Lead CIP Compliance Analyst

Advantage Tech is searching for a Lead Compliance Analyst to work for their client based out of the Kansas City-Metro area.

POSITION PURPOSE:

  • Responsible for supporting the NERC Compliance Officer in developing, monitoring and implementing appropriate policies, procedures and programs to facilitate and maintain the Utilities ongoing NERC Compliance Program in response to NERC Reliability Standards and to manage enterprise risk resulting from cyber and physical attacks that could compromise reliability of the Bulk Electric System from unauthorized access to BES Cyber Systems and BES Cyber Assets as well as affording protection measures for sensitive and confidential information.
  • The position requires occasional travel within the, Kansas City metropolitan area and out-of-town meetings or conferences.

 

MINIMUM EDUCATION/EXPERIENCE REQUIREMENTS:

  • A Bachelor’s Degree in Information Systems, Computer Science or a related field and a minimum of three (3) years of recent experience in cyber security or an Associate’s Degree in Information Systems, Computer Science or a related field and a minimum of five (5) years of recent experience in cyber security is required.
  • Information security certification in SSSP, SANS, GIAC (Gold or Platinum certification), CEH, CISA, CRISC, CISM, CISSP or other applicable certification is desirable.
  • Recent experience in cyber security is required, including previous experience with Compliance Control Frameworks, including but not limited to: NERC CIP, SOX, NIST or other applicable areas.
  • A documented history responding to data requests, evaluating compliance evidence and developing compliance reports in support of periodic compliance audits is required.
  • Two (2) years of Information Technology (IT) system auditing and testing is preferred. 
  • Experience across a broad range of areas of software, hardware, networking, security and integration technologies is required.
  • A working knowledge of NERC Reliability Standards and regional operational and planning criteria is preferred. An understanding of regulatory oversight processes administered by NERC and FERC or other similar regulatory entities is preferred.
  • Excellent organizational, time management and project management skills are required. Ability to work with and analyze data-intensive and detailed information, and to draw meaningful conclusions from that information. Computer skills, proficiency with Microsoft Office applications, including Word, Excel and PowerPoint.  Effective communication skills (face-to-face, telephone, written, email and presentation skills) and the ability to build, develop and maintain effective interpersonal relationships is required.  Strong project management and analytical skills and the ability to plan and carry out responsibilities with minimal direction and supervision are required.  Strong technical writing skills are desirable.

PRINCIPAL ACCOUNTABILITIES:

*1.        Provide technical and compliance guidance to the functional groups regarding interpretation of the CIP Reliability Standard requirements and provide direction on how the functional work groups can assure compliance with the requirements.

*2.        Define best practices for methods, processes and procedures for securing systems identified as BES Cyber Systems and BES Cyber Assets.  Facilitate a proactive CIP compliance evidence review and quality assurance process for all applicable functional work groups.

*3.        Monitor CIP compliance through scheduled and unscheduled internal data requests, spot checks and other applicable activities to confirm compliance, identify areas of improvement, detect areas of concern with respect to documentation, testing, maintenance and operations and develop processes or procedures to return to and maintain the prescribed level of compliance.

*4.        Oversee the identification and documentation of the BES Cyber Systems that support the Bulk Electric System.

*5.        Develop or acquire compliance training resources to provide Subject Matter Experts (SME) with the appropriate level of Cyber Security Awareness, NERC CIP Standards training and effective Cyber Security training reinforcements, including but not limited to posters, desktop aids, calendars and other appropriate materials.

*6.        Lead the assessment and evaluation process for all potential and actual Cyber Security Incidents, including the evaluation of the effectiveness of policies, processes and procedures to provide the appropriate response(s), related to BES Cyber Systems.

*7.        Provide assistance to the NERC Compliance Manager with CIP compliance audit preparation and audit performance.

 8.        Perform the essential functions of the CIP Senior Manager, as identified in the NERC Reliability Standard CIP-003 Cyber Security – Security Management Controls, as directed by the NERC Compliance Manager, subject to the approval of designation by the General Manager.  [Optional]

*9.        Assist the O&P Compliance Engineer in compliance activities as needed.

*10.      Perform other related duties as assigned by the NERC Compliance Officer.

 

#advantagetech

Submit Resume