The NERC CIP Compliance SME – Legal will work with EDF Renewable Energy’s Reliability Compliance Project Team members to develop, implement and maintain NERC CIP compliance and operational processes.
The SME will be responsible for understanding the NERC CIP compliance strategy and implementation roadmap developed by the Regulatory Compliance Team. The SME will facilitate completion of compliance processes and procedures which assure regulatory compliance to applicable CIP standards and audit preparation related to EDF’s IT Operations.
Reports to: General Counsel
Division/Department: Legal/Risk Management
Location: San Diego, CA
70% of the time will be spent in the office, and the remaining 30% of the time will be spent traveling to project sites to conduct training, attend relevant meetings, and work to maintain the culture of compliance throughout the company.
• Obtain current state understanding of existing organization, processes, procedures, and technologies to perform new compliance activities and identify recommendations for improvements
• Assist with completing EDF Renewable Energy’s CIP V5 Compliance Implementation Strategy
• Assist in the development/maintenance of cyber asset/system inventory, categorization, and impact ratings for the Operations Control Center and includes visits to multiple substations and/or generation projects (Low Impact Facilities)
• Perform day to day compliance activity, process, procedure, technology data collection and analysis, and reporting to Regulatory Compliance Team
• Assist with the development, writing, implementing, and maintaining approved NERC CIP process and procedures
• Administer and manage security systems and tools
• Maintain, configure, update, and patch security systems including antivirus, vulnerability scanners, database monitoring, SIEM devices, etc.
• Participate in business continuity/disaster recovery planning, drills, and exercises
• Participate in performing vulnerability assessments
• Maintain knowledge of current and future NERC CIP requirements
• Assist with NERC compliance training to ensure NERC CIP compliance becomes a sustainable business practice
• All other job-related duties as assigned by the General Counsel or his/her designee
• 5+ years’ IT Security experience with some experience in the electric power industry required
• 5+ years’ experience with system security configurations for VM and Windows systems required
• CISSP or CISA required
• Bachelor’s Degree in computer science, internal controls, or information security preferred
• Advance knowledge of NERC CIP Standards compliance (Version 3 and Version 5) strongly preferred
• Solid understanding of industrial control systems (DCS, PLCs, RTACs & SCADA) preferred
• Solid understanding of incident response, business continuity and disaster recovery concepts, methods, and practices preferred
• Solid understanding of change and configuration management concepts, methods, and practices strongly preferred
• Experience with vulnerability assessments, methodologies, and techniques strongly preferred Experience with IDS/IPS, NIDS, and other methods of threat detection preferred
• Strong project management experience with the ability to effectively prioritize tasks in an aggressive schedule environment required
• Excellent analytical ability and communication skills required
We are proud to be an EEO/AA employer M/F/D/V. We maintain a drug-free workplace and perform pre-employment substance abuse testing.
To apply for a position, please submit your CV/Resume along with the position title(s) electronically to EDF Renewable Energy.
Click Here to Apply