CIP/O&P ENGINEER/SPECIALIST, RISK ASSESSMENT AND MITIGATION

About The Position

Requirements

• Comprehensive and in-depth knowledge of the NERC CIP and/or O&P reliability standards.
• Working knowledge of Bulk Electric System engineering, operations, and technical issues as they apply to NERC Reliability Standards.
• Excellent organizational and time management skills.
• Project management skills.
• Ability to work with and analyze data-intensive and detailed information, and to draw meaningful conclusions from that information.
• Computer skills, proficient with Microsoft Office applications, including Word, Excel, Access, and PowerPoint.
• Effective communication skills (face-to-face, telephone, written and email, and presentation skills).

Nice To Haves

• Five years of experience in electric utility industry operations, with experience working within an electric utility Control Center preferred.
• Four year degree in Electrical Engineering, Computer Engineering, or similar advanced degree, or equivalent work experience.
• Professional Engineer license (PE)
• NERC Certified System Operator (NCSO)
• Certified Information System Auditor (CISA)
• Certified Information System Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)

Responsibilities

• Provide subject matter expertise on the CIP and/or O&P reliability standards.
• Act as compliance Single Point of Contact (SPOC) for registered entities, as assigned, to respond to potential noncompliances, and investigate, evaluate and make risk determinations of alleged violations; record relevant violation information in the compliance tracking and reporting system.
• Develop comprehensive risk determination documentation comprising the relevant record for each assigned CIP and/or O&P noncompliance processed.
• Communicate with registered entities, NERC, and other regions as necessary to investigate noncompliances and to pursue appropriate enforcement actions.
• Review submitted mitigation plans for appropriate content; work with registered entities to produce mitigation plans to remedy violations and recommend mitigation plans for regional acceptance.
• Respond to inquiries from registered entities, other SERC staff, other regional entities and NERC.
• Obtain, document, and reference evidence and documentation in support of settlement discussions.
• Utilize, create and maintain when appropriate, database queries and reports in support of compliance processing.
• File documentation related to each step of the Compliance Monitoring and Enforcement Program process in the appropriate documentation repository.
• Develop and produce compliance enforcement materials in support of presentations to the SERC Board of Directors and committees.
• Perform initial screening and prioritization of new issues (self-report, audit findings, complaints, disturbances, or events).
• Provide evidence, testimony, and documentation in support of Hearing Proceedings, as needed.
• Assess regional risk on a periodic basis.
• Assess entity level risk and controls in preparation for scoping compliance monitoring activities, as appropriate.
• Assess risk / harm of Possible Violations and recommend Enforcement disposition commensurate with the assessed risk posed by the specific violation.
• Identify and analyze emerging risks that have potential impact to the Bulk Electric System in conjunction with events analysis and compliance assessments.
• Develop registered entity risk assessments.
• Participate in registered entity internal control reviews.
• Assume responsibility as a subject matter expert for the development and revision of compliance implementation procedures and guides.
• Review and summarize data analysis on CIP-related issues, including themes and trends.
• Manage potential non-compliances of CIP and/or O&P issues and their related mitigation plans.
• Facilitate, and lead where applicable, inter-regional working groups including scheduling and meeting preparations, agenda management, taking minutes, and maintaining task lists; participate in stakeholder interface group meetings, as assigned.
• Perform other assignments as directed.

Benefits

• Generous PTO package
• Paid holidays
• Medical insurance
• Dental insurance
• Vision insurance
• Life insurance
• Short-term disability insurance
• Long-term disability insurance
• 401(k) plan with an organization contribution of up to 14%