Manages and provides input for Critical Infrastructure Protection Compliance efforts and strategies for GSOC's and GTC's requirements as a NERC registered entity. Coordinates the expertise across cross-functional and cross-company areas to achieve a unified strategy for complying with NERC Critical Infrastructure Protection (CIP) and related standards. Manages the compliance calendar for CIP activities including tracking implementation of mitigation milestones, recommendations, areas of concern, etc.. Facilitates and assists in the development and dissemination of CIP policies, procedures, and guidelines that will help GSOC and GTC maintain reliable and compliant operations. Facilitates and assists in the collection of evidence and records to demonstrate compliance. Directs the archival and retention / destruction of CIP documents and compliance evidence / records. Acts as the System Operations liaison with the GSOC NERC Compliance group regarding NERC CIP compliance matters and System Operations. Coordinates across cross-functional areas to provide regulatory guidance on evolving SERC, NERC, and FERC rulings and procedures to ensure GSOC's and GTC's interests are protected. Facilitates and assists System Operations in influencing changes to NERC and SERC standards and in preparing for changes in those standards and in business processes and controls. Communicates to subject matter experts on development of regulatory compliance matters. Promotes an environment of continuous improvement to meet corporate compliance goals and objectives. Makes recommendations to all levels of upper management including Executive Staff regarding CIP compliance matters.

Additionally, this position will support other cross-functional special projects within Power Technology. Provides input to the Power Technology budget and assists in managing and reviewing various Power Technology contracts.

Job Duties:

• Plan activities including managing the CIP compliance calendar. Coordinate the completion of compliance activities across Power Technology especially including any mitigation plan milestones.
• Coordinate cross-functional and cross-company compliance activities to ensure a unified strategy for achieving compliance with NERC CIP requirements. Organize, conduct meetings, and or provide periodic status reporting for key stakeholder and executive committees that provide program oversight.
• Maintain awareness of and advise others of NERC, SERC, NATF, and GSOC compliance monitoring and enforcement practices. Serve as a focal point of contact and liaison with appropriate Family of Company members in determining the applicability and responsibility for overlapping standards relating to Critical Infrastructure Protection.
• Manage the compliance evidence and record collection, archiving, and retention/destruction processes.
• Direct and manage projects as assigned for purposes of audit preparation, self-certifications, self-reports, or other related projects as needed.
• Provide support and expertise to cross-functional Power Technology projects or other special projects as assigned.
• Provide input to the Power Technology budget. Assist in managing and reviewing Power Technology contracts.

Required Qualifications:

Education : Bachelor's Degree in Engineering, Business, Science, Cyber Security, Law, or Similar. Master's Degree a plus.

Experience : Eleven years' experience with increasing responsibilities. Experience may include physical security, cyber security, network engineering/operations, information technology, SCADA/EMS infrastructure support, security auditing, CIP auditing, CIP compliance, CIP compliance enforcement, CIP standards. At least 3 years' experience must be in the electricity sub-sector. At least 3 years' experience must be directly related to Critical Infrastructure Protection. Must also have experience with technical writing.

Equivalent Experience : Twenty years of experience as described above with at least 10 in the electricity sub-sector and 10 directly related to Critical Infrastructure Protection.

Licenses, Certifications, and/or Registrations : CISSP, PE, CPP, PSP, CISM, CISA, GCIA, or GCIP a plus. Must obtain and maintain Bulk Electric System Cyber Authorized Status as defined in GSOC's CIP Cyber Security Policy 301 and NERC Reliability Standard CIP 004 - Personnel Risk Assessment.

Specialized Skills : Must possess excellent demonstrated technical writing, attention to detail, and organizational skills. Should also possess excellent verbal communication and time management skills as well as the ability to establish and maintain effective working relationships as necessitated by the work. Strong working knowledge of Microsoft Office suite is required. Previous experience using Microsoft SharePoint, Visio, and Adobe Acrobat is desirable. Must be able to pass a NERC CIP personnel risk assessment screening. Capable of preparing and delivering presentations to all levels of management industry groups.