CIP Compliance Specialist (NERC/Critical Infrastructure Protection)

About The Position

Requirements

• A bachelor's degree in computer science, information systems, accounting, business administration, public administration, or a related field
• Three (3) years of cyber security, auditing, compliance, regulatory, or related experience, with at least one (1) year in a regulatory or compliance environment.
• A valid driver's license is required prior to employment and must be maintained during employment in this classification.

Nice To Haves

• Utility experience is preferred.
• CISSP, or CISA, or CRISC is preferred.

Responsibilities

• Achieving team objectives for the enterprise NERC CIP Cybersecurity Compliance Program.
• Responsible for enterprise Cyber Security controls as applicable, to adhere to regulatory requirements such as HIPAA, PII, PCI, etc.
• Works closely with multiple internal Business Areas to ensure effective, efficient and consistent adherence with the NERC CIP Standards
• Developing and maintaining the Program Standards, Procedures, Processes and Tools and performing quality assurance (QA) and validation to ensure compliance is achieved.
• Perform technical feasibility reviews, quality assurance (QA) reviews, and validation reviews of CIP or Cyber Security-related implementations and associated evidence to ensure compliance with CIP cybersecurity policy and with the NERC CIP Standards.
• Develop interpretations of new CIP Standards or other regulatory standards using a variety of inputs such as regulatory guidance and industry benchmarking to produce clear descriptions of compliance obligations for internal stakeholders to use as guidance for implementations.
• Develop modifications to the CIP cybersecurity policy that are triggered by: new and/or changing NERC Standards, newly published guidance from the regulators, and by internal requests for improvements
• Provide enterprise coordination, project oversight, reporting, and issue resolution for implementation of future versions of the NERC CIP Standards.
• Prepare reports on the results of internal reviews of compliance evidence, including categorization of findings and recommendations to be addressed.
• Support implementations of technologies to augment NERC CIP Compliance Program to drive efficiency and sustainability in the pursuit of both compliance and operational goals.
• Consult with internal business area personnel to ensure that they understand, plan for, and implement compliance requirements.
• Perform training, change management, and communication support for CIP implementations and ongoing compliance activities.
• Maintain SharePoint evidence repository for Critical and sensitive CIP evidence storage.
• Facilitate performance Cyber Security Risk assessment for vendors' security compliance.
• Analyze security documents/configurations for various security application platform or ability to learn during engagements.
• Perform Excel based analysis and comparison for outputs generated by Cyber Security systems such as NetStat, WinAudit, ACL, Syslogs, etc.
• Stay abreast of and complies with local, state, and federal legal requirements by studying existing and new legislation.
• Provide leadership and example in meeting JEA's safety and wellness goals.
• Perform other job-related duties as assigned.

Benefits

• JEA offers a generous benefits and compensation package, with most benefits starting on your first day of employment .
• Paid Time Off: 13 paid holidays plus an exceptional annual leave benefit to be used for vacation, personal and sick time.
• Medical: Three comprehensive medical plans offered as options for you and your dependents–including one plan with 100% paid coverage for the employee.
• Other Benefits: Exceptional benefits package beginning from first day of employment.
• Dental
• Vision
• Health accounts – employer sponsored HSA and HRA
• Flexible spending accounts
• Tuition reimbursement
• Life insurance, accidental death & dismemberment, short-term and long-term disability and more.
• Retirement: JEA provides a great benefits and retirement package for its employees. Employees may begin participation in the 457 Deferred Compensation Plan on day one of employment. Employees have the flexibility to choose from a variety of investment options to help them achieve their retirement goals.
• Health & Wellness To encourage our employees to develop and maintain good health, JEA offers access to the Healthy Lifestyles Wellness program as well as 11 onsite fitness centers. From annual flu shots and biometric screenings to health risk assessments and periodic access to an on-site mobile mammography unit, the program offers something for everyone.