Program Manager NERC CIP

$125,000 - $155,000/Yr

Spearhead Staffing - Charlotte, NC

posted 20 days ago

Full-time - Mid Level
Charlotte, NC
Professional, Scientific, and Technical Services

About the position

The NERC CIP Program Manager is responsible for managing, implementing, and administering the NERC CIP Program to ensure compliance with NERC reliability standards across company facilities. This role requires a cybersecurity technical background and involves leading a team of subject matter experts and facility personnel in executing compliance activities, particularly focusing on medium impact environments at power plant locations. The Program Manager will report to the Director of NERC Compliance and oversee the work of CIP Cyber Security Technicians.

Responsibilities

  • Lead the NERC CIP compliance team in the execution and implementation of the CIP program across the fleet.
  • Lead and/or oversee implementation of CIP Medium Impact upgrade projects at the sites.
  • Demonstrate in-depth understanding of the NERC CIP Standards.
  • Prepare regular updates on NERC CIP compliance progress.
  • Administer the facilities' NERC CIP compliance program, both Medium and Low Impact, and capture, analyze, and maintain program KPI's.
  • Administer CIP process workflow processes and support facility staff and CIP SMEs in executing required tasks, providing approval to these activities as required.
  • Monitor and verify CIP compliance-related tasks with required timelines are completed prior to their due date.
  • Develop and implement effective processes for identifying, securing, and maintaining compliance-related documentation and evidence as required.
  • Communicate NERC compliance information, standards, and requirements in a clear, concise manner to the Subject Matter Experts (SME) and facility staff.
  • Coordinate, support, and/or lead facility staff and CIP team members to control the state of network and applications, champion change control process, and ensure that documents change in synchronism with hardware and systems.
  • Coordinate, support, and/or lead facility staff and CIP team members in the security patch review and installation process.
  • Maintain a working knowledge of the equipment, systems, and patch sources for devices in the CIP program.
  • Maintain updated patch review documentation to facilitate monthly patch review processes.
  • Review and identify all applicable patches within 35 days of release.
  • Determine the applicability of patches associated with the equipment and systems in the CIP program and ensure that applicable patches are installed within 35 days of their review.
  • Develop mitigation plans for patches that cannot be installed within 35 days of the review.
  • Develop, administer and/or present CIP compliance training and awareness programs annually and as needed.
  • Perform periodic internal compliance assessments and spot checks on applicable Standards, including assistance with performing Cyber Vulnerability Assessments at Medium Impact facilities.
  • Manage and oversee the procurement and usage of third-party providers of CIP-related services as necessary.
  • Track findings of CIP-related activities and develop implementation strategies to mitigate identified issues.
  • Assess industrial control systems such as GE Mark V, Mark VI, and Siemens T3000 for vulnerabilities and security risk.
  • Ensure that Company facilities create and maintain up-to-date physical security and network diagrams using tools such as Microsoft Visio.
  • Maintain working knowledge of the cyber security capabilities of operating systems, networking devices, control systems, and vendor offerings.
  • Maintain a working knowledge of applicable and future NERC CIP standards and provide advice, direction, and support to others on their intent and application.
  • Participate in the standard drafting process as determined appropriate.
  • Develop and maintain a body of required CIP policies & procedures, and associated job aids to ensure the sites are compliant with all NERC CIP standards.
  • Develop, implement, and track violation mitigation plan action items to ensure they are thoroughly and timely completed.
  • Be the primary leader in compliance audits conducted by internal or outside entities.

Requirements

  • Bachelor's degree in Computer Science, Information Systems/Security, Computer or Systems Engineering, or related technical degree with 3-6 years of direct NERC CIP experience.
  • Minimum of three years of experience in industrial electronic controls and operational technology.
  • Experience with security platforms and applications such as firewalls, routers, switches, network access control systems, SIEM, patch deployment tools, and remote access.
  • In-depth knowledge of and experience with NERC practices and protocols related to the CIP Standards, including regulatory compliance, internal controls, risk assessments, quality assurance, and process management.
  • Ability to understand and analyze FERC/NERC regulatory requirements.
  • Experience managing, evaluating, and reporting status of regulatory compliance activities.
  • Experience developing and implementing policies, standards, and governance processes.
  • Strong leadership, management, interpersonal, problem-solving, organizational, prioritizing, and time-management skills to manage multiple responsibilities and deadlines at once.
  • Excellent verbal and written communication skills required to communicate in a collaborative, concise and professional manner.
  • Ability to work professionally with operating personnel and other business units on compliance activities or projects.
  • Excellent work ethic with dedication to completing tasks in a timely manner and the ability to work independently as well as in a team setting.
  • Experience in the use of network tools such as Wireshark, nMap, and NPView, or similar.
  • Working knowledge of Microsoft Word, Excel, PowerPoint, Teams, and Visio.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service