Overview
Skills
Job Details
Job Title: Technology Security Analyst (Governance, Risk & Compliance)
Location: Jacksonville, FL
Job Type: Contract
Industry: Utilities / Energy
Job Summary:
We are seeking an experienced, detail-oriented, and strategic-thinking Information Security Analyst with a strong background in Governance, Risk, and Compliance (GRC). This role supports cybersecurity initiatives within the utility sector, managing risk, shaping policy, and fostering a culture of compliance and security awareness.
Key Responsibilities:
Monitor, evaluate, and support cybersecurity and regulatory compliance across IT and OT environments.
Assist in third-party risk assessments, vendor security reviews, and contract evaluations.
Develop, maintain, and enforce security policies, standards, and procedures.
Conduct risk assessments and coordinate remediation activities.
Maintain GRC documentation (risk registers, control matrices, incident logs).
Manage audit evidence collection for regulatory audits (NERC CIP, HIPAA, PCI-DSS).
Monitor regulatory changes and enhance compliance programs.
Organize and participate in cybersecurity training and awareness programs.
Collaborate cross-functionally with teams including Engineering, HR, Legal, and Operations.
Analyze security events, maintain asset inventories, and validate security controls.
Liaise with external auditors, vendors, and regulatory bodies.
Required Skills & Competencies:
Knowledge of:
Utility-based network/systems architecture (including ICS/SCADA)
Regulatory standards: NIST CSF, NERC CIP, HIPAA, PCI, FERC, DOE, etc.
Risk management, audit procedures, ITIL, and GRC platforms
Technical Proficiency:
Cloud platforms (Azure, AWS), SaaS/O365
Vulnerability assessment tools (Tenable, Tripwire, etc.)
SIEM tools (Splunk), endpoint protection (TrendMicro, McAfee)
Scripting languages (Python, PowerShell, Regex)
Microsoft Office Suite, SharePoint, and reporting tools
Soft Skills:
Excellent documentation, communication, and collaboration skills
Strong analytical and critical thinking abilities
Professionalism in audit/compliance scenarios
Ability to manage conflict and drive consensus
Minimum Qualifications:
One of the following:
Associate s degree in IT, Cybersecurity, or related field + 4 years of relevant experience
Bachelor s degree in IT, Cybersecurity, or related field + 2 years of relevant experience
6 years of combined education, training, and experience in information security, audit, risk, or IT compliance
Preferred Certifications (Any Two or Equivalent):
DoD 8140 Certifications
GIAC Certifications (e.g., GMON, GPCS)
AWS Cloud Practitioner / Security Specialty / Solutions Architect
Microsoft Azure Fundamentals / Security Engineer / Solutions Architect
CompTIA Security+, Network+
CCNA, CEH, CISSP, MCSE
Experience:
3 5 years in information security/compliance within utilities, energy, or critical infrastructure.
Hands-on experience with tools like Tripwire, McAfee, TrendMicro, Splunk, NetMotion VPN, Tenable, Extrahop.
Broad understanding across security domains such as perimeter, data, application, endpoint, cloud, and ICS security.