Ensures facilities remains in compliance with NERC CIP reliability standards and documents CIP-related activities for evidentiary purposes. The individual in this position will have a cybersecurity technical background and technical working knowledge of plant distributive control systems and protective relay functions.
- Responsible for tracking, executing, and maintaining high-quality compliance evidence for site-specific NERC CIP program activities with the focus on being "audit-ready."
- Under the direction of the corporate NERC compliance department, provide support to investigate, develop and/or complete self-certifications, data submittals, spot checks, investigations (both internal and external), self-reports and mitigation plans.
- Execute all NERC CIP required activities as defined in the standards that apply to the CIP-Medium and Low BES cyber systems and assets.
- Execute, control, and proactively manage project schedules, including risk identification, risk mitigation, and Change Management as it pertains to NERC CIP program execution activities.
- Perform and track required updates / patches to software, equipment, and documentation.
- Collect and analyze data to detect deficient site controls and prevent noncompliance with NERC CIP requirements.
- Execute oversight of processes and activities to evaluate NERC Compliance.
- Monitoring of the site NERC CIP compliance program.
- Participate in compliance program audits. Review records and recordkeeping practices of compliance enforcement activities to document findings and observations that will be used to create detailed audit reports communicating the results of audits, including areas of strengths, areas for improvement, and observations to support company-wide consistency.
- Identify, develop, and effectively deliver training.
- Assist in the ongoing development and improvement of NERC CIP compliance monitoring and enforcement program policies, procedures, rules, and other activities.
- Interface with NERC CIP committees, subcommittees, working groups, and industry stakeholder groups as necessary.
- Coordinate and collaborate with the Corporate IT Department, Engineering, and NERC compliance on NERC CIP-program related planning and activities.
- Report on project status, risks, and achievement of key milestones.
- Bachelor or Associate's Degree is preferred in engineering or information technology or the equivalent in training and experience.
- Experience with NERC CIP / cyber security auditing, compliance, and/or engineering.
- Experience with North American Electric Reliability Corporation (NERC), Federal Energy Regulatory Commission (FERC) regulations, PJM and ISO-NE rules.
- Knowledge of NERC CIP Compliance, NERC Compliance Monitoring and Enforcement Program, and NERC Rules of Procedure.
- Experience with plant instrumentation, automation, and controls, specifically related to High Voltage systems, is highly desirable.
- Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other information security credentials are desirable.
- Auditing, utility, regulatory, compliance, and/or engineering/plant control systems.
Spencer Ogden is acting as an Employment Agency in relation to this vacancy.