Gov Risk & Comp Analyst II

About the position

Duquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been at the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. The company continues its role as a leader in the transmission and distribution of electric energy, providing a secure supply of reliable power to more than half a million customers in southwestern Pennsylvania. The Information Security Governance, Risk, and Compliance ("GRC") team is responsible for ensuring that Duquesne Light's information security objectives are met. This group focuses on compliance with the company's IT and Information Security policies and procedures. The position of Gov Risk & Comp Analyst II involves developing, enhancing, and maintaining information systems, platforms, and IT operating compliance procedures and processes. The analyst will ensure timely completion of various Information Security compliance deliverables, including risk assessments, remediation, and compliance efforts such as documentation reviews, recovery exercises, asset baselines, and user reviews. Additionally, the role requires monitoring metrics that measure the IT and Information Security Framework and tracking resolutions to all audit/review issues relating to security. The analyst will assist with the execution and tracking of the 3rd party vendor risk assessment program and utilize analytical skills to develop future strategies to resolve compliance issues. Preparing for and supporting compliance audits conducted by internal resources, consultants, or regulatory organizations is also a key responsibility. The analyst will provide Information Security risk advisory and consultative services to internal customers, including IT, business, and risk and compliance stakeholders, and will guide operational staff, including training new project managers and other employees in compliance practices and procedures.