Find Jobs | Post Resume | my careerbuilder | Help
CIP Compliance Auditor: Spring Valley, NY
15 Applications Submitted for this Position

Job Description

POSITION: CIP Compliance Auditor: Spring Valley, NY


LOCATION: Spring Valley, NY

JOB TYPE: Direct Hire

HOURS: Normal daytime business hours



SmartSource has a power utility client who is seeing an IT Security Auditor with Critical Infrastructure Protection Compliance (CIP) experience to join their Control Center Operations team. Preferred candidate will have direct experience in the practical aspects of audit preparation, conducting compliance audits, providing executive level reporting on audit findings, and implementing the appropriate remediation recommendations in identified areas for improvement. Prior operations, auditing, regulatory administration, or investigative experience is highly desirable. Strong knowledge of the North American Electric Corporation (NERC) CIP Version 3 and Version 5 standards is desirable. Prior experience with Microsoft SharePoint is desirable.

This position requires candidates to demonstrate in the application they possess the following skills and abilities:

Bachelor's Degree (Engineering, Information Technology Systems/Security or Computer Science preferred) with a minimum of 3 years related experience OR Associate's Degree (Electrical Engineering or Information Technology preferred) with a minimum of 5 years related experience.
Working experience in computer networking, project management, cyber security, and/or documenting systems required.
Should have a strong background in understanding and applying effective cyber security controls and techniques.
Should have working knowledge of power transmission, distribution and generation principles.
Must have a demonstrated ability to provide for continuous learning that will take place within a changing regulatory arena.
Must have a strong background in understanding and applying effective techniques for gathering and organizing data that demonstrates organizational effectiveness.
Must have demonstrated organizational and administrative skills, attention to detail, be able to exercise independent judgment, and have a proven track record of working well in team situations.
Excellent interpersonal and written communication skills are required in order to effectively interact with regulatory authorities, regional reliability organizations and senior-level management both within and external to the Company.
Position requires proficiency in all aspects of Microsoft Office Suite products, use of hosted databases, basic knowledge of networking and LINUX/AIX, and the ability to master the usage of Microsoft SharePoint software.
Must have the willingness and ability to maintain required authorizations and/or training credentials (eg FERC Code of Conduct), as required.
Responsibilities: This position requires a "hands-on" technically and managerially qualified contributor with broad and appropriate electrical utility and computer security experience. The individual must have outstanding managerial abilities (technical knowledge, project management, business acumen, etc.) and a proven track record of relative performance.

This position will be responsible for daily operation and providing technical oversight of the systems and related documentation that are subject to Critical Infrastructure Protection Standards (CIPS). Under the direction and guidance of the Section Manager, results required include sustaining compliance with CIPS, review and analysis of pending and approved standard and requirements, and preparing definitive statements of compliance and evidence for reporting purposes. The Senior Specialist may represent the company through participation and attendance at Northeast Power Coordinating Council (NPCC), Reliability First Corporation (RFC) and NERC standards related and other regulatory agency activities as required.

Develops and maintains working knowledge of FERC, NERC, Regional Entity (eg NPCC and RF), State, and Reliability Coordinator (NYISO and PJM) mandatory reliability standards Responsible for the continuing development, implementation, and oversight of the Critical Infrastructure Protection Program and all company and corporate CIPS related Policies, Procedures to assure sustained compliance with the CIP Version 3 standards. Draft and implement company policies/procedures to assure compliance with NERC CIP Version 5 standards with the effective dates of April 1, 2016 (High and Medium impact facilities) and April 1, 2017 (Low impact facilities). Strong project management skills will be required to coordinate efforts between ECC support staff, ECC System Operators, T&S Engineering, and Substations.

Performs assigned day-to-day technical and administrative tasks associated with NERC Standards Compliance Program including coordination of existing CIP Version 3 standards review across the appropriate operating and engineering areas; ensures the necessary documentation exists to support auditable compliance prior to certifications to regulatory entities in accordance with established policies. Manages and maintains intrusion detection systems (IDS) for monitoring of Critical Cyber Assets and future BES Cyber Systems. Manages and maintains the physical access control system (PACS) for monitoring the Physical Security Perimeter of Critical Assets. Manages and maintains O&R ECC change management systems for controlling changes to Critical Cyber Assets and future BES Cyber Systems within the ECC and substations. Responds to NERC Alerts and provides oversight for the administration of The Utility’s participation in the NERC Alert System and the Corporate Cyber Security Team.

Must have a valid driver's license.
Must be able and willing to travel within Company service territory, as needed.
Must be able to participate in the Company's emergency management processes and storm plans as required.
Must be available to travel out-of-town for regulatory meetings and conferences within the US and Canada.
Candidate must pass a Personal Risk Assessment which includes training and a seven year background check prior to hiring.
Must be legally authorized to work for any employer in the USA without sponsorship.

Interested and qualified candidates should send an updated resume with salary requirements to: [Click Here to Email Your Resumé]

Job Snapshot

Base Pay $80,000.00 - $120,000.00 /Year
Employment Type Full-Time
Job Type Information Technology
Education 4 Year Degree
Experience At least 3 year(s)
Manages Others Not Specified
Industry Other Great Industries
Required Travel Negligible
Job ID 11513-1
CareerBuilder Tip:
For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using you are agreeing to comply with and be subject to the Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.

CIP Compliance Auditor: Spring Valley, NY

Enter notes about this job: