Auditor of Critical Infrastructure Protection
The electric grid is vital to our everyday lives. It is fundamental for the health, safety, and well-being of our communities, and provides the platform for our economy and our societal and technological advances. SERC's mission is to reduce risks to the reliability and security of the electric grid (also known as the bulk power system), not only for today but also for the future.
In your role as the Critical Infrastructure Protection (CIP) Auditor, you will lead and participate in the audit schedule requirements of the Compliance Monitoring and Enforcement Program (CMEP) and evaluate adherence to the North American Electric Reliability Corporation (NERC) Reliability Standards applicable to critical infrastructure protection. Additionally, the CIP Auditor is responsible for assessing risks and their associated controls to address potential gaps in an entity's cyber security posture, further reinforcing the reliability and security of the BES. In conjunction with monitoring tasks, these activities can include providing recommendations, training, and outreach to entities.
DUTIES AND RESPONSIBILITIES:
- Conduct Compliance Monitoring engagements as defined by CMEP such as Audits, Spot Checks, Self-Certifications, and Compliance Investigations.
- Lead, or contribute to, a team during Compliance Monitoring Activities; responsibilities include, but are not limited to:
- Effectively document the audit process and report results,
- Thoroughly review evidentiary artifacts to determine sufficiency of a given compliance program,
- Interview subject matter experts in order to gain and affirm understanding of a given compliance program,
- Analyze data related to compliance including routine filings, self-certification statements, self-reports, complaints and other forms and draw logical conclusions relative to non-compliances of reliability standards,
- Prepare draft audit reports, based on the on-site or remote reviews, questionnaires, documentation, self-assessments and audit team input to be reviewed for further analysis.
- Ensure appropriate processing, data retention and confidentiality of all documentation required for Compliance Monitoring Engagements, and other CMEP actions.
- Perform other duties and assignments as directed.
- Excellent organizational and time management skills.
- Effective communication skills (face-to-face, telephone, written and email, and presentation skills).
- Computer skills, proficient with Microsoft Office applications, including Word, Excel, and PowerPoint.
- Technical Knowledge of some or a combination of information technology and security infrastructure including IDS/IPS, SIEM, network infrastructure, personnel management (IAM), supply chain, physical security assessment, physical security implementation, virtual hosting, cloud-based infrastructure and application security.
- Knowledge of CIP Standard Requirements or other related frameworks (e.g. NIST, COBIT, CIS, COSO, ASIS, etc.)
- Knowledge of bulk electric system and security infrastructure.
- 3-5 years' experience working with or supporting Operational Technology (e.g. an Energy Management System (EMS) , Distributed Control System (DCS), or substation automation) within the electric utility
- 3-5 years of experience in securing computer systems, including both physical and/or cyber security.
- 3-5 years of information technology auditing or performing security assessments.
- Project management experience.
- Ability to work with and analyze data intensive and detailed technical information, and to draw meaningful conclusions from that information.
EDUCATION AND/OR EXPERIENCE:
- Four year and/or higher educational degree in Engineering, Computer Engineering or Computer Science/ Information Technology, or equivalent combination of education and related cyber security experience resulting in demonstrated ability to perform the major duties.
- Experience in security related work, including policy development and implementation associated with security.
- CISSP, CRISC, CISM, CISA, Network+, PSP, CPP, and/or COSO are preferred.
COMMITMENT TO CULTURE:
SERC is dedicated to being a highly desirable place to work through culture and purpose. We place a strategic focus on critical elements such as Diversity & Inclusion, Innovation & Collaboration, and Organizational Development & Talent Management. Through this strategic focus, SERC has identified its four Cultural Attributes that we believe keeps us on the path of continuous improvement.
- Leader - Is trustworthy, principled, and respectful and strive to create value that reduces risk. Has a positive vision and is actively building support to execute it. A leader takes personal accountability for the outcomes of their choices and actions, acts with professionalism and adapts to change in a calm and positive manner. A leader will, when appropriate, ask questions and recommend alternative solutions to new processes or procedures.
- Collaborative - Partner and engage, both internally and externally, to drive meaningful action by leveraging skills, knowledge and tools. This would include effective written and verbal communication to ensure ideas and messages are clearly and concisely conveyed, being responsive to all stakeholders, understanding goals and objectives while exceeding key metrics and targets. Encourages dialog and candor while making it safe for others to voice their opinion to ensure all alternative viewpoints are heard, they are an active listener.
- Expert - Being credible, objective, disciplined, and sought after to help with continuous learning, improvements, and innovations. Exhibit knowledge of and ensures compliance with industry best practices and regulations. Take initiative to set priorities and convey important information in a timely and efficient manner. Employ good judgment when evaluating a problem by analyzing risk and identifying consequences while demonstrating a sense of organizational stewardship.
- Purposeful - Proactively demonstrate initiative, intentionality and resourcefulness to help anticipate and navigate current and future challenges. Committed to the quality of work and ensures work is delivered at appropriate deadlines while seeking operational efficiencies. Initiate appropriate follow-up while leveraging industry knowledge and business acumen to make appropriate decisions. Treat others with compassion and empathy and embrace the organization's mission and vision while providing meaningful contributions to organizational endeavors.
If the traits and characteristics listed in our Cultural Attributes resonate with you, we encourage you to apply!
The salary range for this position is DOE. We offer a generous PTO package; paid holidays; medical, dental, vision, life, short-term and long-term disability insurance, and a 401(k) plan with an organization match.SERC is an Equal Opportunity Employer