Principal Cybersecurity Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in cybersecurity, information systems, engineering, business, or a related field.
• Minimum of 10 years of relevant experience in the power utility industry, with a focus on governance, risk, and compliance (GRC), cybersecurity, or operational technology.
• Deep working knowledge of NERC CIP standards and the FERC regulatory environment.
• Direct experience supporting NERC CIP audits (self-certifications, spot checks, or enforcement actions).
• Experience with compliance documentation, evidence collection, and audit support.
• Familiarity with electric utility operations, OT environments, or ICS/SCADA systems.
• Strong analytical, organizational, and technical writing skills.
• Excellent communication and interpersonal skills, with the ability to work independently and collaboratively.
• Certification from a recognized risk, governance, or cybersecurity organization (e.g., CISSP, CISM, RIMS-CRMP, or equivalent) required

Nice To Haves

• Experience in the energy sector, particularly power generation or utilities.
• PMP certification
• Familiarity with SCADA/ICS systems and processes.
• Knowledge of related frameworks (e.g., NIST CSF, NIST SP 800-53, ISO 27001).
• Experience in project management, including scope, schedule, and budget tracking.
• Involvement in professional organizations or industry committees.

Responsibilities

• Lead and support the development, implementation, and continuous improvement of governance, risk, and compliance (GRC) programs aligned with FERC (D2SI SPHP Section 9) and NERC CIP standards for PG&E’s power generation assets.
• Develop, maintain, and operationalize policies, procedures, standards, and guidelines to meet regulatory requirements and industry best practices.
• Conduct compliance gap assessments, risk analyses, and control testing for cybersecurity and OT systems.
• Prepare and maintain audit-ready documentation, including compliance narratives, evidence repositories, and records retention practices.
• Coordinate and support internal and external audits, including NERC Regional Entity audits, spot checks, and self-certifications.
• Collaborate with cybersecurity, IT, OT, engineering, legal, and enterprise risk teams to align compliance requirements with business operations.
• Serve as a liaison between technical teams and compliance leadership to translate regulatory requirements into actionable controls.
• Track compliance metrics, risks, and issues; prepare reports and dashboards for leadership.
• Monitor regulatory developments, FERC and NERC standards changes, and enforcement trends.
• Support compliance training and awareness efforts for internal stakeholders.
• Assist in the integration of compliance controls into operational and cybersecurity processes.
• Participate in mock audits, tabletop exercises, and incident response planning.

Benefits

• Hybrid (in-person and remote) work environment.
• Comprehensive benefits package including wellness programs, parental leave, and pet insurance, in addition to medical, dental, vision, disability, and life insurance.
• Tax-deferred 401(k) savings plan.
• Competitive paid-time-off (PTO) accrual.
• Tuition reimbursement for continued education.
• Commitment to professional development, access to internal and external training programs, and support of active participation in professional organizations
• Incentive compensation for eligible positions.