CIP Compliance Analyst

Advantage Tech is searching for a Compliance Analyst to work for their client based out of the Kansas City-Metro area.

 

POSITION PURPOSE:

  • Responsible for supporting the NERC Compliance Officer and CIP Compliance Engineer in developing, monitoring and implementing appropriate policies, procedures and programs to facilitate and maintain the Utilities ongoing NERC Compliance Program in response to NERC Reliability Standards and to manage enterprise risk resulting from cyber and physical attacks that could compromise reliability of the Bulk Electric System from unauthorized access to BES Cyber Systems and BES Cyber Assets as well as affording protection measures for sensitive and confidential information.
  • The position requires occasional travel within the Kansas City metropolitan area and out-of-town meetings or conferences.

MINIMUM EDUCATION/EXPERIENCE REQUIREMENTS:

  • An Associate’s Degree in Information Systems, Computer Science or a related field is required.  A Bachelor’s Degree in Information Systems, Computer Science or a related field is preferred.
  • Information security certification in SSSP, SANS, GIAC (Gold or Platinum certification), CEH, CISA, CRISC, CISM, CISSP or other applicable certification is desirable.
  • A minimum of three (3) year of recent experience in cyber security is required, including previous experience with Compliance Control Frameworks, including but not limited to: NERC CIP, SOX, NIST or other applicable areas.
  • A documented history responding to data requests, evaluating compliance evidence and developing compliance reports in support of periodic compliance audits is required.
  • Two (2) years of Information Technology (IT) system auditing and testing is preferred. 
  • Experience across a broad range of areas of software, hardware, networking, security and integration technologies is required.
  • A working knowledge of NERC Reliability Standards and regional operational and planning criteria is preferred. An understanding of regulatory oversight processes administered by NERC and FERC or other similar regulatory entities is preferred.
  • Excellent organizational, time management and project management skills are required.
  • Ability to work with and analyze data-intensive and detailed information, and to draw meaningful conclusions from that information. Computer skills, proficiency with Microsoft Office applications, including Word, Excel and PowerPoint. 
  • Effective communication skills (face-to-face, telephone, written, email and presentation skills) and the ability to build, develop and maintain effective interpersonal relationships is required. 
  • Strong project management and analytical skills and the ability to plan and carry out responsibilities with minimal direction and supervision are required. 
  • Strong technical writing skills are desirable.

PRINCIPAL ACCOUNTABILITIES:

*1.        Support the process for providing technical and compliance guidance to the functional groups regarding interpretation of the CIP Reliability Standard requirements.

*2.        Review best practices for methods, processes and procedures for securing systems identified as BES Cyber Systems and BES Cyber Assets.  Assist the CIP Compliance Engineer in proactive CIP compliance evidence reviews and quality assurance processes for all applicable functional work groups.

*3.        Participate in CIP compliance reviews through scheduled and unscheduled internal data requests, spot checks and other applicable activities to confirm compliance, identify areas of improvement, detect areas of concern with respect to documentation, testing, maintenance and operations and provide guidance on how to return to and maintain the prescribed level of compliance.

*4.        Support the process for compliance training to provide Subject Matter Experts (SME) with the appropriate level of Cyber Security Awareness, NERC CIP Standards training and effective Cyber Security training reinforcements, including but not limited to posters, desktop aids, calendars and other appropriate materials.

*5.        Participate in the assessment and evaluation process for all potential and actual Cyber Security Incidents, including the evaluation of the effectiveness of policies, processes and procedures to provide the appropriate response(s), related to BES Cyber Systems.

*6.        Provide assistance to the NERC Compliance Manager and CIP Compliance Engineer with CIP compliance audit preparation and audit performance.

*7.        Assist the O&P Compliance Engineer in other compliance activities as needed.

*8.        Perform other related duties as assigned by the NERC Compliance Officer.

 

#advantagetech

Submit Resume