Senior NERC CIP Compliance Analyst
Program Ownership
Build, optimize, and maintain on-site processes and documentation to ensure continuous adherence to NERC CIP standards.
Asset & Baseline Management
Maintain accurate cyber asset inventories and manage baseline change control workflows.
Audit Leadership
Lead RSAW/ERT preparation and submission for Regional Entity audits, spot checks, and compliance investigations.
Access Control
Maintain compliant physical and electronic security perimeters and access controls for all site assets.
Routine Compliance
Execute daily, monthly, quarterly, and annual CIP compliance activities in accordance with program procedures.
Liaison & RFI Coordination
Serve as the primary site contact for Regional Entities; coordinate cross-functional teams to fulfill RFIs and remediate findings.
Training Delivery
Deliver and support mandatory NERC CIP cybersecurity compliance training programs for site personnel.
Patch Management
Direct the end-to-end patch management lifecycle, ensuring BES Cyber Assets are monitored and updated within regulatory timelines.
Incident Response & Drills
Lead the annual testing, documentation, and reporting of the Cyber Security Incident Response Plan (CIP-008) and Recovery Plans (CIP-009).
Vulnerability Assessments (CIP-010)
Orchestrate annual Critical Vulnerability Assessments (CVAs) while ensuring zero adverse impact to operational BES infrastructure.
Information Protection
Oversee the identification, classification, and secure handling of Bulk Electric System (BES) Cyber System Information (BCSI) to prevent unauthorized disclosure.
Supply Chain Risk (CIP-013)
Lead supply chain risk assessments and collaborate with procurement/legal to enforce cybersecurity contract clauses.
Self-Assessments & Mitigation
Conduct proactive internal compliance self-assessments; manage the identification, self-logging, and mitigation of compliance deviations.
Requirements
- Bachelor’s degree in Engineering, Computer Science, IT, Cybersecurity, or a related technical discipline (equivalent direct experience considered).
- Minimum of 7–10 years of professional experience in regulatory compliance, power utility operations, or industrial cybersecurity.
- At least 5 years of hands-on experience implementing and managing a NERC CIP compliance program across Medium or High-impact assets.
- Demonstrated success drafting RSAWs, preparing ERT responses, and managing RFIs during Regional Entity audits or spot-checks.
- Deep operational understanding of the 35-day patch/baseline lifecycle (CIP-007/010), security perimeters (CIP-005/006), and supply chain management (CIP-013).
- Ability to successfully pass a mandatory NERC CIP-004 Personnel Risk Assessment and background check.
- Ability to work full-time on-site at the designated facility, travel up to 25% as needed, and safely navigate physical plant environments.
- Ability to perform physical job duties, including lifting to 25 pounds, climbing, bending, and working in industrial environments (Use of PPE is required).
Preferred Skills And Certifications
- Prior experience working directly within a power generation plant, transmission control center, or EMS/GMS environment.
- NERC Certified Compliance Professional (NCCP) designation.
- CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or CISM (Certified Information Security Manager).
- SANS GIAC certifications, specifically GCIP (GIAC Critical Infrastructure Protection) or GICSP (Global Industrial Cyber Security Professional).
- Established working relationships and direct audit experience with our specific Regional Entity (e.g., SERC, WECC, NPCC, RF, MRO, Texas RE).
Summary
Applicants must possess a valid driver's license and maintain a clean driving record, as this position requires occasional travel for company business. Candidates should be comfortable operating a vehicle as part of their job responsibilities and must meet any applicable company and insurance requirements.
CAMS offers a variety of excellent benefits. Full-time employees are offered the following: medical, dental, vision, LTD, STD, and Life insurance plans. You can even select additional “a la carte” benefits to meet all your needs. You can also enroll in our 401k, flex spending accounts for medical and childcare needs, and participate in our employee referral and tuition reimbursement programs.
Qualified Applicants must be legally authorized for employment in the United States. Qualified Applicants will not require employer sponsored work authorization now or in the future for employment in the United States. We believe in transparency and providing candidates with important information to make informed decisions. The salary range for this position is commensurate with experience, qualifications, and location. Actual compensation will be determined based on several factors, including but not limited to skills, experience, and relevant qualifications. This range represents the base salary and does not include other forms of compensation, such as bonuses, benefits, or equity, which may be offered in addition to the base pay. The company reserves the right to modify compensation ranges at any time in accordance with business needs and market conditions.