Director-NERC CIP Compliance

About The Position

Requirements

• Bachelor’s degree from an accredited institution in Electrical Engineering, Law, Information Security, Engineering, Information Systems, Computer Science, or a related discipline; or equivalent experience.
• Minimum of 10 years of experience leading, managing, or supporting NERC CIP compliance programs in power generation environments.
• Strong working knowledge of NERC CIP standards, compliance lifecycle, and audit expectations.
• Experience coordinating compliance activities across IT, OT, Engineering, and Operations teams.
• Familiarity with evidence management, internal controls testing, and audit readiness practices.
• Ability to translate regulatory requirements into practical, operationally feasible controls.
• Demonstrated ability to drive accountability across cross-functional teams without direct reporting authority.
• Must possess and maintain a valid driver’s license and a driving record satisfactory to the company and its insurers (for travel).
• Strong organizational and attention-to-detail skills with the ability to manage multiple compliance activities and deadlines simultaneously.
• Effective written and verbal communication skills, including the ability to clearly explain regulatory requirements to technical and non-technical stakeholders.
• Ability to work collaboratively across functional boundaries and influence decisions without direct authority.
• Sound judgment and professionalism when handling regulatory, compliance, and audit-related matters.
• Ability to bring structure to ambiguity and maintain focus on the highest-priority risks and obligations.
• Must be able to sit for prolonged periods of time.
• The employee is regularly required to use hands to type, touch, handle, or feel.
• The employee is required to talk and hear.
• The employee is frequently required to stand and reach with hands and arms.
• The employee is occasionally required to walk and climb or balance.
• The employee must regularly lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds.
• Will work non-traditional hours as needed.
• Required to carry a cell phone and be available to respond during working and non-working hours.
• Candidates will be required to clear a drug screen and complete a background check, including a credit report for certain positions after an offer has been extended and prior to being employed.
• Provide leadership for the NERC CIP compliance program, including direct management of assigned team members and coordination across cross-functional stakeholders.

Nice To Haves

• NERC‑related or security certifications (e.g., CISSP, CISM, CISA, CRISC) preferred but not required.
• Bachelor’s degree in Electrical Engineering or Juris Doctor preferred.
• Experience standing up, leading, or maturing a NERC CIP compliance program.
• Experience supporting NERC CIP audits, spot checks, or regulatory inquiries.
• Experience in power generation or other critical infrastructure environments.
• Familiarity with OT/ICS security concepts and operational constraints.
• Experience developing compliance metrics, dashboards, and executive-level reporting.

Responsibilities

• NERC CIP Program Leadership Own and lead the end-to-end NERC CIP compliance program, including interpretation and application of applicable CIP standards and requirements.
• Develop, maintain, and execute the NERC CIP compliance calendar, ensuring all periodic requirements, reviews, testing, and evidence collection activities are completed on time.
• Serve as the primary point of contact for NERC CIP compliance matters across Cyber Security, IT, OT, Engineering, Operations, Legal, and Compliance teams.
• Compliance Execution & Evidence Management Define, document, and maintain compliance processes, procedures, controls, and supporting documentation required to meet NERC CIP obligations.
• Establish and manage an evidence management framework that ensures artifacts are complete, accurate, traceable, and audit-defensible.
• Coordinate and perform internal compliance reviews and self-assessments to validate ongoing adherence to NERC CIP requirements.
• Track, manage, and report on compliance gaps, remediation plans, exceptions, and corrective actions through closure.
• Audit Readiness & Regulatory Interface Prepare the organization for NERC CIP audits, spot checks, and data requests, including coordination of evidence collection and stakeholder responses.
• Act as the primary liaison with auditors, regulators, and company stakeholders for NERC CIP matters.
• Support audit walkthroughs, interviews, and evidence reviews, and manage follow-up actions resulting from audit findings.
• Cross‑Functional Coordination Partner closely with OT engineering and operations teams to ensure controls are implemented in a manner that supports safe, reliable operations.
• Coordinate with Cyber Security Operations and Cyber GRC to align NERC CIP requirements with broader cyber security governance, policy, and risk management activities.
• Work with Legal and Compliance teams as needed to address regulatory interpretation, documentation, and response requirements.
• Reporting & Continuous Improvement Develop and maintain metrics and reporting that provide leadership visibility into NERC CIP compliance status, risks, trends, and remediation progress.
• Identify opportunities to streamline compliance processes, improve evidence quality, and reduce audit risk through standardization and automation where appropriate.
• Stay current on changes to NERC CIP standards, guidance, and industry practices, and assess impacts to the organization.