Governance, Risk, and Compliance (GRC) IT Analyst

About Us
Headquartered in Indianapolis, Indiana, Wabash Valley Power is a not-for-profit electric cooperative and wholesale provider of reliable, affordable electricity to our 21 electric distribution member cooperatives. These cooperatives in turn serve more than 280,000 homes, businesses, and farms in Indiana and Illinois.

As a not-for-profit co-op, we do things a bit differently—and that’s the point. Because we aren’t influenced by shareholders, we make our decisions with our members in mind. That means we value things like teamwork, and putting families first. It also means a business model that’s designed for stability and growth. It’s a Deliberately Different approach to the energy industry, and that’s great news for the people who count on us.

What You'll Get
We believe what benefits our employees benefits our company. That’s why we put employees first—your health, your family, and your development. These aren’t just slogans: We offer continuing education, flex time, health benefits, a 401(k) match and pension plan, and much more. Here are just a few of the things that make our company culture unique:

• No Sweat - We offer a wellness program that includes a payroll credit for medical insurance, an on-site fitness center for your convenienceand extra vacation days for participating. We’ll even throw in a fitness devicereimbursement to keep you on track!
• Flex Time - Our flexible schedule means you can work in your appointments or family events andmaintain a comfortable work-life balance.
• Stay in School - We value employees who have a desire to learn, so we provide funds for continuingeducation. We also offer in-house training and ongoing development through ourinternal GROW program.
• Keep it Casual - When you work for us, you work in comfort. Blue jeans are the norm in our office, andwe make them look good!
• Work Hard, Play Hard - We reward our employees with generous vacation time, to the tune of up to five weeks offa year. Even our new employees receive credit for prior work experience.

The Governance, Risk, and Compliance (GRC) IT Analyst is responsible for ensuring the cooperative's information technology systems adhere to regulatory requirements, industry standards, and internal policies. This role focuses on maintaining compliance with NERC CIP standards, mitigating cybersecurity risks, implementing Zero Trust principles, and supporting governance frameworks to protect critical infrastructure. The GRC IT Analyst collaborates with IT, security, legal, and operational teams to develop policies, perform risk assessments, oversee audits, and strengthen internal controls.

Essential Duties and Responsibilities:

Governance & Compliance

• Ensure IT and cybersecurity programs comply with NERC CIP, FERC, and other relevant regulations.
• Develop, implement, and maintain IT governance frameworks, policies, and procedures aligned with regulatory requirements.
• Serve as a key resource in internal and external audits, coordinating responses, evidence collection, and remediation efforts.
• Stay updated on regulatory changes and industry best practices, advising management on necessary adjustments.
• Assist in training employees on compliance responsibilities and security awareness.

Risk Management & Internal Control Reviews

• Conduct IT risk assessments to identify and evaluate vulnerabilities in IT systems and processes.
• Perform internal control reviews to assess the effectiveness of IT security controls, access management, and compliance measures.
• Maintain the cooperative’s IT Risk Register and track mitigation strategies.
• Work with IT and security teams to implement risk management strategies and security controls.
• Support incident response planning and contribute to post-incident investigations.

Zero Trust Implementation & Security Control Assurance

• Lead initiatives to design and implement a Zero Trust Architecture (ZTA) for the cooperative’s IT environment.
• Establish least privilege access controls, identity verification measures, and micro-segmentation strategies.
• Collaborate with IT and networking teams to enforce continuous monitoring and authentication policies.
• Ensure Zero Trust principles align with NERC CIP compliance requirements and cybersecurity best practices.
• Monitor IT controls and security frameworks (e.g., NIST CSF, CIS Controls).
• Evaluate third-party vendors for compliance with cybersecurity and regulatory requirements.
• Perform security assessments of IT systems, applications, and network infrastructure.
• Participate in business continuity and disaster recovery planning.

Collaboration & Reporting

• Generate reports on compliance status, risk assessments, and security metrics for leadership and regulators.
• Work closely with IT, operations, and legal teams to ensure alignment between business objectives and compliance requirements.
• Serve as a liaison between the cooperative and regulatory bodies during audits and compliance reviews.

Required:

• Bachelor’s degree in Information Technology, Cybersecurity, Business, or a related field.
• 5+ years of experience in IT governance, compliance, or risk management.
• Knowledge of NERC CIP standards and regulatory requirements in the electric utility industry.
• Experience implementing Zero Trust Security models and least privilege access controls.
• Understanding of IT security frameworks (e.g., NIST 800-53, ISO 27001, CIS Controls).
• Familiarity with risk assessment methodologies and tools.
• Strong analytical and problem-solving skills.
• Ability to communicate complex security and compliance topics to non-technical audiences.

Preferred:

• Certifications such as CISA, CISSP, CRISC, or CIP Compliance Specialist.
• Master’s degree in Information Technology, Cybersecurity, Business, or a related field.
• Experience working in an electric cooperative or energy sector.
• Hands-on experience with GRC tools, security auditing, or compliance management platforms.
• Technical knowledge of network security, endpoint protection, and identity management solutions.

Security Clearance Requirement
This position requires the ability to obtain and maintain a U.S. government Secret Security Clearance. While an active clearance is not required to apply, the successful candidate must meet the eligibility criteria for a Secret Clearance, including U.S. citizenship and a background investigation. Our organization will support and facilitate the clearance process for the selected candidate.

For more information about U.S. government security clearances, please visit: https://www.intelligencecareers.gov/dhsia/security-clearance-process

Work Environment:

• Primarily office-based with periodic travel for audits, assessments, and training.
• After-hours work may be required to support compliance activities and incident response.
• This role is hybrid in nature, with a combination of on-site workdaysand remote workdays.

All your information will be kept confidential according to EEO guidelines.