Job Description
Our Company The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the bulk power system through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United States, Canada, and the northern portion of Baja California, Mexico. NERC is the Electric Reliability Organization (ERO) for North America, subject to oversight by the Federal Energy Regulatory Commission (FERC) and provincial authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the bulk power system, which serves nearly 400 million people. Our Mission The vision for the ERO Enterprise, which is comprised of NERC and the six Regional Entities, is a highly reliable and secure North American bulk power system. Our mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. Your Impact NERC seeks a mission-focused individual who wants to make a difference by supporting the reliability of the North American electric grid. The Senior CIP Assurance Advisor is primarily responsible for providing oversight, guidance, and coordination in managing programs and processes to monitor, review, and evaluate program effectiveness of the ERO Enterprise implementation of risk-based compliance monitoring and adherence to the NERC Rules of Procedure, Compliance Monitoring and Enforcement Program, Certification Program, and approved delegation agreements. The Senior CIP Assurance Advisor may also support development, implementation, and oversight of the Certification Program for Reliability Coordinators, Balancing Authorities, and Transmission Operators. In addition, the Senior CIP Assurance Advisor also develops and delivers outreach and training related to risk-based compliance monitoring, certification, as well as compliance guidance implementation. This position reports to the Manager, Compliance Assurance and Certification. Your Role Provide cyber subject matter expertise related to virtualization, cloud-based technologies, risk management, and internal controls. Evaluate cloud architectures to ensure alignment with security, performance, scalability, and regulatory requirements. Identify and recommend remediation of cloud‑related risks through control assessments and continuous monitoring activities. Support compliance monitoring engagements of virtualized environments against security and regulatory requirements (NERC CIP Standards). Plan, develop, and manage audit‑based compliance assurance activities and audit plans to support a risk‑based compliance monitoring and certification program. Execute regulatory audit oversight processes to evaluate Regional Entity compliance with NERC Rules of Procedure and delegation agreements. Identify, develop, and effectively deliver cyber security training and outreach. Provide leadership with recommendations to improve the regional compliance oversight program. Identify opportunities and assist in the ongoing development and improvement of NERC compliance monitoring and enforcement program. Drive successful project execution by proactively managing schedules, identifying and mitigating risks, and overseeing effective change management. Conduct Compliance Assurance activities in adherence to NERC Rules of Procedure. Collect and analyze data to detect deficient controls and noncompliance with NERC rules and agreements. Other duties as assigned. Qualifications The successful candidate will have at a minimum: A Bachelor’s Degree from an accredited four-year college or university, or equivalent experience. At least five years of progressive and successful experience leading cyber security projects, teams, and/or initiatives in a technically and operationally complex business/organization. At least three years’ experience in virtualization and cloud-based technologies. Experience in auditing, internal controls, enterprise risk management, and related governance, risk and control (GRC) frameworks and standards. Project management and analytical experience. Ability to work independently in a fast-paced environment with minimal direct supervision. Competence in interpersonal communications, with the ability to interact diplomatically with people from many levels of industry and government. Excellent oral and written communication skills, including editing and proofreading skills. Proficiency in using Microsoft Office tools including Word, Outlook, Excel, and PowerPoint. Demonstrated group facilitation skills. Ability and willingness to travel regularly. Preferred candidates will also have: Knowledge of the NERC Rules of Procedure, NERC Compliance Monitoring and Enforcement Program, and NERC Reliability Standards. Prior experience in regulatory compliance oversight and enforcement within a recognized industry, government, or government-authorized agency, especially in conducting performance audits or analysis of program effectiveness of government agency operations (e.g., GAO or other federal or state-level equivalent experience). One or more of the following, or related, professional certifications: Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Cloud Security Professional (CCSP). A master’s degree in a related field. At least five years of technical cybersecurity security experience, preferably around virtualization and cloud-based technologies, and in the electricity sector, utility industry, or industrial control system environment. Working knowledge in the critical infrastructure protection of the Bulk Electric System and supporting technologies. Advanced knowledge and application of professional auditing standards and principles, such as COSO, GAGAS, and IIA. Program design or procedure writing skills. Other A background check will be conducted prior to employment. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire. This position has been classified as exempt. The position may be based remotely but must be able to travel to NERC offices or meeting locations if needed. Reimbursement of travel expenses will be in accordance with the company’s travel and expense reimbursement policies. Our Culture Declarations Everyone at NERC is a leader. We are accountable personally and organizationally to deliver on commitments. We develop ourselves and people in the organization to ensure that NERC realizes its strategic objectives. We are resilient and adaptable to the challenges and needs of the business and our team. We exude a growth mindset and empower teams to take risks. We build collaborative relationships within NERC, the ERO, and the stakeholders of NERC. We exemplify NERC cultural behaviors: Reward high-quality, creative, and innovative work Attract, engage, and retain top talent Value and respect diverse perspectives Provide a safe, inclusive, and collaborative work environment Form strong relationships within the company, and with the ERO Enterprise We demonstrate curiosity in a wide variety of areas and are open to exploring new situations, knowledge, and opportunities for growth and development. We demonstrate an anticipatory mindset, preventing problems and building contingencies where appropriate. We are champions for diversity and inclusion, seeking out and values diverse perspectives. We value well-being, prioritizing collaboration, engagement, and connection among our team.