Lead Compliance Analyst - NERC CIP Program Management

Location: Charlotte, North Carolina

Type: Contract To Hire

Optomi, in partnership with an industry leader in renewable energy, is seeking a NERC CIP Lead Compliance Analyst for their Charlotte, NC office. As a Lead Compliance Analyst you will be responsible for achieving team objectives for the enterprise North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Cybersecurity Compliance Program. This position will primarily focus on performing internal assessments of compliance with the NERC CIP Standards. The role will also include reviewing the CIP Cybersecurity Policy and related documents (e.g., standards, position papers, program documents) as they evolve over time.

Apply Today if your Background Includes:

  • A Bachelors’ degree in a related field and four (4) years of utility, cyber security, auditing, compilance, regulatory or related experience with at least 2 years NERC Compliance experience
  • OR 12 or more years of utility, cyber security, auditing, compilance, regulatory or related experience with at least 2 years NERC Compliance experience
  • Four (4) or more years of experience working with the NERC CIP standards and requirements

What the Right Professional will Enjoy!

  • Implementing new enterprise processes and methods in environments with distinct departmental processes
  • Working for a company ranked as one of the top 100 Best Corporate Citizens!
  • Performing internal assessments of compliance with the NERC CIP Standards.
  • Working closely with multiple internal Business Areas to ensure effective, efficient and consistent adherence with the NERC CIP Standards to achieve a strong compliance culture across the organization

Essential Duties & Responsibilities:

  • Perform quality assurance (QA) reviews and validation reviews of CIP-related implementations (processes, procedures, internal controls) and associated evidence to ensure compliance with Duke Energy’s NERC CIP cybersecurity policy (IT 503) and with the NERC CIP Standards
  • Perform risk assessments to develop an accurate understand of the relative risks associated with findings from internal and external assessments and audits to ensure that the organization’s response to these issues are scaled to be commensurate with the potential risk to the Bulk Electric System (BES).
  • Develop interpretations of new CIP Standards using a variety of inputs such as regulatory guidance and industry benchmarking to produce unambiguous descriptions of compliance obligations for internal stakeholders to use as guidance for implementations
  • Recommend modifications to the NERC CIP cybersecurity policy (IT 503) that are triggered by: new and/or changing NERC Standards, newly published guidance from the regulators, and by internal requests for improvements
  • Provide enterprise coordination, project oversight, reporting, and issue resolution for implementation of future versions of the NERC CIP Standards (e.g., CIP Version 6 for low-impact systems, CIP Version 7, etc.)
  • Prepare reports on the results of internal reviews of compliance evidence, including categorization of findings and recommendations to be addressed Support implementations of technologies to augment Duke Energy’s NERC CIP Compliance Program to drive efficiency and sustainability in the pursuit of both compliance and operational goals
  • Perform internal consulting with business area personnel to ensure that they understand, plan for, and implement compliance requirements
  • Perform training, change management, and communication support for CIP implementations and ongoing compliance activities
  • Provide leadership, support, input, and oversight for the implementation of the NERC CIP Recovery Plan
  • Influence new standard development through industry and regulator engagement

Qualifications & Skills:

  • Experience with large programs and efforts, particularly with Agile method experience
  • Understanding of basic principles of power system protection theory, practices, and application
  • Certified Information Systems Security Professional (CISSP) certification
  • Audit certifications such as: Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified
  • Government Auditing Professional Certification (CGAP), NIST Cybersecurity Framework (CSF) Foundation, etc.
  • Ability to communicate clearly, concisely and accurately with peers, customers, team members, and leadership verbally and in writing