ICT NERC Compliance Program Manager
Location: Andover
Posted on: November 5, 2024
|
|
Job Description:
This position reports directly to the Director of ICT, and is
responsible for leading the design, testing and implementation of
the NERC Compliance Program
The Program includes driving adherence to NERC V5 Standards,
Critical Infrastructure, Reliability Assessment and Performance
Analysis, Reliability Risk Management, Compliance & Enforcement and
System Operator Training and Certification
Responsible for providing leadership for company-wide NERC-CIP
related projects including potential self-reports, mitigation
plans, self-certifications, compliance audits and annual Critical
Asset / Critical Cyber Asset Identifications.
Manage NERC compliance reporting, regional transmission
organization compliance / operational surveys and the development
of new procedures and processes, working with company's business
organizations, to enhance the NERC Compliance Program and comply
with new regulatory requirements
General Job Description
The Program Manager, NERC Compliance is responsible for leading the
design, testing and implementation of a company-wide NERC
Compliance Program. In this role, the ICT NERC-CIP Program Manager
is accountable for compliance monitoring and tracking, compliance
procedure and policy development, audit preparation and
involvement, compliance self-certifications, responding to data
requests and NERC Alerts and other NERC activities related to asset
registration. This position will also oversee the interpretation,
execution, documentation and reporting of NERC and Regional
Reliably Standards and Critical Infrastructure Protection (CIP)
Standards. Be the subject matter expert for all applicable NERC and
Regional Reliability Standards. Monitor and track NERC compliance
through the performance of annual internal compliance audits at the
registered assets.
Typical Responsibilities include:
Strategic planning for the operation and administration of the ICT
Security environment
Manage IT Security projects and ensure a robust IT Security
environment is maintained and new technology is implemented that
supports enterprise security initiatives
Understand NIST 800 security framework and a variety of COTS
security systems
Develop project requirements, statements of work (SOW), request for
proposals (RFP), and negotiate contracts
Perform problem management/resolution of complex network and
security issues
Develop, communicate, and maintain policies, procedures and
standards to support organizational needs
Develop and perform Security Awareness Training within the
organization
Subject Matter Expert (SME) for organizational NERC V3 / V5 (CIP's
002-011) needs
Manage, coordinate, execute, and remediate annual NERC Cyber
Vulnerability Assessment requirements across departments
Member of NERC organizational team responsible for compliance
program
Conduct internal cyber security audits and drive compliance for
internal and external audits
Utilize process management and improvement through ITIL and ITSM
(IT Service Management) efforts
Support security event correlation and reporting, content
filtering, intrusion detection and prevention, firewall management,
vulnerability assessment, network access control and remote
access
Collaborate with network, server and application administrators,
technology support center personnel and other security
professionals to enhance and improve security processes and
documentation
Qualifications
Bachelor Degree in Information Technology, Business, Engineering or
related discipline, or an equivalent combination of education,
training, and experience.
Must have three or more years of NERC compliance experience
including experience developing and managing compliance policy,
procedures and programs
Typically possesses seven or more years of experience in
organizational programs or contract management.
Demonstrated experience working with NERC and the Critical
Infrastructure Protection (CIP) Standards CIP-002 through
CIP-009.
Demonstrated experience monitoring NERC compliance activities and
reporting status to senior management.
Demonstrated experience developing business policies, procedures
and processes that ensure auditable compliance with NERC
Standards.
Demonstrated experience developing reports or testimony
demonstrating compliance with the NERC compliance requirements.
Demonstrated experience identifying and evaluating modifications to
internal controls, processes and/or systems, and consulting with
senior and executive management regarding related
recommendations.
Demonstrated strong problem solving, strategic thinking and
decision making skills and ability to analyze complex regulatory or
business issues or problems.
Demonstrated experience managing and implementing medium to large
multidisciplinary projects and cross functional teams, developing
and executing plans, meeting critical deadlines, operating under
rigid time constraints, monitoring and reporting project status,
and coordinating activities to ensure timely delivery.
Demonstrated experience with FERC, NERC, SPP, WECC and/or
CAISO.
Demonstrated ability to interface effectively with clients, peers,
contractors, regulatory agencies and all levels of management to
develop solutions and ensure stakeholder buy-in.
Demonstrated ability to accurately analyze information, integrate
people processes, systems, and technologies, and make strategic
decisions regarding project scope, impact, policy, development, and
implementation.
Demonstrated ability to follow Edison safety protocols and safe
work practices.
Demonstrated proficiency with Lotus Notes, Microsoft Word, Excel,
Power Point, Project and Visio.
Must demonstrate the ability to integrate work across relevant
areas, develop the business and services to enhance customer
satisfaction and productivity, manage risks appropriately, develop
and execute business plans, manage information, and provide
exceptional service to internal and external customers.
Must demonstrate effective resource and project planning, decision
making, results delivery, team building, and the ability to stay
current with relevant technology and innovation.
Must demonstrate strong ethics, influence and negotiation,
leadership, interpersonal skills, communication, and the ability to
effectively manage stress and engage in continuous
learning.
Keywords: , Portland , ICT NERC Compliance Program Manager, IT / Software / Systems , Andover, Maine
Click
here to apply!
|