Job Specifications

This role will work with the Sr Manager Security Governance within Black Hills Energy Enterprise Security department. As part of the security governance and awareness team, this role will help with driving and improving the Black Hills Energy Enterprise Security Program and security risk posture of the company. Additionally, this position will continuingly review, refine, and recommend improvements to the Information Security operating model, enterprise policies, standards, and processes in order to provide reporting and recommendations to the CISO, CIO, and senior leadership.

Pay Range: $75,550 - $113,350 (Determined by the knowledge, skills and abilities of the applicant.) This posting includes the full pay range for this position. Pay is based on a number of factors and may vary depending on job-related knowledge, skills, experience, and internal equity.

Reporting Relationship: Security Governance Senior Manager

Location: Rapid City, SD

Relocation Assistance: Relocation assistance is available based on individual circumstances! Details to be shared during the offer process.

Essential Functions: * Work with the Information Security team to improve the protection of information for the company. * Perform periodic security control assessments and reviews in accordance with security plans. * Design and implement automation to enhance IT Controls or manual processes. * Review, update and develop required security documentation, including Information Security policies and standards. * Perform security testing including review, analysis, and validation of findings, and tracking these to remediation. * Develop and compile metrics, dashboards, and analytics for executive-level audiences, using SQL and/or reporting tools (Excel data function, Excel pivot table, PowerBI). * Stay current on IT compliance trends and news related to security (NIST, Cobit, PCI, SOX, GDPR...) and make recommendations to the security team. * Align Information Security processes with Cyber Security Framework such as CIS, ISO 27001, PCI, NIST. * Support project assignments with strong and effective communication, contributing to success or project through clearly communicated security control requirements.

Additional Responsibilities: * Understand current as well as emerging security threats and design security controls to mitigate threats where possible. * Serve as security ambassador, information security domain expert, trusted advisor; provide advisory and consulting services as needed to various department and project teams. * Maintain an awareness of existing and proposed security standard setting groups as well as State and Federal legislation and regulations pertaining to information security.

What You'll Need: * Bachelor's Degree Computer Science, Information Assurance, Network Security Administration or the equivalent combination of education and experience * Minimum of (3) three years of Information Technology and/or Information Security work experience

What Is Desired Or Can Be Taught: * Professional security and/or audit certification or equivalent experience (CISM, CISA, CRISC, CISSP, etc). * Knowledge of information security controls and processes for conducting Business Impact Analyses, Risk Assessments and IT System audits. * Experience working with GRC solutions such as RSA Archer helpful. * Advanced knowledge of audit and control processes, risk management processes, information security (Cyber) standards and practices (NIST SP800-53, ISO 9001, ISO 27001-02, HIPAA, CJIS, PCI, etc.). * Knowledge or experience with Microsoft Azure and Amazon Web Services environments is a plus. * Solid understanding of security concepts such as Segregation of Duties, Data Classification, or Least Privilege

This description is not intended to be an all-inclusive list of responsibilities, duties, and requirements for employees in this position. Job descri tions may and do change periodically. Where positions are covered by a collective bargaining unit agreement, the terms and conditions of the agreement will apply.

About our Company: We are a customer, growth and safety focused utility company that is dedicated to our communities. We improve life with energy as an energy partner of choice. Our diverse culture fuels unique perspectives, opening doors to new insights and possibilities. Based in Rapid City, South Dakota, we have over 3000 employees and serve 1.3 million natural gas and electric utility customers across eight states (South Dakota, Montana, Wyoming, Colorado, Nebraska, Iowa, Kansas, and Arkansas).

Enjoy our Comprehensive Benefits Package! Annual discretionary bonuses, 401(k) (6% company match and up to 9% company retirement contribution), tuition reimbursement, generous paid time off benefits, including paid holidays and parental leave, company paid life insurance and disability benefits (short and long term), an employee assistance program and well-being benefits, and competitive medical, dental and vision insurance.

Candidates must successfully pass a pre-employment drug screen and background check.

Black Hills Energy does not sponsor applicants for work visas. All applicants must be legally authorized to work in the US.

We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or status as a protected veteran. If you require reasonable accommodation, please visit careers.blackhillsenergy.com for more information.

EEO/AA/M/F/Vet/Disabled