Associate Cyber Compliance Analyst or Cyber Compliance Analyst (Richmond, VA) Dominion Energy

  • 12 Jun 2023 10:02 PM
    Message # 13214399
    James Walters (Administrator)

    Associate Cyber Compliance Analyst or Cyber Compliance Analyst (Richmond, VA) Dominion Energy

    We offer a hybrid 4-1 work schedule (four days in the office, one day of teleworking) to accommodate the need for flexibility.

    At this time, Dominion Energy cannot transfer nor sponsor a work visa for this position.

    Job Summary

    Dominion Energy is on the front lines of the cyber war that is underway in the world right now. Strong cyber security is essential to keeping the light on, staying warm in the winter, and to the reputation and trust we’ve built over the years with our customers and shareholders. Strong cyber security at Dominion Energy is critical to the defense of our nation. As the power company to the Pentagon and many of the internet’s data centers with services in 16 states, a single breach could have catastrophic consequences including the loss of life and the disruption of society as we know it. We take cyber security and compliance with cyber regulations seriously and are looking for like-minded interesting independent thinkers and doers. If you’re that type of person and want to help shape the culture of a forward-looking company that’s proud of its rich legacy, then read on!

    This posting is for one position to be filled at either the Associate Cyber Compliance Analyst or Cyber Compliance Analyst level. This position will be filled at the level commensurate with the successful candidate's knowledge, skills, abilities, and experience.

    Cyber Security – Compliance is Dominion Energy’s team of Information Technology (IT) internal control experts. By providing guidance and training, assisting IT to meet obligations under the Sarbanes-Oxley Act (SOX), partnering with Accounting Controls and with auditors during internal and external IT audits (internal and external) of IT, our team ensures Dominion Energy maintains a first in class IT SOX Compliance Program. This role assists with maintaining the cyber regulatory compliance program for processes, applications and systems across business units. Leveraging cyber security best practices and detailed understanding of cyber regulatory requirements, this role provides guidance as to how compliance is achieved, governance and oversight to the entire program, technical guidance, evaluation of technical procedures. We are an integral part of Dominion Energy’s efforts to achieve and maintain compliance; minimize audit findings; implement changes; and meet or exceed regulatory requirements.

    Specific responsibilities include:

    Serve as an advisor to process owners across the IT organization on best practices for SOX, recommend opportunities for improvements to existing processes and assist in designing/updating the SOX process documentation for new system implementations.

    Key role assessing risks, identifying control design and testing improvement opportunities, and partnering with IT to provide recommendations for control enhancements.

    Liaise with IT, Accounting Control, and business groups.

    Analyze, design, and advise on the implementation of control framework for acquired companies.

    Manage, perform, and maintain annual risk reassessments to facilitate current IT control documents.

    Evaluate control issues and facilitate root cause analysis, risk impact statements, and remediation action plan responses to IT management and auditors.

    Manage frequent, ad hoc requests from IT for advice and assistance regarding controls and compliance.

    Coordinate with internal and external auditors to ensure the SOX compliance program meets expectations of approach, scope, timing, and control assessments.

    Train IT process and control owners on their SOX responsibilities

    Perform daily oversight activities to confirm compliance with policies and procedures.

    Use time wisely by prioritizing tasks according to risk and demonstrate ability to manage time, working independently, and facilitating a team environment.

    Perform other duties as necessary.


    Required Knowledge, Skills, Abilities & Experience

    The knowledge, skills, abilities and experience required for entry into this job include the following:

    Associate Cyber Compliance Analyst:

    0-2 years of cyber or IT audit, compliance, or technology experience. IT SOX experience is highly preferred. (Note: A Master's degree will count as one year of experience).

    Cyber Compliance Analyst:

    3+ years of cyber or IT audit, compliance, or technology experience. IT SOX experience is highly preferred. (Note: A Master's degree will count as one year of experience).

    Additional Requirements:

    Ability to lead meetings and small initiatives with minimal supervision.

    Familiarity with applying technical internal controls or audit knowledge in one or more of the following areas: System Development Lifecycle procedures, IT Security Administration, IT operations, application reviews, SOC 1 reviews, or IT control reviews.

    Familiarity with risk control frameworks (COBIT, COSO, etc.)

    Excellent oral and written communication skills to effectively communicate complex information across various levels and areas of Dominion Energy.

    A continuous improvement mindset with experience optimizing existing processes and possess assessment and process-oriented background.

    Demonstrated ability to adapt in a dynamic environment.

    Ability to develop operational procedures.

    General understanding of IT Technology and Accounting Processes.

    General understanding of cyber security best practices.

    Strong attention to detail.

    Ability to track tasks through completion providing status reports and monitoring for impediments.

    CISA, CIA, or similar certification is preferred but not required.

    The company is actively seeking United States military veterans and service members who meet the qualifications, plus appropriate equivalent combination of education and years of experience as outlined above.

    Education Requirements

    Degree or an equivalent combination of education and demonstrated related experience may be accepted in lieu of preferred level of education:


    Preferred Discipline(s): Computer Science; Accounting; Information Systems; Information Systems Security; Information Technology

    Other disciplines may be substituted for the preferred discipline(s) listed above.

    Licenses, Certifications, or Quals Description

    CISA, CIA, or similar certification is preferred but not required.

    Working Conditions

    Office Work Environment 76 -100%

    Travel Up to 25%

    Other Working Conditions

    Test Description

    No Testing Required

    Export Control

    Certain positions at Dominion Energy may involve access to information and technology subject to export controls under U.S. law. Compliance with these export controls may result in Dominion Energy limiting its consideration of certain applicants.

    Other Information

    We offer excellent plans and programs for employees. Employees are rewarded with a competitive salary and comprehensive benefits package which may include: health benefits with coverage for families and domestic partners, vacation, retirement plans, paid holidays, tuition reimbursement, and much more. To learn more about our benefits, click here

    Dominion Energy is an equal opportunity employer and is committed to a diverse workforce. Qualified applicants will receive consideration for employment without regard to their protected veteran or disabled status.

    You can experience the excitement of our company – it's the difference between taking a job and starting a career.

    Job Segment: Sustainability, Computer Science, Information Systems, CSR, Energy, Technology, Management


Copyright 2023, International Information Systems Security Certification Consortium, Inc. (“(ISC)²), in website format and trade dress only. All Rights Reserved. (ISC)², CISSP, SSCP, CAP, ISSAP, ISSEP, ISSMP, CSSLP, and CBK are registered certification, service, and trademarks of (ISC)². Disclaimer: (ISC)²” does not own, operate, or moderate this website. All content of this site, exclusive of licensed trademarks or copyright, is the property of the designated (ISC)² Chapter organization, which is not owned, managed, or controlled by (ISC)² and operates independent of (ISC)².  

(ISC)2RVA is a 501(c)3 nonprofit organization.  EIN: 83-4655968

P.O. Box 2566, Glen Allen, VA 23058-2566

Powered by Wild Apricot Membership Software