Are you a cybersecurity professional, with policy and technical expertise in the emerging areas of cloud computing and virtualization? Do you have the passion and desire to support Critical Infrastructure? Do you want to help assure the reliability and security of the bulk power system, upon which 400 million North Americans depend? The CIP Assurance Advisor is responsible for providing oversight, guidance, and coordination in support of the Electric Reliability Organization (ERO) Enterprise’s regulatory functions. This includes oversight of the ERO Enterprise’s implementation of its risk-based Compliance Monitoring and Enforcement Program (CMEP), outreach with industry participants, and collaboration with Regional Entity staff. The CIP Assurance Advisor provides guidance on technical issues, delivers training related to CIP Reliability Standards and risk-based compliance monitoring, and supports the implementation of compliance guidance. This position reports to the Senior Manager, Cyber, and Physical Security Assurance.
· Provide ERO Enterprise cyber security subject-matter expertise for external-facing initiatives and to other NERC departments.
· Lead North America-wide cybersecurity outreach and training initiatives in support of NERC’s mission, and provide project management expertise for CIP-related security projects.
· Collaborate and coordinate with ERO Enterprise staff regarding cybersecurity initiatives and CIP Reliability Standards.
· Proactively identify cybersecurity risks to the bulk power system and provide risk mitigation support.
· Lead and/or participate in the development and execution of risk-based compliance monitoring programs/processes/activities as well as with NERC committees, subcommittees, working groups, and industry stakeholder groups as necessary.
· Assist in developing and executing oversight programs/processes/activities to evaluate regional entity adherence to the NERC Rules of Procedure, CMEP, and delegation agreements.
· Proactively identify security and reliability gaps in the NERC Reliability Standards.
· Assist in the ongoing development and improvement of NERC CMEP policies, procedures, rules, and other activities.
· Assist in the development of Reliability Standard Audit Worksheets and CIP Evidence Request Tool for new and revised NERC Reliability Standards.
· Ensure that Compliance Assurance activities are conducted in adherence with NERC Rules of Procedure.
· Assist NERC Enforcement in the evaluation of self-reports, audit findings, and registered entity Mitigation Plans.
· Other duties as assigned.
You are a qualified candidate in you have:
· Experience in Virtualization and/or Cloud technologies and known cybersecurity risks.
· Experience and knowledge of cybersecurity defense strategies.
· Experience in evaluating and analyzing cybersecurity vulnerabilities.
· The ability to facilitate complex technology discussions with various levels of cybersecurity expertise.
· Advanced project management and analytical experience
· Ability to work independently in a fast-paced environment with minimal direct supervision.
· Competence in interpersonal communications, with the ability to interact diplomatically with people from many levels of industry and government.
· Excellent oral and written communication skills, including editing and proofreading skills.
· Proficiency using Microsoft Office tools including Word, Outlook, Excel, and PowerPoint.
· Ability and willingness to travel regularly.
· A bachelor’s degree from an accredited four-year college or university.
You are an EXCELLENT candidate if you:
· Minimum five years technical cybersecurity security experience, preferably in the electricity sector, utility industry, or industrial control system environment.
· Familiarity with the application of NERC standards.
· Prior experience in regulatory compliance oversight and enforcement within a recognized industry, government, or government-authorized agency, especially in conducting performance audits or analysis of program effectiveness of government agency operations (e.g., GAO or other federal or state-level equivalent experience).
· CISSP, CISM, CISA, CRISC, GIAC, CPP or other security-related certification.
· A master’s degree in a related field.
· Understanding of law enforcement operations (especially regarding U.S. DOE, U.S. DHS, U.S. FERC, FBI).
· Familiarity with Homeland Security Presidential Directive-7 National Infrastructure Protection Plan and the CI/KR sector model developed by DHS.
· Experience in requirements gathering, technical training development, and technical writing.
· Background check will be conducted prior to employment.
· In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
· Travel necessary: Passport required for North American travel.
· This position has been classified as exempt.
· Job is located in Atlanta, GA; remote employees may be considered based on qualifications.
Qualified candidates should submit their resume in electronic format to [ Link removed ] - Click here to apply to CIP Assurance Advisor
• Cissp, Cism, Cisa, Crisc, Giac, Cpp
Cybersecurity Defense Strategies
Regulatory Compliance Oversight And Enforcement
Virtualization And/Or Cloud Technologies