Governance, Risk, and Compliance; GRC IT Analyst

Governance, Risk, and Compliance (GRC) IT Analyst About Us

Headquartered in Indianapolis, Indiana, Wabash Valley Power is a not-for-profit electric cooperative and wholesale provider of reliable, affordable electricity to our 21 electric distribution member cooperatives. These cooperatives in turn serve more than 280,000 homes, businesses, and farms in Indiana and Illinois.

As a not-for-profit co‑op, we do things a bit differently—and that’s the point. Because we aren’t influenced by shareholders, we make our decisions with our members in mind. That means we value things like teamwork, and putting families first. It also means a business model that’s designed for stability and growth. It’s a Deliberately Different approach to the energy industry, and that’s great news for the people who count on us.

• No Sweat – We offer a wellness program that includes a payroll credit for medical insurance, an on‑site fitness center for your convenience and extra vacation days for participating. We’ll even throw in a fitness device reimbursement to keep you on track!
• Flex Time – Our flexible schedule means you can work in your appointments or family events and maintain a comfortable work‑life balance.
• Stay in School – We value employees who have a desire to learn, so we provide funds for continuing education. We also offer in‑house training and ongoing development through our internal GROW program.
• Keep it Casual – When you work for us, you work in comfort. Blue jeans are the norm in our office, and we make them look good!
• Work Hard, Play Hard – We reward our employees with generous vacation time, to the tune of up to five weeks off a year. Even our new employees receive credit for prior work experience.

The Governance, Risk, and Compliance (GRC) IT Analyst is responsible for ensuring the cooperative’s information technology systems adhere to regulatory requirements, industry standards, and internal policies. This role focuses on maintaining compliance with NERC CIP standards, mitigating cybersecurity risks, implementing Zero Trust principles, and supporting governance frameworks to protect critical infrastructure. The GRC IT Analyst collaborates with IT, security, legal, and operational teams to develop policies, perform risk assessments, oversee audits, and strengthen internal controls.

• Ensure IT and cybersecurity programs comply with NERC CIP, FERC, and other relevant regulations.
• Develop, implement, and maintain IT governance frameworks, policies, and procedures aligned with regulatory requirements.
• Serve as a key resource in internal and external audits, coordinating responses, evidence collection, and remediation efforts.
• Stay updated on regulatory changes and industry best practices, advising management on necessary adjustments.
• Assist in training employees on compliance responsibilities and security awareness.
• Conduct IT risk assessments to identify and evaluate vulnerabilities in IT systems and processes.
• Perform internal control reviews to assess the effectiveness of IT security controls, access management, and compliance measures.
• Maintain the cooperative’s IT Risk Register and track mitigation strategies.
• Work with IT and security teams to implement risk management strategies and security controls.
• Support incident response planning and contribute to post‑incident investigations.

• Lead initiatives to design and implement a Zero Trust Architecture (ZTA) for the cooperative’s IT environment.
• Establish least privilege access controls, identity verification measures, and micro‑segmentation strategies.
• Collaborate with IT and networking teams to enforce continuous monitoring and authentication policies.
• Ensure Zero Trust principles align with NERC CIP compliance requirements and cybersecurity best practices.
• Monitor IT controls and security frameworks (e.g., NIST CSF, CIS Controls).
• Evaluate third‑party vendors for compliance with cybersecurity and regulatory requirements.
• Perform security assessments of IT systems, applications, and network infrastructure.
• Participate in business…