Sr Analyst CIP Compliance

About The Position

Requirements

• Bachelor’s in Computer Science, Information Systems, Cybersecurity, or related field (or 4+ years relevant experience in lieu of degree).
• 4+ years (6+ preferred) in internal/external audit, internal controls, or regulatory compliance—ideally within energy, ISO/RTO, or other regulated infrastructure.
• Working proficiency with NERC CIP Standards (CIP-002 through CIP-013), IT General Controls, and CMEP processes; familiarity with NIST CSF, NIST SP 800-82, IEC 62443 in OT environments.
• Electronic access control, physical security, incident response, supply chain risk, vulnerability/patch management, baseline configuration.

Nice To Haves

• Master’s in Cybersecurity Risk Management a plus.
• Certifications (preferred): CISA, CISSP, CRISC, Certified Compliance & Ethics Professional.

Responsibilities

• Own end-to-end execution of CIP compliance across applicable standards; operate as a subject matter expert and key liaison to business stakeholders.
• Design and lead testing strategies for complex IT/OT controls; validate control effectiveness; identify gaps; assess risk; and drive corrective actions.
• Plan and conduct CIP maturity reviews; evaluate processes and documentation; recommend improvements for long-term sustainability.
• Lead complex compliance investigations and root cause analyses; develop and guide corrective action plans; support self-reports and filings.
• Lead evidence strategy and narrative development; coordinate responses to NERC/Regional Entity requests; ensure complete, consistent documentation.
• Deliver CIP and cybersecurity regulatory training; provide consultative guidance on control design, access management, and compliance obligations.
• Contribute to cybersecurity initiatives, incident response exercises, and policy/procedure development.

Benefits

• 401k
• vacation
• sick and safe time