Job Specifications

Provide support for IT Risk procedures and processes to detail and assess risk in IT for Third Party and Asset related risks through working with all levels of the organization to acquire the accurate inputs for the assessments. The ideal candidate for this position is a confirmed problem solver and integrator of people and processes, as well as an effective internal consultant. The risk assessor must also possess demonstrated domain proficiencies in a number of IT-risk-related disciplines, including information technologies, security, business continuity management, privacy and compliance.

Pay Range: $69,350 - $104,000 / Grade 13 (Determined by the knowledge, skills and abilities of the applicant.)
This posting includes the full pay range for this position. Pay is based on a number of factors and may vary depending on job-related knowledge, skills, experience, and internal equity.

Reporting Relationship: Mgr. IT Security Sr

Location: Rapid City, SD

Relocation Assistance:
Relocation assistance is available based on individual circumstances! Details to be shared during the offer process.

Essential Functions:
* Perform quantitative and qualitative analysis to support the prioritization of risk mitigation projects, measure progress of technology risk reduction initiatives, and identify areas with high residual risk.
* Provide assessment, monitoring and coordination support for Policies and Controls related risk activities for the entire IT organization.
* Perform or assist functions within the Third-Party IT Risk Program such as performing assessments, detailing findings and monitoring overall security ratings of external companies.
* Perform or assist with IT Risk assessments on various assets both inside IT and in other groups.
* Review and analyze the efficiency of the company's IT control activities and report on them with concrete recommendations and findings.
* Follow up on findings in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.

Additional Responsibilities:
* Acts as risk management liaison with all levels of the IT organization and with the lines of business and other internal groups and organizations

What You'll Need:
* Bachelor's Degree Science with a focus on IT or IT-risk-related disciplines or equivalent combination of education and experience
* Minimum of (3) three years of IT experience in IT risk management or a related subject area (for example, security, privacy, business continuity management, audit or compliance)

What Is Desired Or Can Be Taught:
* Knowledge or ability to learn information in CRMA, PMI-RMP, CGEIT, GRCP, FAIR or comparable certifications.
* Solid grasp of common standards and frameworks, such as ISO/IEC 27K Series, IT Infrastructure Library (ITIL), COBIT, CIS Top 20, NIST SP 800 Series and CSF, and Capability Maturity Model Integration.
* Understanding of information technology concepts and cloud computing methodologies.
* Knowledge and understanding of Cybersecurity
* Excellent oral and written communication skills, including the ability to explain technology solutions in business terms, establish rapport to effectively communicate security and risk-related concepts to technical and nontechnical audiences
* Efficiently handle multiple projects at varying stages of the process.
* Knowledge of the regulated utility business is desired.
* Solid skills as a negotiator, to facilitate dedication to, and sign-off on, appropriate levels of residual risk from line-of-business managers.
* High level of personal integrity, with the ability to handle confidential and otherwise critical matters professionally and with the appropriate level of judgment and maturity.
* High degree of initiative, dependability and ability to work with little supervision.

This description is not intended to be an all-inclusive list of responsibilities, duties, and requirements for employees in this position. Job descriptions may and do change periodically. Where positions are covered by a collective bargaining unit agreement, the terms and conditions of the agreement will apply.

About our Company: We are a customer, growth and safety focused utility company that is dedicated to our communities. We improve life with energy as an energy partner of choice. Our diverse culture fuels unique perspectives, opening doors to new insights and possibilities. Based in Rapid City, South Dakota, we have over 3000 employees and serve 1.3 million natural gas and electric utility customers across eight states (South Dakota, Montana, Wyoming, Colorado, Nebraska, Iowa, Kansas, and Arkansas).

Enjoy our Comprehensive Benefits Package! Annual discretionary bonuses, 401(k) (6% company match and up to 9% company retirement contribution), tuition reimbursement, generous paid time off benefits, including paid holidays and parental leave, company paid life insurance and disability benefits (short and long term), an employee assistance program and well-being benefits, and competitive medical, dental and vision insurance.

Candidates must successfully pass a pre-employment drug screen and background check.

Black Hills Energy does not sponsor applicants for work visas. All applicants must be legally authorized to work in the US.

We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or status as a protected veteran. If you require reasonable accommodation, please visit careers.blackhillsenergy.com for more information.