IT Cyber Security Compliance Consultant (CIP Specialist)

Duties:

One of the key business priorities is to take steps to ensure compliance with the North American Electric Reliability Corporation (NERC) Mandatory Reliability Standards (MRS). MRS have been adopted by the BC Utilities Commission to achieve, sustain and demonstrate compliance with its obligations to support the reliability of the bulk electric system. The approximately 135 adopted Standards cover topics such as real-time operations, long term transmission system planning, protection system maintenance programs and critical infrastructure protection.

This leading utilities client is continuing to strengthen its capacity to build, implement and sustain a robust internal compliance program that significantly impacts many areas of the company and has established new roles spanning multiple business areas to support this effort.

• This role is in the Reliability Standards Assurance Critical Infrastructure Protection (CIP) Assurance Department which provides oversight for MRS CIP compliance across the organization. Oversight includes:Strengthening a culture of compliance, minimizing the occurrence of violations and ensuring the organization meets its legal obligations.
• Providing CIP expertise, following industry developments and conducting benchmarking with other utilities on compliance best practices.
• Supporting the organization with implementing CIP practices
• Performing assurance activities and reports the outcomes to management and setting requirements on incident reporting/investigation frameworks.
• Conducting root cause analysis, and evidence collection, mitigation planning and continuous improvements, and supporting regulatory processes as required.

Specific Responsibilities:

• Manage and provide support to internal stakeholders for the successful implementation and sustainment of compliance with MRS.
• Maintain expertise and knowledge with MRS broadly and CIP standards.
• Identify potential upcoming changes to standards and coordinate the organization’s involvement in potential changes (drafting, commenting, voting).
• Identify CIP Program improvements including governance, compliance monitoring processes/procedures and assisting with implementation plans.
• Support the business with assessing risks and implementing internal controls related to CIP and lead compliance assurance activities regarding business groups compliance status.
• Utilize technical knowledge along with controls experience to review the quality and adequacy of compliance narratives and evidence, and strength and quality of internal controls. Identify opportunities to improve practices and tools.
• Provide coaching, guidance, and education to the CIP Program Office and business units as a CIP technical expert on the interpretation of standards, WECC’s audit approach, including developing training materials, regular communications and governance direction.
• Provide guidance on non-compliance investigations, make non-compliance determinations, prepare and file self-reports to WECC, and assist with developing mitigation plans.
• Review and assess the adequacy of developed CIP mitigation plans and associated completion packages for filing with WECC. Develop and provide tracking information on a timely basis to decision-makers. Perform trend analysis to support or challenge reporting.
• Support and provide direction for other MRS Program accountabilities including annual BCUC Assessment Reports for MRS adoption, Canada Energy Regulator reporting, On Site Audits, etc.

Qualifications:

• University degree or experience in relevant discipline or equivalent combination of education and experience.
• Ability to obtain security clearance for a Security Sensitive Position classification
• A minimum of 10 years of relevant cyber security and/or associated reliability compliance/audit experience in the electric utility industry. Candidates with physical security experience in addition to cyber security experience may be given preference.
• Registered Professional Engineer or security relevant certifications ( CISSP, CISA, CISM, NCSF, PSP) is an asset.
• Experience in Industrial Control Systems (ICS) including SCADA and other Operational Technology (OT) used in the Energy sector would be considered an asset.
• Demonstrated and proven experience, ability and knowledge in the following:
• NERC/MRS Programs in both the US and Canada;
• Security governance, audit, risk and controls (including experience with designing, evaluating and implementing controls based on common security frameworks, such as NERC CIP, COSO, COBIT, ISO, NIST); leading investigations, with ability to analyze and process a high volume of detailed information with accuracy.
• Excellent written and verbal communications skills.
• Excellent relationship management, collaboration and interpersonal skills.
• Effective presentation skills, including the ability to convey complex technical issues to diverse audiences.
• This role requires a combination of demonstrated deep technical security and security management expertise.
• Strong leadership skills and ability to influence cross-functional teams.

Job 70762