is a manager level, requiring a senior compliance person with experience in negotiation, policy creation and advocacy. #INDPPL  LI-Hy

• Drives the creation and implementation of the compliance strategic direction, including the development and maintenance of the IT Cybersecurity compliance programs for NERC CIP, SOX and TSA to mitigate the company’s cybersecurity related regulatory compliance risks.
• Provides advice and counsel to other business and operations organizations in cybersecurity regulatory compliance requirements, including standards, policies, procedures and controls.
• Drives complex problem analysis and makes recommendations for how to advance PPL’s cybersecurity compliance profile and culture with a team of motivated individuals.
• Leads or assists team members in the identification, investigation and resolution of non-compliance incidents.
• Provides oversight in developing, implementing, and evaluating project plans, goals, and timelines for the implementation of internal controls across all applicable standards.
• Balances security best practices and business drivers against framework requirements, business risk, and impact to make recommendations that minimize PPL’s risk profile.
• Leads teams in regulatory audits, spot-checks, and self-certifications including mock audits.
• Assists in preparing for compliance audits where responsibilities include developing Reliability Standard Audit Worksheets (RSAWs) and compiling supporting evidentiary documentation.
• Oversees and coordinates event and root cause analysis to identify gaps in controls including advising and supporting management in defining appropriate remedial actions and tracking.
• Collaborates with applicable business areas and with IT groups to identify and implement technologies to automate or streamline compliance monitoring, reporting processes, or workflow automations.
• Remains vigilant to new compliance concerns and partners with others, as necessary, to assist with events as they arise.
• Develops and updates IT policies and procedures to provide oversight and guidance in regard to compliance responsibilities.
• Prepares and delivers metrics, briefings, and training to represent the cybersecurity compliance program.
• Tracks developments and participates with general and industry groups, monitors evolving cybersecurity regulatory landscape, may participate in industry cybersecurity standards development.

Basic Qualifications:

• Bachelor's degree.
• 8 or more years of experience in IT Audit, Compliance, Cybersecurity or related field.
• Two or more years of formal leadership experience.
• Experience with NERC CIP or SOX regulatory requirements, such as standards development, controls framework development, or compliance.
• Experience with applying compliance frameworks, to successfully comply with security policies, standards, and guidelines.
• Proven experience establishing, managing, and validating compliance requirements with internal and external parties.
• Experience creating, implementing, and documenting internal processes and technology to drive compliance, efficiency, and education.
• Experience in examining and evaluating internal controls based on regulatory requirements to ensure adherence to the requirements is performed.
• Effective written, verbal, and interpersonal communication skills along with outstanding attention to detail with dedication to encouraging a culture of compliance and security.
• Critical thinking skills with the ability to identify and solve complex problems.
• Working knowledge of security related frameworks and activities including, but not limited to, NIST Cybersecurity Framework, SOC 1, SOC 2, etc.

Preferred Qualifications:

• Experience in developing and implementing NERC CIP or SOX compliance practices and processes.
• Related work experience leading, building, and supporting compliance programs as a technical resource and owner that champions the vision for process improvements.
• Experience in developing and implementing IT Cybersecurity governance practices and processes.
• Knowledge and experience with Information Technology (IT) and Operational Technology (OT) equipment and infrastructure.
• Master's degree in related technical discipline or MBA degree.
• Relevant technical and security certifications such as CISSP, CISM, CISA, CCSP.