NERC CIP Compliance Consultant – Remote
The position of Senior NERC CIP Compliance Consultant will have responsibility defining policy, architecting, integrating and identifying high impact asset systems supporting the Bulk Power System high impact assets at perspective client sites. This is a 6-12 month project with emphasis on LITIGATION. Extensive ANALYTICAL & WRITING skills will be utilized. The consultant will support existing staff on current projects working remote with some possible travel. This position reports to the Manager of Compliance & Infrastructure Protection Group and will act as the Sr. Critical Infrastructure Protection (CIP) compliance engineer. This position will be the staff expert in cyber security and all CIP Standard controls and best practices including the self-auditing of the NERC CIP Standards. This position may require all levels of system security support including: policy, design, build, implementation, configuration, cross-functional coordination, and testing.
Principal Duties and Responsibilities:
• This is a hands-on position and the consultant will be very involved in the daily tasks. Provide risk reviews, computer operations security, and privacy issues including hardware, software, and network hardening and internal control risk management in large-scale networks and network vulnerability assessments security requirements and cryptography, intrusion detection/incident handling, business continuity;
• Perform security initiatives which provide overall risk mitigation while maintaining business agility; works directly with business units to facilitate IT risk assessment and risk management policies and processes.
• Perform research, coordination, development and communication of CIP policies, procedures and standards as set forth by regulatory requirements from NERC, FERC, WECC and other regulatory agencies; implements and maintains CIP and associated cyber security standards including calendar driven activities for control owners; works with all CIP asset owners to ensure CIP compliance.
• Perform cybersecurity risk assessments, audits, and incident investigations; keeps abreast of security incidents and act as primary control point during significant information security incidents; establishes procedures to address security incidents, develops cyber security contingency plans to be activated in response to cybersecurity breaches, violations and incidents.
• Develop and implement standards and operating procedures per regulatory compliance requirements
• Develop Disaster recovery plans, exercises, and actual events
• Work with vendors, application developers, database administrators, corporate IT, and other technology groups to resolve any problems
• Conduct routine hardware and software audits of all supported systems to ensure compliance with established standards, policies, procedures, and requirements
• Validate policies, procedures and documentation as they relate to the NERC CIP and other regulatory compliance requirements
• Audit regulatory compliance documentation and generate variance reports
• Provide staff expertise on cyber security
Qualified candidates must possess:
• Strong Expertise in networking, systems, and application security
• CISSP, CISA, SANS or other similar certifications
• Experience with UNIX/Linux; Microsoft Windows; familiarity with Perl, Shell, and SQL (scripting);
• Knowledge of technology platforms and web-based applications; basic understanding of infrastructure control procedures and security (Networks, and UNIX / Windows servers and databases); reporting and creating metrics
• Ability to apply expertise to new and novel ways of securing systems
• Strong customer orientation
• Advanced written and oral communication skills
• Ability to effectively prioritize tasks in a fast-paced and high-pressure environment.
• Utilizing techniques for planning, organizing, directing and controlling work activities; methods and techniques for training staff; policies and procedures for evaluating and recording performance results
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology or related discipline and/or 7 years' equivalent experience.
• Experience in cyber security or related area, with a minimum of 7 years of experience.
• Excellent organizational skills with an ability to work on multiple projects simultaneously.
• Excellent presentation, written and verbal communication skills.
• Proficient with Microsoft Office applications, including Word, Excel, Access and Power Point.
• Ability and willingness to travel approximately 60% to 100% to perform on-site compliance audits.
• Proven self starter with the ability to work effectively in a team environment as well as individually on complex work assignments.
• Must be able to clear a 7-year background check
• Valid driver's license required. In addition, must meet standards to qualify for and maintain the Company's vehicle driving privileges as outlined in the Company's Motor Vehicle Safety Policy.
One or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Project Management Professional (PMP), etc.
Pinnacus focuses on customer satisfaction and providing the highest level of service in the industry. We are dedicated to closely accompanying every detail of the hiring process for both clients and candidates. We pride ourselves on being readily available to answer questions, provide solutions and offer assistance every step of the way.
Our industry expertise encompasses all level of staffing requirements, and our experience and commitment is guaranteed to satisfy your highest expectations.
Why Work Here?Our firm focuses on providing custom placements to form a seamless fit for your company and your needs. Pinnacus focuses on customer satisfaction and providing the highest level of service in the industry. We are dedicated to closely accompanying every detail of the hiring process for both clients and candidates. We pride ourselves on being readily available to answer questions, provide solutions and offer assistance every step of the way. Our industry expertise encompasses all level of staffing requirements, and our experience and commitment is guaranteed to satisfy your highest expectations.
A staffing company like no other! Looking for the perfect job? Look no further and let Pinnacus lead your way!