Eagle Creek Renewable Energy LLC

Information Security Compliance Analyst

Eagle Creek Renewable Energy LLC  •  Badin, PK (Onsite)  •  4 days ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

About the role: Eagle Creek Renewable Energy is seeking an experienced Information Security Compliance Analyst to join our team and help safeguard our organization's regulatory standing and the security of the critical generation assets across our fleet of hydropower facilities. The ideal candidate will have a strong background in monitoring network security, investigating breaches, and implementing strategies to maintain a secure environment in support of regulatory compliance, with the ability to translate complex requirements into clear, defensible, and well-documented controls. In addition, knowledge and experience with NERC CIP and NIST standards are essential for this role.

What You’ll Do:
  • Monitor networks for security breaches: Proactively monitor our organization's networks and systems to identify and respond to any security breaches or suspicious activities. Implement necessary measures to mitigate risks and ensure the integrity and confidentiality of our information. Conduct thorough investigations into security incidents, document findings, and create detailed reports for management. Collaborate with relevant teams to address identified vulnerabilities and recommend improvements to prevent future incidents.
  • Monitor regulatory change and perform gap analysis: Stay up to date with new and revised NERC standards, FERC orders, and relevant guidance, and assess their impact on our organization. Conduct gap analyses against current practice and translate regulatory change into actionable requirements for IT, security, and facility teams, tracking remediation to completion.
  • Develop and test internal controls and policies: Develop, maintain, and test internal controls and policies that demonstrate sustained compliance rather than point-in-time conformance.
  • Collaborate cross-functionally and report compliance status: Partner within IT and with operational technology and facility personnel to ensure controls are implemented, documented, and audit-ready. Produce compliance status reporting, metrics, and KPIs for leadership, and support incident reporting and recovery documentation requirements.
  • Support operational security and incident response: Support day-to-day security monitoring, vulnerability management, and the investigation of and response to security incidents, and help review proposed changes to systems and infrastructure for both security and compliance impact.
What Skills and Experience You’ll Need:
  • Education and Experience:
    • Bachelor’s degree in information security, information systems, business, engineering, or a related field, or equivalent experience.
    • Proven experience in regulatory compliance, audit, GRC, or internal controls, ideally in electric utility, energy, or another regulated or critical-infrastructure environment.
    • Working knowledge of the NERC CIP compliance lifecycle, including self-certification, self-reporting, mitigation, and audit.
  • Compliance and Regulatory Knowledge:
    • In-depth knowledge of security technologies, such as firewalls, intrusion detection systems, antivirus software, encryption methods, and vulnerability scanning tools.
    • Familiarity with industry security standards and frameworks, including NERC CIP and NIST.
  • Analytical Skills:
    • Excellent analytical and problem-solving abilities to translate regulatory requirements into practical, defensible controls.
    • Ability to assess complex, multi-site environments and identify compliance gaps and risks.
  • Communication and Collaboration:
    • Strong written communication and documentation discipline to produce audit-ready evidence and clear compliance reporting.
    • Ability to collaborate and work cross-functionally with teams such as IT, operational technology, physical security, legal, and management.
  • Certifications (preferred):
    • Certified Information Systems Security Professional (CISSP).
    • Certified Information Systems Auditor (CISA).
    • Certified in Risk and Information Systems Control (CRISC).
    • Global Industrial Cyber Security Professional (GICSP) or NERC CIP compliance training.
Eagle Creek Renewable Energy LLC

About Eagle Creek Renewable Energy LLC

Eagle Creek Renewable Energy was founded in 2010 to acquire, enhance and operate small hydroelectric power facilities. Eagle Creeks’ facilities provide clean energy to electricity consumers in North America while allowing recreational opportunities and protecting historical resources and the environment. Eagle Creek currently owns and operates eighty-six hydroelectric facilities representing approximately 640 megawatts of capacity across the United States. Eagle Creek also has ownership interests equivalent to approximately 12 megawatts in fourteen other hydroelectric facilities and two solar facilities in New England.

Eagle Creek is a privately-owned entity and is wholly-owned subsidiary of Ontario Power Generation.

In November 2018, Ontario Power Generation (OPG) acquired Eagle Creek from Hudson Clean Energy Partners, Power Energy Corporation and its other previous investors. On October 8, 2019, Ontario Power Generation announced the finalization of the acquisition of Cube Hydro Partners and Helix Partners (collectively, Cube Hydro) from I Squared Capital. The two companies are now merging into one, operating under the Eagle Creek Renewable Energy Name.

Eagle Creek continues to seek opportunities to acquire hydroelectric facilities and improve them to increase clean power production, operate them in harmony with the environment and enhance the value of the company's hydroelectric portfolio for its investor, employees, host communities and all stakeholders in the projects.

Industry
Energy & Utilities
Company Size
51-200 employees
Headquarters
Bethesda, MD
Year Founded
2010
Social Media