Senior CIP Assurance Advisor

About The Position

Requirements

• A Bachelor’s Degree from an accredited four-year college or university, or equivalent experience.
• At least five years of progressive and successful experience leading cyber security projects, teams, and/or initiatives in a technically and operationally complex business/organization.
• At least three years’ experience in virtualization and cloud-based technologies.
• Experience in auditing, internal controls, enterprise risk management, and related governance, risk and control (GRC) frameworks and standards.
• Project management and analytical experience.
• Ability to work independently in a fast-paced environment with minimal direct supervision.
• Competence in interpersonal communications, with the ability to interact diplomatically with people from many levels of industry and government.
• Excellent oral and written communication skills, including editing and proofreading skills.
• Proficiency in using Microsoft Office tools including Word, Outlook, Excel, and PowerPoint.
• Demonstrated group facilitation skills.
• Ability and willingness to travel regularly.

Nice To Haves

• Knowledge of the NERC Rules of Procedure, NERC Compliance Monitoring and Enforcement Program, and NERC Reliability Standards.
• Prior experience in regulatory compliance oversight and enforcement within a recognized industry, government, or government-authorized agency, especially in conducting performance audits or analysis of program effectiveness of government agency operations (e.g., GAO or other federal or state-level equivalent experience).
• One or more of the following, or related, professional certifications: Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Cloud Security Professional (CCSP).
• A master’s degree in a related field.
• At least five years of technical cybersecurity security experience, preferably around virtualization and cloud-based technologies, and in the electricity sector, utility industry, or industrial control system environment.
• Working knowledge in the critical infrastructure protection of the Bulk Electric System and supporting technologies.
• Advanced knowledge and application of professional auditing standards and principles, such as COSO, GAGAS, and IIA.
• Program design or procedure writing skills.

Responsibilities

• Provide cyber subject matter expertise related to virtualization, cloud-based technologies, risk management, and internal controls.
• Evaluate cloud architectures to ensure alignment with security, performance, scalability, and regulatory requirements.
• Identify and recommend remediation of cloud‑related risks through control assessments and continuous monitoring activities.
• Support compliance monitoring engagements of virtualized environments against security and regulatory requirements (NERC CIP Standards).
• Plan, develop, and manage audit‑based compliance assurance activities and audit plans to support a risk‑based compliance monitoring and certification program.
• Execute regulatory audit oversight processes to evaluate Regional Entity compliance with NERC Rules of Procedure and delegation agreements.
• Identify, develop, and effectively deliver cyber security training and outreach.
• Provide leadership with recommendations to improve the regional compliance oversight program.
• Identify opportunities and assist in the ongoing development and improvement of NERC compliance monitoring and enforcement program.
• Drive successful project execution by proactively managing schedules, identifying and mitigating risks, and overseeing effective change management.
• Conduct Compliance Assurance activities in adherence to NERC Rules of Procedure.
• Collect and analyze data to detect deficient controls and noncompliance with NERC rules and agreements.
• Other duties as assigned.