Cyber GRC Analyst II

At Cleco, we're not just poweringlives-we're powering a cleaner, smarter future for Louisiana.With bold investments in innovativeenergysolutions, we're transforminghow we power ourcommunities: smarter, cleaner, and more sustainable.This is a long-term commitmentto our people and our communities because our future-and the future of generations to come-depends on it. If you're ready to make an impact where it matters most, join us at Cleco-where we're Energizing Your Tomorrow.

The Cyber GRC Analyst II is an experienced professional with some knowledge of and experience with IT General Control (ITGC) principles, practices, concepts, and theories. Tests adherence to Cleco's information security policies, standards, and procedures. Ensures Cleco's IT governance processes are properly designed and functioning effectively, and the organization maintains its compliance with all applicable legal, regulatory, and contractual requirements. Responsible for ensuring the effectiveness of all IT General Controls (ITGCs). Serve as a direct point of contact between IT and internal / external auditors to provide leadership in managing auditing activities, requests and developing responses to audit findings. Responsible for the completion of assigned processes or activities, requiring interpretation of ITGC practices. Contributes to identifying improvements to ITGC activities and procedures. Assists in the development and onboarding of entry-level employees with cyber security responsibilities through coaching, mentoring and knowledge sharing.

Key Responsibilities

• Champions a corporate culture that emphasizes transparency, integrity, safety, environmental responsibility, employee development, diversity and inclusion, customer service, and operational excellence.

• Provides technical execution of defined activities to support the delivery of project initiatives required to achieve efficiency, effectiveness, and innovation objectives.

• Achieves results by autonomously owning and executing ITGC activities as defined by manager.

• Supports agile projects through application of defined ITGC approaches.

• Utilizes ITGC standards, procedures, and processes, providing recommendations for process improvements, as necessary.

• Supports the escalation of any risk to delivery for ITGC, to help ensure business objectives are executed and met across responsible project areas.

• Escalate issues to management, as necessary.

• Assess IT compliance with Cleco's policies and standards and take action to remediate non-compliance.

• Ensure that Cleco's practices satisfy the requirements of the Sarbanes-Oxley Act.

• Ensure that Cleco is properly evaluating security risks through a risk assessment framework that assesses the potential impact of threats to the business and Cleco's vulnerability to these threats and recommended controls to reduce risks to levels that align with the organization's risk tolerances and appetite.

• Work collaboratively with all Cleco departments to ensure that local practices are consistent with corporate information security policies and standards.

• Identify compliance objectives and mapped program deliverables to the requirements.

• Participate in Cleco's business continuity planning and disaster recovery planning programs as well as periodic exercises and tests.

• Collect information for generating and communicating responses to customer due diligence requests and questionnaires.

• Assist in Cleco's vendor management / third party service provider oversight program and conduct initial vendor due diligence as well as ongoing vendor reviews.

• Conduct and document an annual enterprise risk assessment as well as ad hoc project risk assessments

• Assist entry-level staff within assigned project teams, leveraging technical experience to help to onboard them and in support of meeting project milestones.

• Provide communication to management to provide status updates on project activities, and identify risks in delivery or resourcing needs

Qualifications
Required Education, Skills & Experience

• Bachelor's degree in Computer Science, Information Technology, or related field preferred

• 3-5+ years of related experience

• Security Certification required (CISA, CRISC, applicable SANS certification, or equivalent/higher certification) or obtainment within one year of assuming position

• Step progression levels based on skill proficiency and scope of job.

• Strong business acumen pertaining to the Utility industry

• Strong knowledge of leading GRC practices

• Strong planning and project management skills

• General understanding for IT profit and loss targets and operating budget.

• Willingness and ability to learn new technologies on the job

• Proficient at functioning effectively within a team environment, present ideas and opinions in a respective and collegial manner

• Progression to this level is strictly restricted based on critical individual capabilities and business requirements; must be supported by market survey data.

Licenses and Certifications

Key Competencies
BEHAVIORAL

• Balances stakeholders

• Builds effective teams

• Business insight

• Communicates effectively

• Courage

• Demonstrates self-awareness

• Drives Results

• Drives vision and purpose

• Ensures Accountability

• Instills trust

• Nimble learning

• Plans and Aligns

• Safety

• Strategic mindset

TECHNICAL

• Analytical skills

• Compliance

• Computer Skills

• Business Partnering

• Application Development

• Architecture

• Business Requirements Analysis

• Database Administration

• Hardware Management

• IT Data Management

• IT Implementation and integration

• IT Support

• IT Testing

• Network/IT Security

May perform other duties as assigned.

Salary dependent on experience, skills, education, and training.