Cyber Security Compliance Analyst (NERC CIP Compliance)

Job summary
The cyber security compliance analyst is responsible for providing oversight, implementation guidance, document maintenance, and tactical direction to Platte River’s business units complying with North American Electric Reliability Corporation (NERC) CIP requirements. This individual participates in enterprise-wide CIP documentation drafting, conducts internal audits and spot checks, conducts CIP status meetings, leads CIP implementation project teams, participates in standards drafting, oversees compliance task completion and evidence creation to ensure successful CIP compliance implementation is met across all applicable business units.

The position resides within SCADA Services at Platte River's headquarters in Fort Collins and provides CIP support to the entire organization.

Essential duties and responsibilities

• Responsible for coordinating all efforts associates with preparation of regulatory documents for submissions. Provides compliance technical oversight to CIP activities companywide.
• Serves as subject matter expert and guides staff with the implementation of CIP processes, procedures, and evidence creation.
• Maintains and participates in drafting CIP standard operating procedures, policies, workplan instructions, and document forms.
• Monitors and tracks all NERC CIP compliance activities using compliance management software.
• Interpret regulatory rules or rule changes and ensure that changes are communicated through company policies and procedures.
• Supports all phases of NERC CIP reliability audit activities, which includes responses to self-certifications, spot checks, and annual audit activities.
• Responsible for preparation and drafting of additional information, documents, or responses requested by NERC, WECC, or other agencies.
• Collects responses from NERC and provides input on process improvements.
• Perform investigative actions utilizing security and network management applications to manage information protection security controls.
• Conducts internal audits, spot checks, and risk analysis to mitigate potential non-compliance issues.
• Creates, updates, and provides training to staff to ensure they are trained on compliance related topics, policies, or procedures.
• Coordinates and leads CIP compliance status meetings to communicate compliance requirements.
• Works safely and demonstrates safe work practices.

Other duties

• Attends conferences and workshops associated with CIP requirements to proactively engage in training to maintain current knowledge of existing and emerging regulations and standards.
• Maintains relationships with NERC, WECC and other compliance and utility industry personnel.
• Performs other duties as assigned.

Knowledge, skills and abilities

The following are required:

• Demonstrated ability to analyze, draw conclusions and devise solutions to complex problems.
• Strong computer and networking skills.
• Knowledge of bulk electric system concepts.
• Knowledge of power system operations concepts.
• Thorough understanding of NERC CIP regulation standards.
• Thorough understanding of cyber security concepts.
• Ability to interpreted CIP requirements and create required processes, plans or procedures.
• Effective written and verbal communication and evidence documentation skills.
• Ability to work with people having varying technical skill levels.
• Ability to manage projects and time effectively to meet strict regulatory deadliness.
• Ability to follow processes and procedures.

The following are preferred:

• Knowledge of generally accepted government accounting standards.

Qualifications

Education, licenses and certifications

• Bachelor’s degree in Computer Science, Information Systems/Technology, Engineering, Cyber Security, or equivalent
• Cyber security related certifications
• Current valid driver’s license and ability to remain insurable under Platte River’s vehicle liability policy

Required work experience

• 3 years of experience configuring, maintaining, and troubleshooting any of the following: SCADA/EMS, digital control systems (DCS), networks or server infrastructure.
• 3 years of experience designing, configuring, and maintaining cyber security controls.

Preferred work experience

• 5 years experience configuring, maintaining, and troubleshooting SCADA/EMS, digital control systems (DCS), networks or server infrastructure.
• 5 years experience designing, configuring and maintaining cyber security controls.
• Experience implementing NERC CIP standards including documenting processes, participating in audits as an SME and leading compliance initiatives.

Physical requirements

While performing the duties of this job, the employee is required to frequently sit, stand, and walk. The following are approximate requirements and % of time:

• Sitting: 30%
• Standing: 5%
• Walking 30%
• Lifting up to 30 lbs. 5%
• Travel: 5% for conferences and trainings

Bi-weekly salary range for position: $3,738.92 - $5,140.92 (placement DOQ)

(range if annualized: $97,212 - $133,664)