Job Description

WEC Energy Group is one of the nation’s largest electric generation, distribution and natural gas delivery holding companies. We employ over 7,000 people in our energy companies and service subsidiaries. As a Fortune 500 company, we value and develop our employees who are making a difference in a mission that matters.

WBS, a subsidiary of WEC Energy Group, is seeking a Principal IT Solutions Analyst - Enterprise Security GRC in our Milwaukee, Wisconsin location. This position offers flexibility for a hybrid work arrangement (remote/on-site) with time spent in the Milwaukee office on a regular basis.

The Principal IT Solutions Analyst, Enterprise Security GRC is an expert level position that combines strong technical skills and broad business awareness to lead technology design and implementation. This position leads a team of Governance Risk and Compliance (GRC) professionals who inform WEC’s cyber risk strategy, provide risk management, concept development, project execution, administration, monitoring, support and restoration of the cybersecurity GRC solution.

• Keep up-to-date with emerging cybersecurity risk trends and issues; and understand business related cybersecurity risks and support requirements to support the Enterprise Security and Compliance leadership in developing strategic plans and governance/risk/compliance requirements.
• Collaborate with stakeholders to implement enterprise-wide cybersecurity compliance through strategy development, controls definition and standards compliance monitoring.
• Facilitate accountability in cybersecurity performance and outcomes through metrics data collection, reporting and standards monitoring.
• Define KPIs to measure enterprise-wide security effectiveness and support program governance.
• Work with cross organizational governance/coordination team to monitor performance and cyber security outcomes.
• Support planning for cybersecurity initiatives and oversight of initiatives/projects budget/scope/schedule.
• Identify and develop mitigation plans on cybersecurity GRC project issues, risks and impacts.
• Identify regulatory, legislative, and industry specific compliance requirement processes (i.e. NIST, NERC CIP, TSA) that can be enhanced through common GRC solution, in collaboration with the respective compliance teams. 
• Develop, implement and provide oversight of the Enterprise Security GRC solution platform including use case and work flow standards to support performance metrics, third party cyber controls review and security exception management.
• Develop and oversee 3rd party cybersecurity assessment process, privileged user request process, and exception management process for cybersecurity policies, tools and architecture.
• Define and manage an enterprise-wide cybersecurity GRC awareness and training program to drive desired security behaviors across the WEC employee population, and create or acquire core program content.

• Bachelor's Degree 
• Minimum of 8 years in an information systems support role and experience in an occupation requiring project leadership with a wide range of experiences 
• Strong technical understanding of application development practices and strong analytical skills

• Bachelor’s Degree in Computer Science, MIS, Business Management or Engineering 
• Certified Information System Security Professional (CISSP)
• Demonstrated leadership skills
• Experience with information security program focused on NIST CSF, NERC CIP compliance and TSA compliance

Job Tags

Similar Jobs