Director-NERC CIP Compliance
Tallgrass · Lakewood, CO · 1 mo ago
Management$190k–$284k/yrFull-time
Responsibilities
- NERC CIP Program Leadership
- Own and lead the end-to-end NERC CIP compliance program, including interpretation and application of applicable CIP standards and requirements.
- Develop, maintain, and execute the NERC CIP compliance calendar, ensuring all periodic requirements, reviews, testing, and evidence collection activities are completed on time.
- Serve as the primary point of contact for NERC CIP compliance matters across Cyber Security, IT, OT, Engineering, Operations, Legal, and Compliance teams.
- Compliance Execution & Evidence Management
- Define, document, and maintain compliance processes, procedures, controls, and supporting documentation required to meet NERC CIP obligations.
- Establish and manage an evidence management framework that ensures artifacts are complete, accurate, traceable, and audit-defensible.
- Career Development
- Track, manage, and report on compliance gaps, remediation plans, exceptions, and corrective actions through closure.
- Audit Readiness & Regulatory Interface
- Prepare the organization for NERC CIP audits, spot checks, and data requests, including coordination of evidence collection and stakeholder responses.
- Act as the primary liaison with auditors, regulators, and company stakeholders for NERC CIP matters.
- Support audit walkthroughs, interviews, and evidence reviews, and manage follow-up actions resulting from audit findings.
- Cross‑Functional Coordination
- Partner closely with OT engineering and operations teams to ensure controls are implemented in a manner that supports safe, reliable operations.
- Coordinate with Cyber Security Operations and Cyber GRC to align NERC CIP requirements with broader cyber security governance, policy, and risk management activities.
- Work with Legal and Compliance teams as needed to address regulatory interpretation, documentation, and response requirements.
- Reporting & Continuous Improvement
- Develop and maintain metrics and reporting that provide leadership visibility into NERC CIP compliance status, risks, trends, and remediation progress.
- Identify opportunities to streamline compliance processes, improve evidence quality, and reduce audit risk through standardization and automation where appropriate.
- Stay current on changes to NERC CIP standards, guidance, and industry practices, and assess impacts to the organization.
Qualifications
- Bachelor’s degree from an accredited institution in Electrical Engineering, Law, Information Security, Engineering, Information Systems, Computer Science, or a related discipline; or equivalent experience.
- Minimum of 10 years of experience leading, managing, or supporting NERC CIP compliance programs in power generation environments.
- Strong working knowledge of NERC CIP standards, compliance lifecycle, and audit expectations.
- Experience coordinating compliance activities across IT, OT, Engineering, and Operations teams.
- Familiarity with evidence management, internal controls testing, and audit readiness practices.
- Ability to translate regulatory requirements into practical, operationally feasible controls.
- Demonstrated ability to drive accountability across cross-functional teams without direct reporting authority.