Accessibility Links

CIP Section Manager

  • Job type: Permanent
  • Job reference: : BBBH110621
  • Location: USA, New York, Spring Valley
  • Sector: T&D, Utilities
  • Salary: Negotiable
  • Date posted: 01/08/2017
This vacancy has now expired.

*Must have, at a minimum, a bachelor's degree in Electrical Engineering, Information Technology Systems, Computer Science, Information Technology System Security or a related technical curriculum. A Graduate degree and/or professional certification in cyber security is preferred.
*Minimum eight years' experience in an electric power system operations, IT and/or energy management systems environment. Prior supervisory experience preferred.
*Prior experience working with audits of utility operations and/or IT systems is a plus.
*Must have a thorough understanding of the regulatory structure of FERC, NERC, NPCC, RFC, and their relationships to our company.
*Position requires expert knowledge of cyber security technology and the ability to plan for related technology implementations several years in the future.
*Maintain a complete understanding of present NERC CIP standard requirements, measures and compliance reporting, quickly develop working knowledge of future revisions, and be the SME on these standards.
*Must have a demonstrated ability to lead initiatives across various organizations and in cross-functional teams, and communicate effectively with executives, peers and subordinates.
*Excellent oral and written communications skills are required.
*Fundamental knowledge of data networking is required
*Should have knowledge of operating systems; AIX, LINUX and/or MS OS preferred.
*Demonstrated leadership ability and proven track record of achieving sustainable results in managing IT projects and/or technology system implementation strongly preferred.
*Experience, with increasing levels of responsibility, in electric operations, engineering, or Information Technology and Security is highly preferred.
*The ideal candidate for this position will have fundamental knowledge and understanding of power transmission, distribution and generation principles.
*Must be willing and available to be on call, work off-shifts, weekends, holidays and overtime, as operating and system conditions require.
*Must have means, and be able to travel to various Company locations and to other companies, if required.
*Must be available to travel out-of-town for regulatory meetings and conferences within the US and Canada.
*Must have valid driver's license.


This position is the senior technical position responsible for the on-going development and maintenance of Information Security Policy to meet the business unit's cyber security and cyber compliance missions and objectives. The Section Manager is responsible to:

*Plan, design and implement, in conjunction with other key stakeholders, the cyber security program and technical architecture to implement the associated policies.
*Plan, develop and implement the program's processes and technical controls to mitigate threats that could attack, damage, or gain unauthorized access to networks, facilities, data or programs.
*Collaborate in the planning for, implementation and maintenance of the Company's cyber security awareness program as it relates to CIP.

Under the general supervision of the Director - Control Center and Substation Operations and in collaboration with other groups within and external to the CEI family of companies the Section Manager will be active in and be responsible for functional compliance with NERC Critical Infrastructure Protection related to the operation of BES Cyber Systems/Assets at affected facilities. Responsible for direct supervision of the Critical Infrastructure Protection Program including evaluating the performance of direct reports and taking action to develop individual and group performance indicators. Ensure that all the CIP requirements are met, as and when mandated, through the continuing development, revision, recommendation and/or implementation of operational strategies, budgets, technologies and required policies and procedures to meet NERC CIP requirements applicable to the company's assets and respond to real-time, specific, actionable threat information.
Provide oversight for all aspects of and task-components related to compliance with NERC CIP Standards, including sustaining compliance with new and developing versions of CIPS through review, analysis and/or providing appropriate recommendations in the NERC standards development stakeholder process. Provide ongoing technical entity-specific risk analysis as well as assessment and recommendation for mitigation for the protection of applicable infrastructure. Analysis and response must include a comprehensive and sustained risk management approach providing the ability to identify, assess, monitor and respond to cyber security-related risks and provide the organization with the information needed to make risk-based decisions. Approach must consider safety and reliability, privacy and data integrity, business continuity and reputation management.
Interface with designated organizations and departments, with service vendors and contractors, and with appropriate regulatory bodies to achieve sustainable compliance with all CIPS requirements to secure the identified cyber assets and systems from threats that could attack, damage, or gain unauthorized access to networks, facilities, data or programs. Interface with and participates in various working groups and committees as necessary. (e.g. Corporate cyber security team, DOE, NERC, NPCC, RFC, PJM and NYISO sub-committees). Conduct reviews, audits, tests and drills, as appropriate, of CIP compliance activities, processes and documented guidance in order to monitor and report on status of compliance. Grant, change or revoke physical and/or electronic access to the Control Centers and BES Cyber Systems and critical cyber assets. Participate in the Company's emergency management processes and storm plans. Perform other related assignments, as required.

Spencer Ogden is acting as an Employment Agency in relation to this vacancy.