Director IT Governance Risk and Compliance (NERC CIP)

Summary

This position reports to the Vice President of the Technology Business Management Office (TBMO) and is responsible for leading and managing Information Technology’s (IT’s) regulatory compliance (NERC CIP) and project governance programs.

This role also oversees, monitors and tracks compliance with responses and deliverables required from IT by enterprise functions including Internal Audit, Enterprise Risk, Reliability Standards & Compliance, and Business Controls and is responsible for developing and maintaining strong relationships with senior leaders in those functions.

In addition, this role manages the Digital Warehouse operations and maintains the governance framework for enterprise content.

Learn more about us, our clean energy technologies and the trend-setting work we’re doing for New York State at NYPA. #LI-JP1

Responsibilities

• Lead the oversight of IT’s NERC CIP compliance. Assess the appropriateness of IT’s regulatory compliance-related rules, controls and policies, identify gaps and, where necessary, formulate proposals for correction.
• Continually identify applicable regulatory and statutory compliance requirements and controls applicable to NYPA’s Information Technology group in partnership and alignment with other business unit compliance functions.
• Establish and maintain, in alignment with the Enterprise Portfolio Management Office (EPMO) and IT Project Delivery, technology project governance framework and controls and ensure documentation (policy, process and procedures) and education of the framework are reviewed and updated as needed.
• Lead IT’s partnership with the Internal Audit, Enterprise Risk Management, and Business Controls teams and act as point for the oversight of IT’s responses and deliverables to those teams in order to reduce risk and comply with corporate governance programs.  
• Lead the Digital Warehouse team ensuring that content and records management (requests, retention, legal FOILs and holds, destruction, etc.) are run effectively in support of enterprise records management goals and requirements.

Knowledge, Skills and Abilities

• Strong management and leadership skills, excellent organization skills and attention to detail.  Ability to collaborate and identify/resolve conflicts or barriers to effective teamwork.
• Excellent interpersonal, verbal/presentation and written communications skills in both technical and non-technical language. 
• Ability to effectively communicate with varying levels of management and staff in both the business and in IT.
• Possess a strong moral code and sense of ethics
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of laws, regulations, and policies as they relate to IT compliance obligations.
• Knowledge of IT governance frameworks and standards such as ITIL, ISO 27001/2 and 55001, PMBOK
• Highly proficient in the use of MS-Office tools (Word, Excel, PowerPoint, Teams, SharePoint), with experience in Power platform tools preferred
• Willingness to obtain compliance related certifications as needed.

Education, Experience and Certifications

• Bachelor’s Degree required; Business, Information Management, Computer Science, or a related field preferred
• Minimum 10 years prior experience in the Information Technology field with exposure to risk management, audit management, project and content governance and compliance 
• Minimum 3 years of people management / leadership experience. 
• Regulatory compliance experience required
• Experience with Health Insurance Portability and Accountability Act (HIPAA)preferred 
• Utility industry experience preferred

Physical Requirements