
Information Security Compliance Analyst
Eagle Creek Renewable EnergyBadin, North Carolina
Automate your job search with Sonara.
Submit 10x as many applications with less effort than one manual application.1
Reclaim your time by letting our AI handle the grunt work of job searching.
We continuously scan millions of openings to find your top matches.

Overview
Schedule
Full-time
Career level
Senior-level
Remote
On-site
Job Description
About the role: Eagle Creek Renewable Energy is seeking an experienced Information Security Compliance Analyst to join our team and help safeguard our organization's regulatory standing and the security of the critical generation assets across our fleet of hydropower facilities. The ideal candidate will have a strong background in monitoring network security, investigating breaches, and implementing strategies to maintain a secure environment in support of regulatory compliance, with the ability to translate complex requirements into clear, defensible, and well-documented controls. In addition, knowledge and experience with NERC CIP and NIST standards are essential for this role.What You’ll Do:
- Monitor networks for security breaches: Proactively monitor our organization's networks and systems to identify and respond to any security breaches or suspicious activities. Implement necessary measures to mitigate risks and ensure the integrity and confidentiality of our information. Conduct thorough investigations into security incidents, document findings, and create detailed reports for management. Collaborate with relevant teams to address identified vulnerabilities and recommend improvements to prevent future incidents.
- Monitor regulatory change and perform gap analysis: Stay up to date with new and revised NERC standards, FERC orders, and relevant guidance, and assess their impact on our organization. Conduct gap analyses against current practice and translate regulatory change into actionable requirements for IT, security, and facility teams, tracking remediation to completion.
- Develop and test internal controls and policies: Develop, maintain, and test internal controls and policies that demonstrate sustained compliance rather than point-in-time conformance.
- Collaborate cross-functionally and report compliance status: Partner within IT and with operational technology and facility personnel to ensure controls are implemented, documented, and audit-ready. Produce compliance status reporting, metrics, and KPIs for leadership, and support incident reporting and recovery documentation requirements.
- Support operational security and incident response: Support day-to-day security monitoring, vulnerability management, and the investigation of and response to security incidents, and help review proposed changes to systems and infrastructure for both security and compliance impact.
- Education and Experience:
- Bachelor’s degree in information security, information systems, business, engineering, or a related field, or equivalent experience.
- Proven experience in regulatory compliance, audit, GRC, or internal controls, ideally in electric utility, energy, or another regulated or critical-infrastructure environment.
- Working knowledge of the NERC CIP compliance lifecycle, including self-certification, self-reporting, mitigation, and audit.
- Compliance and Regulatory Knowledge:
- In-depth knowledge of security technologies, such as firewalls, intrusion detection systems, antivirus software, encryption methods, and vulnerability scanning tools.
- Familiarity with industry security standards and frameworks, including NERC CIP and NIST.
- Analytical Skills:
- Excellent analytical and problem-solving abilities to translate regulatory requirements into practical, defensible controls.
- Ability to assess complex, multi-site environments and identify compliance gaps and risks.
- Communication and Collaboration:
- Strong written communication and documentation discipline to produce audit-ready evidence and clear compliance reporting.
- Ability to collaborate and work cross-functionally with teams such as IT, operational technology, physical security, legal, and management.
- Certifications (preferred):
- Certified Information Systems Security Professional (CISSP).
- Certified Information Systems Auditor (CISA).
- Certified in Risk and Information Systems Control (CRISC).
- Global Industrial Cyber Security Professional (GICSP) or NERC CIP compliance training.
Automate your job search with Sonara.
Submit 10x as many applications with less effort than one manual application.

FAQs About Information Security Compliance Analyst Jobs at Eagle Creek Renewable Energy
What is the work location for this position at Eagle Creek Renewable Energy?
This job at Eagle Creek Renewable Energy is located in Badin, North Carolina, according to the details provided by the employer. Some roles may also include multiple work locations depending on the requirement.
What pay range can candidates expect for this role at Eagle Creek Renewable Energy?
Employer has not shared pay details for this role.
What employment applies to this position at Eagle Creek Renewable Energy?
Eagle Creek Renewable Energy lists this role as a Full-time position.
What experience level is required for this role at Eagle Creek Renewable Energy?
Eagle Creek Renewable Energy is looking for a candidate with "Senior-level" experience level.
What is the process to apply for this position at Eagle Creek Renewable Energy?
You can apply for this role at Eagle Creek Renewable Energy either through Sonara's automated application system, which helps you submit applications 10X faster with minimal effort, or by applying manually using the direct link on the job page.