NERC CIP Virtualization Consultant
Dragonfli Group · Washington, DC · 1 wk ago
RemoteRemoteInformation TechnologyFull-time
Responsibilities
- Review and update existing NERC CIP policies and procedures to reflect virtualization requirements under NERC Project 2016-02
- Develop new documentation for in-scope BES Cyber Systems across all project phases including design, build, and delivery
- Document technical and procedural requirements for virtualized environments supporting critical infrastructure
- Develop testing and evidence collection strategies to support CIP compliance audits
- Update Management Model documentation to reflect changes in processes and procedures
- Conduct awareness and education sessions to drive organizational understanding of CIP virtualization changes
- Leverage assessment tools such as Tripwire or AssurX to support gap analysis and ongoing compliance monitoring
- Collaborate with internal stakeholders across IT, OT, and compliance functions to socialize policy changes
- Serve as a subject matter expert on NERC CIP standards, providing technical and regulatory guidance to project teams
- Support engagement planning, analysis, and stakeholder coordination throughout all project phases
Requirements
- Must-Have:
- 5+ years of experience with NERC Critical Infrastructure Protection (CIP) standards in an energy, utilities, or electric reliability context
- Demonstrated experience with virtualization technologies (e.g., VMware, Hyper-V, or equivalent) as applied to OT/ICS or BES Cyber Systems
- Experience developing, updating, and implementing cybersecurity policies and procedures in a regulated utility or energy environment
- Familiarity with NERC Project 2016-02 (Modifications to CIP Standards) and the regulatory context for CIP virtualization
- Ability to communicate complex technical and regulatory concepts to non-technical stakeholders
- Experience conducting or supporting NERC CIP compliance assessments, audits, or gap analyses
- Proficiency producing professional deliverables in Microsoft Word, PowerPoint, and Excel
- U.S. Citizenship or Permanent Residency (required per contract)
- Ability to work within the continental United States for the duration of the engagement
- Preferred / Nice-to-Have:
- Experience with Tripwire Enterprise or AssurX Quality Management/Regulatory Compliance software in a NERC CIP context
- Prior consulting or subcontracting experience in a multi-stakeholder energy sector engagement
- NERC CIP certification or formal NERC compliance training (e.g., through SERC, WECC, or NERC University)
- Familiarity with the BES Cyber System categorization process and associated protection requirements
- Experience with evidence collection and audit readiness for NERC CIP regional entity reviews
- Working knowledge of OT/SCADA environments and their intersection with CIP virtualization standards
- Prior experience transitioning from short-term compliance engagements to long-term regulatory support roles
Skills
- Technical Skills:
- NERC CIP Standards (CIP-002 through CIP-014, with focus on virtualization-applicable standards)
- Virtualization technologies: VMware vSphere, Hyper-V, or equivalent hypervisor platforms
- OT/ICS and BES Cyber System environments
- Policy and procedure development for regulatory compliance
- Cybersecurity assessment and gap analysis methodologies
- Tripwire Enterprise (file integrity monitoring and configuration management)
- AssurX quality management and regulatory compliance tracking
- Evidence collection and audit documentation for NERC CIP
- Soft Skills:
- Ability to socialize complex compliance changes across technical and non-technical stakeholder groups
- Strong written communication skills for producing regulatory-quality documentation
- Organizational awareness — ability to navigate large, matrixed utility organizations
- Self-directed with the discipline to manage deliverables in a remote-first environment
- Collaborative approach to cross-functional policy development and implementation
- Adaptability to transition from short-term compliance delivery to a long-term program support role