This position will be located at our Corporate Headquarters in Rapid City, South Dakota. Please see additional location and relocation plan details below.
Provide support for IT Risk procedures and processes to document and assess risk in IT for Third Party and Asset related risks through working with all levels of the organization to obtain the proper inputs for the assessments. The ideal candidate for this position is a proven problem solver and integrator of people and processes, as well as an effective internal consultant. The risk assessor must also possess solid domain competencies in a number of IT-risk-related disciplines, including information technologies, security, business continuity management, privacy and compliance.
SALARY GRADE: $62,850-$94,200 (Determined by the knowledge, skills and abilities of the applicant.)
REPORTING RELATIONSHIP: Manager IT Risk Management
LOCATION: Our Corporate Headquarters in Rapid City, South Dakota
To learn more about our locations, please visit the locations page on our career website.
Relocation assistance is available for this position! Package is based on distance/complexity of the move, and individual circumstances. Contents of our relocation program are subject to change and may vary based on position.
ESSENTIAL JOB FUNCTIONS:
Provide assessment, monitoring and coordination support for Policies and Controls related risk activities for the entire BHE IT organization
Perform or assist with Third Party IT Risk Assessments
Perform or assist with IT Risk assessments on various assets both inside IT and in other departments
Review and analyze the effectiveness of Black Hills Corporation's IT control activities and report on them with actionable recommendations and findings
Follow up on findings in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken
Minimum of three years of IT experience in IT risk management or a related discipline (for example, security, privacy, business continuity management, audit or compliance) is required
Bachelor's Degree in Science with a focus on IT or IT-risk-related disciplines (for example, security, privacy, business continuity management and compliance) or equivalent combination of education and experience, required.
Basic knowledge of a broad range of standards and frameworks - for example, International Standards Organization (ISO) 27K series, IT Infrastructure Library and ISO 20000, NIST SP 800 Series, NIST Cyber Security Framework, Capability Maturity Model Integration and CIS Top 20 Controls.
Excellent oral and written communication skills, including the ability to explain technology solutions in business terms, establish rapport and persuade others.
Knowledge of the regulated utility business is desired.
Excellent written and verbal communication skills - including the ability to effectively communicate security and risk-related concepts to technical and nontechnical audiences - and strong interpersonal and collaborative skills.
Strong skills as a negotiator, to facilitate commitment to, and sign-off on, appropriate levels of residual risk from line-of-business managers.
High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity.
High degree of initiative, dependability and ability to work with little supervision.
MENTAL/PHYSICAL REQUIREMENTS AND WORKING CONDITIONS:
The mental and physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Mental Requirements:Ability to understand, remember, apply oral and/or written instructions or other information, and communicate routine factual information. Ability to apply common sense in performing job functions, usually within a set of rules or guidelines.
While performing the duties of this job, the employee is continuously (67% or more) required to: use fingers and hands, communicate, and have close visual acuity. Employee is frequently (34-66%) required to: ascend/descend stairs, position self to access lower items, and move about the office. Employee must be able to operate routine office equipment including computers and similar equipment. Must be able to routinely perform this work for an average of 6-8 hours per day and occasional extended hours as necessary. Must be capable of regular, reliable, and timely attendance.
Specific lifting abilities required by this job include: Light work. The employee is continuously required to stand and walk. Exerting up to 25 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects. If the use of arm and/or leg controls requires exertion of forces greater than that for sedentary work and the worker sits most of the time, the job is rated for light work.
Work environment: Must be able to routinely perform work indoors in climate-controlled shared work area with moderate noise level. Must be capable of occasional travel (less than 10 days per year) by automobile (as driver and passenger), commercial airlines, rental vehicles and public transportation and be able to lodge in public facilities.
Keywords: ITIL, CISSP, CISM, CISA, CRMA, PMI-RMP, CRISC, CGEIT, GRCP
This description is not intended to be an all-inclusive list of responsibilities, duties, and requirements for employees in this position. Job descriptions may and do change periodically. Where positions are covered by a collective bargaining unit agreement, the terms and conditions of the collective bargaining unit agreement will apply.
About our Company: We are a customer focused, growth-oriented utility company that is devoted to our communities. We have a mission to improve life with energy and a vision to be the energy partner of choice. Our diverse culture sparks unique perspectives, opening doors to new ideas and possibilities. Based in Rapid City, South Dakota, we have over 2900 employees and serve 1.2 million natural gas and electric utility customers across eight states (South Dakota, Montana, Wyoming, Colorado, Nebraska, Iowa, Kansas, and Arkansas).
Enjoy our Comprehensive Benefits Package: annual incentive program, 401(k) (6% company match and up to 9% company retirement contribution), tuition reimbursement, paid time off, additional Veteran PTO, military leave differential pay, paid holidays and annual floating holidays, company paid short term and long term disability, paid maternity and paternity benefits, health and wellness program, and competitive medical, dental and vision insurance.
Candidates must successfully pass a pre-employment drug screen and background check.
Black Hills Corporation does not sponsor applicants for work visas. All applicants must be legally authorized to work in the US.
Black Hills Corporation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or status as a protected veteran.
Black Hills Corporation