Senior CIP Assurance Advisor

Our Company

The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC develops and enforces Reliability Standards; annually assesses seasonal and long-term reliability; monitors the bulk power system through system awareness; and educates, trains, and certifies industry personnel. NERC's area of responsibility spans the continental United States, Canada, and the northern portion of Baja California, Mexico. NERC is the Electric Reliability Organization (ERO) for North America, subject to oversight by the Federal Energy Regulatory Commission (FERC) and Provincial authorities in Canada. NERC's jurisdiction includes users, owners, and operators of the bulk power system, which serves nearly 400 million people.

Our Mission

The vision for the ERO Enterprise, which is comprised of NERC and the six Regional Entities, is a highly reliable and secure North American bulk power system. Our mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid.

Your Impact

NERC seeks a mission-focused individual who wants to make a difference by supporting the reliability of the North American electric grid. The Senior CIP Assurance Advisor is primarily responsible for providing oversight, guidance, and coordination in managing programs and processes to monitor, review, and evaluate program effectiveness of the ERO Enterprise implementation of risk-based compliance monitoring and adherence to the NERC Rules of Procedure, Compliance Monitoring and Enforcement Program, Certification Program, and approved delegation agreements. The Senior CIP Assurance Advisor also supports development, implementation, and oversight of the Certification Program for Reliability Coordinators, Balancing Authorities, and Transmission Operators.

In addition, the Senior CIP Assurance Advisor also develops and delivers outreach and training related to risk-based compliance monitoring, certification, as well as compliance guidance implementation. This position reports to the Manager, Compliance Assurance and Certification.

Your Responsibilities and Qualifications

Responsibilities

• Develop and manage compliance assurance activities, including associated project plans, to develop and implement a high-quality risk-based compliance monitoring and certification program.
• Develop and execute oversight programs/processes/activities to evaluate Regional Entity adherence to the NERC Rules of Procedure, Compliance Monitoring and Enforcement Program, and delegation agreements.
• Provide cyber subject matter expertise related to risk management, auditing, and internal controls in support of a high-quality risk-based compliance monitoring and certification program.
• Identify, develop, and effectively deliver cyber security training and outreach to Regional Entities and industry participants.
• Provide Compliance Assurance department leadership with recommendations to improve the regional compliance oversight program.
• Proactively identify opportunities and assist in the ongoing development and improvement of NERC compliance monitoring and enforcement program policies, procedures, rules, and other activities.
• Develop and manage relationships with NERC committees, subcommittees, working groups, and industry stakeholder groups.
• Execute, control, and proactively manage to project schedules, including risk identification, risk mitigation, and change management.
• Report on project status, risks, and achievement of key milestones.
• Conduct Compliance Assurance activities in adherence with NERC Rules of Procedure.
• Collect and analyze data to detect deficient controls and noncompliance with NERC rules and agreements.
• Other duties as assigned.

Qualifications

The successful candidate will have:

• A Bachelor's Degree from an accredited four-year college or university, or equivalent experience.

• At least five years of progressive and successful experience leading cyber security projects, teams, and/or initiatives in a technically and operationally complex business/organization.
• Progressive experience in auditing, internal controls, enterprise risk management, and related governance, risk and control (GRC) frameworks and standards.
• Advanced project management and analytical experience.
• Ability to work independently in a fast-paced environment with minimal direct supervision.
• Competence in interpersonal communications, with the ability to interact diplomatically with people from many levels of industry and government.
• Excellent oral and written communication skills, including editing and proofreading skills.
• Proficiency in using Microsoft Office tools including Word, Outlook, Excel, and PowerPoint.
• Demonstrated group facilitation skills.
• Ability and willingness to travel regularly.

Additional Desirable Qualities

• Knowledge of the NERC Rules of Procedure, NERC Compliance Monitoring and Enforcement Program, and NERC Reliability Standards.
• Prior experience in regulatory compliance oversight and enforcement within a recognized industry, government, or government-authorized agency, especially in conducting performance audits or analysis of program effectiveness of government agency operations (e.g., GAO or other federal or state-level equivalent experience).
• One or more of the following, or related, professional certifications: Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA).
• A master's degree in a related field.
• At least five years of technical cybersecurity security experience, preferably in the electricity sector, utility industry, or industrial control system environment.
• Working knowledge in the critical infrastructure protection of the Bulk Electric System and supporting technologies.
• Advanced knowledge and application of professional auditing standards and principles, such as COSO, GAGAS, and IIA.
• Program design or procedure writing skills.

Other

• Background check is required prior to employment.
• In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
• Travel necessary: Passport required for North American travel.
• This position has been classified as exempt.
• The position may be based remotely but must be able to travel to NERC offices, if needed. Reimbursement of travel expenses will be in accordance with the company's travel and expense reimbursement policies.

Our Culture Declarations

• Everyone at NERC is a leader.
• We are accountable personally and organizationally to deliver on commitments.
• We develop ourselves and people in the organization to ensure that NERC realizes its strategic objectives.
• We are resilient and adaptable to the challenges and needs of the business/people.
• We exude a growth mindset and empower teams to take risks.
• We build collaborative relationships within NERC, the ERO Enterprise, and the stakeholders of NERC.
• We exemplify NERC cultural behaviors.
• We reward, high-quality, creative, and innovative work.
• We strive to attract, engage, and retain top talent.
• We value and respect diverse perspectives.
• We provide a safe, inclusive, and collaborative work environment.
• We form strong relationships within the company, and with the ERO Enterprise.
• We demonstrate curiosity in a wide variety of areas and are open to exploring new situations, knowledge and opportunities for growth and development.
• We demonstrate an anticipatory mindset; preventing problems, and building contingencies where appropriate.
• We are champions for diversity and inclusion. We seek out and value diverse perspectives.