Principal Cybersecurity Compliance Analyst
GFT · Oakland, CA · 2 wk ago
HybridEngineering$150k–$200k/yrFull-time
What You Will Do
GFT is seeking a Principal Cybersecurity Compliance Analyst to join our Security and Safety team in Northern California. This role follows a hybrid work model, requiring regular attendance at our client's office.
- Lead and support the development, implementation, and continuous improvement of governance, risk, and compliance (GRC) programs aligned with FERC (D2SI SPHP Section 9) and NERC CIP standards for PG&E’s power generation assets.
- Develop, maintain, and operationalize policies, procedures, standards, and guidelines to meet regulatory requirements and industry best practices.
- Conduct compliance gap assessments, risk analyses, and control testing for cybersecurity and OT systems.
- Prepare and maintain audit-ready documentation, including compliance narratives, evidence repositories, and records retention practices.
- Collaborate with cybersecurity, IT, OT, engineering, legal, and enterprise risk teams to align compliance requirements with business operations.
- Serve as a liaison between technical teams and compliance leadership to translate regulatory requirements into actionable controls.
- Track compliance metrics, risks, and issues; prepare reports and dashboards for leadership.
- Monitor regulatory developments, FERC and NERC standards changes, and enforcement trends.
- Support compliance training and awareness efforts for internal stakeholders.
- Assist in the integration of compliance controls into operational and cybersecurity processes.
- Participate in mock audits, tabletop exercises, and incident response planning.
What You Will Bring To Our Firm
- Bachelor’s degree in cybersecurity, information systems, engineering, business, or a related field.
- Minimum of 10 years of relevant experience in the power utility industry, with a focus on governance, risk, and compliance (GRC), cybersecurity, or operational technology.
- Deep working knowledge of NERC CIP standards and the FERC regulatory environment.
- Direct experience supporting NERC CIP audits (self-certifications, spot checks, or enforcement actions).
- Experience with compliance documentation, evidence collection, and audit support.
- Familiarity with electric utility operations, OT environments, or ICS/SCADA systems.
- Strong analytical, organizational, and technical writing skills.
- Excellent communication and interpersonal skills, with the ability to work independently and collaboratively.
- Certification from a recognized risk, governance, or cybersecurity organization (e.g., CISSP, CISM, RIMS-CRMP, or equivalent) required.
Education | Experience
The ideal candidate will have a proven track record of managing compliance projects within highly regulated environments, particularly in the energy or utilities sector.
Featured Benefits
- Hybrid (in-person and remote) work environment.
- Comprehensive benefits package including wellness programs, parental leave, and pet insurance, in addition to medical, dental, vision, disability, and life insurance.
- Tax-deferred 401(k) savings plan.
- Competitive paid-time-off (PTO) accrual.
- Tuition reimbursement for continued education.
- Commitment to professional development, access to internal and external training programs, and support of active participation in professional organizations.
- Incentive compensation for eligible positions.
Compensation
The salary range for this role is $150,000 - $200,000. Salary is dependent upon experience and geographic location.
Location
Locations: Sacramento, CA; Roseville, CA; Oakland, CA
Core Business Hours
Core Business Hours: 8:00 AM – 5:00 PM
Employment Status
Full-Time