NERC CIP Virtualization Consultant

About The Position

Requirements

• 5+ years of experience with NERC Critical Infrastructure Protection (CIP) standards in an energy, utilities, or electric reliability context
• Demonstrated experience with virtualization technologies (e.g., VMware, Hyper-V, or equivalent) as applied to OT/ICS or BES Cyber Systems
• Experience developing, updating, and implementing cybersecurity policies and procedures in a regulated utility or energy environment
• Familiarity with NERC Project 2016-02 (Modifications to CIP Standards) and the regulatory context for CIP virtualization
• Ability to communicate complex technical and regulatory concepts to non-technical stakeholders
• Experience conducting or supporting NERC CIP compliance assessments, audits, or gap analyses
• Proficiency producing professional deliverables in Microsoft Word, PowerPoint, and Excel
• U.S. Citizenship or Permanent Residency (required per contract)
• Ability to work within the continental United States for the duration of the engagement

Nice To Haves

• Experience with Tripwire Enterprise or AssurX Quality Management/Regulatory Compliance software in a NERC CIP context
• Prior consulting or subcontracting experience in a multi-stakeholder energy sector engagement
• NERC CIP certification or formal NERC compliance training (e.g., through SERC, WECC, or NERC University)
• Familiarity with the BES Cyber System categorization process and associated protection requirements
• Experience with evidence collection and audit readiness for NERC CIP regional entity reviews
• Working knowledge of OT/SCADA environments and their intersection with CIP virtualization standards
• Prior experience transitioning from short-term compliance engagements to long-term regulatory support roles

Responsibilities

• Review and update existing NERC CIP policies and procedures to reflect virtualization requirements under NERC Project 2016-02
• Develop new documentation for in-scope BES Cyber Systems across all project phases including design, build, and delivery
• Document technical and procedural requirements for virtualized environments supporting critical infrastructure
• Develop testing and evidence collection strategies to support CIP compliance audits
• Update Management Model documentation to reflect changes in processes and procedures
• Conduct awareness and education sessions to drive organizational understanding of CIP virtualization changes
• Leverage assessment tools such as Tripwire or AssurX to support gap analysis and ongoing compliance monitoring
• Collaborate with internal stakeholders across IT, OT, and compliance functions to socialize policy changes
• Serve as a subject matter expert on NERC CIP standards, providing technical and regulatory guidance to project teams
• Support engagement planning, analysis, and stakeholder coordination throughout all project phases

Benefits

• Medical — Multiple POS health plan options including an HSA-compatible plan
• Dental — PPO coverage for preventive, basic, and major services
• Vision — Annual exam, frames, lenses, and contact lens allowance
• 401(k) — Employer match up to 5% of eligible compensation
• PTO — 15–25 days annually based on tenure, plus 16 hours of Floating PTO from day one
• Paid Federal Holidays — All 11 federal holidays observed