Information Security Compliance Analyst

Eagle Creek Renewable Energy LLC

$70K — $95K *
Badin, NC 28009In-Person
Energy & Utilities
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in information security, information systems, business, engineering, or related field
  • Experience in regulatory compliance, audit, GRC, or internal controls in regulated environments
  • Working knowledge of the NERC CIP compliance lifecycle
  • In-depth knowledge of security technologies like firewalls and intrusion detection systems
  • Strong analytical and problem-solving skills with the ability to assess compliance gaps
  • Excellent written communication and documentation capabilities
  • Ability to collaborate cross-functionally with diverse teams

Responsibilities

  • Monitor networks for security breaches and respond to suspicious activities
  • Perform gap analysis on regulatory changes and their impact on compliance
  • Develop, maintain, and test internal controls and policies for compliance
  • Collaborate with IT and operational teams to ensure audit-ready documentation
  • Support day-to-day security monitoring and incident response to security incidents

Benefits

  • Comprehensive health benefits package
  • 401(k) plan with company match
  • Professional development opportunities
  • Flexible work arrangements
  • PTO and paid holidays
Full Job Description
About the role: Eagle Creek Renewable Energy is seeking an experienced Information Security Compliance Analyst to join our team and help safeguard our organization's regulatory standing and the security of the critical generation assets across our fleet of hydropower facilities. The ideal candidate will have a strong background in monitoring network security, investigating breaches, and implementing strategies to maintain a secure environment in support of regulatory compliance, with the ability to translate complex requirements into clear, defensible, and well-documented controls. In addition, knowledge and experience with NERC CIP and NIST standards are essential for this role.

What You'll Do:
  • Monitor networks for security breaches: Proactively monitor our organization's networks and systems to identify and respond to any security breaches or suspicious activities. Implement necessary measures to mitigate risks and ensure the integrity and confidentiality of our information. Conduct thorough investigations into security incidents, document findings, and create detailed reports for management. Collaborate with relevant teams to address identified vulnerabilities and recommend improvements to prevent future incidents.
  • Monitor regulatory change and perform gap analysis: Stay up to date with new and revised NERC standards, FERC orders, and relevant guidance, and assess their impact on our organization. Conduct gap analyses against current practice and translate regulatory change into actionable requirements for IT, security, and facility teams, tracking remediation to completion.
  • Develop and test internal controls and policies: Develop, maintain, and test internal controls and policies that demonstrate sustained compliance rather than point-in-time conformance.
  • Collaborate cross-functionally and report compliance status: Partner within IT and with operational technology and facility personnel to ensure controls are implemented, documented, and audit-ready. Produce compliance status reporting, metrics, and KPIs for leadership, and support incident reporting and recovery documentation requirements.
  • Support operational security and incident response: Support day-to-day security monitoring, vulnerability management, and the investigation of and response to security incidents, and help review proposed changes to systems and infrastructure for both security and compliance impact.
What Skills and Experience You'll Need:
  • Education and Experience:
    • Bachelor's degree in information security, information systems, business, engineering, or a related field, or equivalent experience.
    • Proven experience in regulatory compliance, audit, GRC, or internal controls, ideally in electric utility, energy, or another regulated or critical-infrastructure environment.
    • Working knowledge of the NERC CIP compliance lifecycle, including self-certification, self-reporting, mitigation, and audit.
  • Compliance and Regulatory Knowledge:
    • In-depth knowledge of security technologies, such as firewalls, intrusion detection systems, antivirus software, encryption methods, and vulnerability scanning tools.
    • Familiarity with industry security standards and frameworks, including NERC CIP and NIST.
  • Analytical Skills:
    • Excellent analytical and problem-solving abilities to translate regulatory requirements into practical, defensible controls.
    • Ability to assess complex, multi-site environments and identify compliance gaps and risks.
  • Communication and Collaboration:
    • Strong written communication and documentation discipline to produce audit-ready evidence and clear compliance reporting.
    • Ability to collaborate and work cross-functionally with teams such as IT, operational technology, physical security, legal, and management.
  • Certifications (preferred):
    • Certified Information Systems Security Professional (CISSP).
    • Certified Information Systems Auditor (CISA).
    • Certified in Risk and Information Systems Control (CRISC).
    • Global Industrial Cyber Security Professional (GICSP) or NERC CIP compliance training.

Similar Jobs

More Jobs at Eagle Creek Renewable Energy LLC

  • Corporate Counsel
    $90K — $130K *
    Boston, MA 02115 (Suffolk County)
    Energy & Utilities
    In-Person
  • Information Security Compliance Analyst
    $70K — $95K *
    Badin, NC 28009 (Stanly County)
    Energy & Utilities
    In-Person
  • Regional Manager
    $75K — $95K *
    Menominee, MI 49858 (Menominee County)
    Energy & Utilities
    In-Person
  • Maintenance Manager
    $75K — $95K *
    Livermore Falls, ME 04254 (Androscoggin County)
    Energy & Utilities
    In-Person
  • Maintenance Manager
    $75K — $95K *
    Livermore, ME 04253 (Androscoggin County)
    Energy & Utilities
    In-Person

More Energy & Utilities Jobs

Find similar Information Security Compliance Analyst jobs: