Sr. (Lead) Compliance Analyst

Flexible Work Arrangement: Hybrid

The Enterprise Information Security (EIS) department is responsible for safeguarding the critical infrastructure, data, and systems at PJM that manage the high-voltage electric grid serving 65 million people. As part of the Security and Business Continuity Division, the team focuses on mitigating cybersecurity threats through risk management, compliance, and strategic partnerships. The EIS Compliance Analyst serves as a NERC CIP subject-matter expert who partners with CIP-007, CIP-010, CIP-011, and CIP-013 compliance function owners in EIS and other departments to drive the successful execution of compliance activities, ensures security controls are met, quality of evidence, while maintaining strong audit readiness and a focus on continuous process improvement. The EIS Compliance Analyst helps compliance function owners as well as technology owners gain clear understanding of internally and externally-defined compliance requirements. The EIS Compliance Analyst also evaluates processes for improvement opportunities, and works with stakeholders to develop and implement those improvements.

This role requires deep experience in both information security as well as supporting NERC CIP compliance functions including audits, conducting compliance investigations, managing mitigation and corrective actions, and producing high-quality written procedures and compliance artifacts. In order to effectively perform these responsibilities, the EIS Compliance Analyst must have effective communications and writing skills, a strong understanding of information security fundamentals and principles, a deep understanding of the NERC CIP compliance requirements and audit processes, and a knowledge of the area of technologies they are assigned to support.

Essential Functions:

• Ensure PJM's compliance with NERC Critical Infrastructure Protection (CIP) standards

• Author, review, and maintain PJM security and compliance standards, procedures, and supporting documentation

• Ensure security and compliance standards, procedures, and supporting documentation are clear, repeatable, auditable, and aligned with operational realities

• Establish documentation standards to improve consistency, clarity, and audit defensibility

• Provide expert written guidance to technical and operational teams on cyber security and compliance expectations

• Partner with compliance function owners, as well as IT and OT cross-functional teams, to embed compliance into day-to-day operations

• Develop and communicate effective strategies for security and compliance practices

• Work with the NERC Compliance and the Internal Audit departments

• Track, manage, and drive closure of the department's compliance related action items

• Identify systemic issues and opportunities for efficiency, clarity, and risk reduction

• Review and approve evidence ensuring high quality, consistency, and repeatability

• Responsible for working with the security leads, security management and individual project teams to architect solutions that meet defined security requirements

• Participate in the definition and maintenance of security and compliance requirements for system and software design

• Provide guidance and mentorship to junior members of the team

• Communicate compliance risks, trends, and program health to leadership in a clear and actionable manner

• Establish and maintain relationships with peer organizations

• Stay abreast of new developments and proposed changes to reliability standards

Characteristics and Qualifications:

Required:

• Bachelor's degree in Computer Science, Computer Engineering, Information Technology or equivalent work experience

• At least 10 years of experience years experience working in a regulated industry as an information/cyber security compliance role.

• Ability to produce high-quality work products with attention to detail

• Ability to communicate effectively in a team environment

• Experience in quantitative and qualitative analysis

• Experience using verbal and written communications skills

• Ability to use Microsoft Office Suite (MS-Word, MS-Excel and MS-PowerPoint)

Preferred:

• MBA degree

• Experience with PJM operations, markets, and planning functions

• Experience supporting any of PJM Committees