Description
This engineer position is responsible for compliance with North-American Electric Reliability Corporation (NERC) Critical Infrastructure Compliance (CIP) regulations and standards and for instituting cyber security best practices for power plant control systems in the power generation business unit.Typical responsibilities include:
Responsible for the Power Generation NERC CIP compliance program at power plants.
Responsible for implementing best practice cyber security measures to protect power plant assets where regulatory requirements do not apply.
Acquire an understanding of the NERC CIP regulations and develop a program to assure Power Generation is compliant with the requirements.
Lead projects dealing with design and implementation of necessary electronic and physical security systems to protect our controls assets.
Develop, document and implement appropriate policies, procedures and programs (eg, risk assessment program, incident response plans, backup and recovery plans, security awareness program, patch and anti-malware programs, change management program, etc.)
Generate, acquire and organize evidence necessary to assure compliance and function as subject matter expert for NERC CIP audit if required.
Perform cyber vulnerability assessments, audits and penetration testing; develop remedies to address deficiencies
Work cross-functionally with subject matter experts (corporate IT cyber security experts, corporate security, power plant engineers, controls engineer or Instrument & Controls technicians) to conduct root cause analysis and develop mitigation procedures, as appropriate.
Participate in the regulation development and promulgation processes administered by NERC and FERC.
Networking and peer sharing within the industry.
SKILLS:
Candidates must possess a Bachelor's Degree in Engineering.
Desired Skills and Experience:
Power plant controls, cyber security experience or IT security with some experience in the electric power industry.
Understanding of the NERC CIP regulations and working knowledge of compliance strategies.
Experience in compliance program development and project management.
Experience in development and documentation of policies and procedures.
Experience performing penetration testing and vulnerability assessments.
Ability to plan and carry out responsibilities with minimal direction and supervision.
Problem analysis and problem resolution at both a strategic, tactical and operational level.
Strong capability to build and maintain effective relationships with executives and management team, Subject Matter Experts, and with industry counterparts.
Must be comfortable with a fast-paced environment that requires handling multiple tasks simultaneously, ability to prioritize and engage in long-range planning necessary.
Excellent verbal and written communication skills.