Employment Type: Permanent
Job Number: 27023
CIP Compliance Analyst
The CIP Compliance Analyst is responsible for achieving team objectives for the enterprise North American Electric Reliability Corporation, Critical Infrastructure Protection, Cybersecurity Compliance Program. This role is responsible for enterprise Cyber Security controls as applicable, to adhere to regulatory requirements such as HIPAA, PII, PCI, etc. This role works closely with multiple internal Business Areas to ensure effective, efficient and consistent adherence with the NERC CIP Standards and a strong compliance culture is achieved across the organization. This role will involve work with developing and maintaining the Program Standards, Procedures, Processes and Tools and will involve performing quality assurance (QA) and validation to ensure that compliance is achieved.
● Perform technical feasibility reviews, quality assurance (QA) reviews, and validation reviews of CIP or Cyber Security-related implementations (processes, procedures, internal controls) and associated evidence to ensure compliance with CIP cybersecurity policy and with the NERC CIP Standards.
● Develop interpretations of new CIP Standards or other regulatory standards using a variety of inputs such as regulatory guidance and industry benchmarking to produce clear descriptions of compliance obligations for internal stakeholders to use as guidance for implementations.
● Develop modifications to the CIP cybersecurity policy that are triggered by: new and/or changing NERC Standards, newly published guidance from the regulators, and by internal requests for improvements
● Provide enterprise coordination, project oversight, reporting, and issue resolution for implementation of future versions of the NERC CIP Standards.
● Prepare reports on the results of internal reviews of compliance evidence, including categorization of findings and recommendations to be addressed.
● Support implementations of technologies to augment NERC CIP Compliance Program to drive efficiency and sustainability in the pursuit of both compliance and operational goals.
● Consult with internal business area personnel to ensure that they understand, plan for, and implement compliance requirements.
● Perform training, change management, and communication support for CIP implementations and ongoing compliance activities.
● Maintain SharePoint evidence repository for Critical and sensitive CIP evidence storage.
● Facilitate performance Cyber Security Risk assessment for vendors’ security compliance.
● Analyze security documents/configurations for various security application platforms or ability to learn during engagements.
● Perform Excel based analysis and comparison for outputs generated by Cyber Security systems such as NetStat, WinAudit, ACL, Syslogs, etc.
● Stays abreast of and complies with local, state, and federal legal requirements by studying existing and new legislation.
● Provides leadership and example in meeting safety and wellness goals.
● Performs other job-related duties as assigned.
● Bachelor’s degree in Computer Science, Information Systems, Accounting, Business Administration, Public Administration, or a related field
● 3 years of cyber security, auditing, compliance, regulatory, or related experience, with at least 1 year in a regulatory or compliance environment. Utility experience is preferred.
● NERC CIP and similar regulatory standards.
● Regulatory compliance requirements of HIPAA, PII, and PCI Data Security Standard.
● Agile method or similar cyber security standards.
● Basic principles of power system protection theory, practices, and application.
● Applying process improvement and/or innovation principles to improve or enhance the performance of operations and processes.
● Using required software including Microsoft Office (Excel, Word, PowerPoint, Outlook).
● CISSP, or CISA, or CRISC (preferred)
● Support the objectives of regulatory compliance standards.
● Effectively communicate technical information and relate it to business objectives, both verbally and in writing.
● Analyze difficult and complex issues to reach sound, logical, fact-based conclusions and recommendations.
● Effectively handle multiple, changing priorities.
● Understand, interpret, and apply company policies and procedures.
● Establish and maintain effective working relationships with stakeholders at all levels.
● Operate standard office equipment and software applications.