Jobs · Engineering · California

Principal Cybersecurity Compliance Analyst

GFT · Oakland, CA · 2 wk ago
HybridEngineering$150k–$200k/yrFull-time

What You Will Do

GFT is seeking a Principal Cybersecurity Compliance Analyst to join our Security and Safety team in Northern California. This role follows a hybrid work model, requiring regular attendance at our client's office.

  • Lead and support the development, implementation, and continuous improvement of governance, risk, and compliance (GRC) programs aligned with FERC (D2SI SPHP Section 9) and NERC CIP standards for PG&E’s power generation assets.
  • Develop, maintain, and operationalize policies, procedures, standards, and guidelines to meet regulatory requirements and industry best practices.
  • Conduct compliance gap assessments, risk analyses, and control testing for cybersecurity and OT systems.
  • Prepare and maintain audit-ready documentation, including compliance narratives, evidence repositories, and records retention practices.
  • Collaborate with cybersecurity, IT, OT, engineering, legal, and enterprise risk teams to align compliance requirements with business operations.
  • Serve as a liaison between technical teams and compliance leadership to translate regulatory requirements into actionable controls.
  • Track compliance metrics, risks, and issues; prepare reports and dashboards for leadership.
  • Monitor regulatory developments, FERC and NERC standards changes, and enforcement trends.
  • Support compliance training and awareness efforts for internal stakeholders.
  • Assist in the integration of compliance controls into operational and cybersecurity processes.
  • Participate in mock audits, tabletop exercises, and incident response planning.

What You Will Bring To Our Firm

  • Bachelor’s degree in cybersecurity, information systems, engineering, business, or a related field.
  • Minimum of 10 years of relevant experience in the power utility industry, with a focus on governance, risk, and compliance (GRC), cybersecurity, or operational technology.
  • Deep working knowledge of NERC CIP standards and the FERC regulatory environment.
  • Direct experience supporting NERC CIP audits (self-certifications, spot checks, or enforcement actions).
  • Experience with compliance documentation, evidence collection, and audit support.
  • Familiarity with electric utility operations, OT environments, or ICS/SCADA systems.
  • Strong analytical, organizational, and technical writing skills.
  • Excellent communication and interpersonal skills, with the ability to work independently and collaboratively.
  • Certification from a recognized risk, governance, or cybersecurity organization (e.g., CISSP, CISM, RIMS-CRMP, or equivalent) required.

Education | Experience

The ideal candidate will have a proven track record of managing compliance projects within highly regulated environments, particularly in the energy or utilities sector.

Featured Benefits

  • Hybrid (in-person and remote) work environment.
  • Comprehensive benefits package including wellness programs, parental leave, and pet insurance, in addition to medical, dental, vision, disability, and life insurance.
  • Tax-deferred 401(k) savings plan.
  • Competitive paid-time-off (PTO) accrual.
  • Tuition reimbursement for continued education.
  • Commitment to professional development, access to internal and external training programs, and support of active participation in professional organizations.
  • Incentive compensation for eligible positions.

Compensation

The salary range for this role is $150,000 - $200,000. Salary is dependent upon experience and geographic location.

Location

Locations: Sacramento, CA; Roseville, CA; Oakland, CA

Core Business Hours

Core Business Hours: 8:00 AM – 5:00 PM

Employment Status

Full-Time

Similar jobs