IT CIP Manager

Job Description

SmartSource is searching for a Cyber Security Manager with several years of experience in Critical Infrastructure Protection to work in the role as Section Manager/SME for an electric power utilities in the southern region of New York State. T
he Section Manager will be active in and be responsible for functional compliance with NERC Critical lnfrastructure Protection related to the operation of BES Cyber Systems/Assets at affected facilities. This position is the senior technical position responsible for the on-going development and maintenance of Information Security Policy to meet the business units cyber security and cyber compliance missions and objectives.

This position is located in a bedroom community approximately 30 miles NW of NYC.
This is a full time, W-2 position that offers excellent benefits including two retirement plans, stock options, and more.


Bachelor's Degree in Electrical Engineering, Information Technology Systems, Computer Science, Information Technology System Security or a related technical curriculum.

A Graduate degree and/or professional certification in cyber security is preferred.

Minimum of 8 years of experience in an IT and/or energy management systems environment.

Experience in an electric power system operation is highly preferred.

Prior supervisory experience preferred.

Must have a thorough understanding of the regulatory structure of FERC, NERC, NPCC, RFC, and their relationships to our company.

Maintain a complete understanding of present NERC CIP standard requirements, measures and compliance reporting, quickly develop working knowledge of future revisions, and be the SME on these standards for O&R.


Must have a demonstrated ability to lead initiatives across various organizations and in cross-functional teams, and communicate effectively with executives, peers and subordinates.

Fundamental knowledge of data networking is required.

Must have demonstrated leadership ability and proven track record of achieving sustainable results in managing IT projects and/or technology system implementation.

Position requires expert knowledge of cyber security technology and the ability to plan for related technology implementation several years in the future.

Fundamental knowledge of data networking is required.

Familiarity with common client/server and typical energy Management System applications a plus.

A working knowledge of basic UNIX commands, security and system logging, Microsoft Active Directory as well as MS Office Suite products (Outlook, Word, Excel, Access, PowerPoint and Project# is strongly preferred.

Must have the means to and be able to travel to various Company locations and to other companies, if required.

Must be available to travel out-of-town for regulatory meetings and conferences within the US and Canada.

Must have a valid driver's license and be able and willing to travel within the Company's service territory as needed. Must be available 24/7, and be available to be on call and/or participate in off hour emergency response activities as required.


Under the general supervision of the Director – Control Center and Substation Operations and in collaboration with other groups within and external to the family of The Section Manager Plans, designs and implements associated policies in conjunction with other key stakeholders of the cyber security program and technical architecture.

Plans, develops, and implements program processes and technical controls to mitigate threats that could attack, damage, or gain unauthorized access to networks, facilities, data or programs.

Collaborates in the planning for, implementation and maintenance of the Company's cyber security awareness program as it relates to CIP.

Responsible for direct supervision Critical Infrastructure Protection Program including evaluating the performance of direct reports and taking action to develop individual and group performance indicators.

Ensures that all the CIP requirements are met, as and when mandated, through the continuing development, revision, recommendation and/or implementation of operational strategies, budgets, technologies and required policies and procedures to meet NERC CIP requirements applicable to O&R assets and respond to real-time, specific, actionable threat information.

Provides oversight for all aspects of and task-components related to compliance with NERC CIP Standards, including sustaining compliance with new and developing versions of CIPS through review, analysis and/or providing appropriate recommendations in the NERC standards development stakeholder process.

Provides ongoing technical entity-specific risk analysis as well as assessment and recommendation for mitigation for the protection of applicable infrastructure.

Analysis and response must include a comprehensive and sustained risk management approach providing the ability to identify, assess, monitor and respond to cyber security-related risks and provide the organization with the information needed to make risk-based decisions.

Interfaces with and participates in various working groups and committees as necessary. #e.g. Corporate cyber security team, DOE, NERC, NPCC, RFC, PJM and NYISO sub-committees).

Conducts reviews, audits, tests and drills, as appropriate, of CIP compliance activities, processes and documented guidance in order to monitor and report on status of compliance.

In accordance with the Companys established policies as well as the applicable CIP requirements, grant, change or revoke physical and/or electronic access to the Control Centers and BES Cyber Systems and critical cyber assets.

Participates in the Companys emergency management processes and storm plans.

Candidate must be able to pass a Personnel Risk Assessment which includes training and a seven-year criminal background check prior to hiring.

Excellent compensation and benefits package. Salary negotiable depending on history and experience.

Send updated resume and salary history to Julie Duvall: [Click Here to Email Your Resumé]

Job Requirements


Job Snapshot

Base Pay $0.00 - $150,000.00 /Year
Employment Type Full-Time
Job Type Information Technology
Education 4 Year Degree
Experience At least 5 year(s)
Manages Others Not Specified
Industry Other Great Industries
Required Travel Negligible
Job ID 11518-1
CareerBuilder Tip:
For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using you are agreeing to comply with and be subject to the Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.

IT CIP Manager

Enter notes about this job: