March 28, 2024
Electric Energy Jobs

Manager, Regulatory Compliance - NERC CIP

Organization:
NRG Energy, Inc.
Region:
United States, Texas, Houston
End of contest:
April 18, 2020
  This job posting has expired
Type:
Full time
Category:
Regulatory & compliance
Description
Purpose: Oversight of NRG's Compliance with NERC's CIP Reliability Standards.

Job Summary: Perform independent assessment of NRG's compliance with NERC's Critical Infrastructure Protection (CIP) reliability standards and external reporting of compliance to NERC and other regulatory bodies as necessary.  Provide regulatory support to NRG's CIP subject matter experts and represent NRG at external forums regarding CIP standards and business practices; communicate industry trends to internal clients.

Essential Duties/Responsibilities:

  • Provide independent assessment of NRG's NERC Cyber Security program; continuously monitor and assess NRG's compliance with all applicable NERC CIP reliability standards; assess evidence of compliance gathered by business unit subject matter experts to determine its applicability and completeness for demonstrating compliance to NERC and/or the Regional Entities
  • Assess and develop internal controls related to NRG's CIP program to mitigate risk of non-compliance with the NERC CIP reliability standards
  • Lead/coordinate NRG's efforts to create and/or review, requests for information regarding NRG's NERC CIP compliance program, and ensure timely submission of any NERC CIP records required by NERC or a Regional Entity (e.g., audit documentation, inherent risk assessments, self-certifications, self-reports, data submittals, mitigation plan completion attestations, etc.)
  • Lead/coordinate Monitor NERC and Regional Entity communications, such as "lessons learned" documents and guides, regarding the NERC CIP reliability standards; communicate applicable information, regional conference key messages, and requirements to NRG's NERC CIP compliance contributors
  • Interpret NERC CIP reliability standards and evaluate the business implications of existing, new, and revised NERC and Regional Entity standards; communicate analyses to the Regulatory Compliance - CIP Team (Operations) and business unit management as appropriate
  • Participate in the NERC standards development process. Lead/coordinate internal efforts to develop and submit NRG comments regarding CIP standards undergoing revision or development
  • Provide guidance to plant operations, commercial operations, and IT personnel in the development of plant and department level procedures to support NERC and Regional Entity compliance activities
  • Assist the Regulatory Compliance - CIP (Operations) and Technical Training teams in the development of CIP related training and support roll-out of training to the appropriate personnel
  • Coordinate the preparation of self-certifications, providing guidance on spot check requests, responding to requests for information, preparing self-reports and exception reports, responding to complaints, and conducting compliance investigations
  • Provide oversight of the development, implementation or revision of NRG's CIP related procedures/plans to include; change management, incident management, cyber incident response, recovery, information protection, access control, and physical and cyber security plans, ensuring compliance with NERC's CIP standards
  • Conduct reviews, audits, tests and drills, as appropriate, of NRG's NERC CIP compliance activities, processes and documented guidance in order to monitor and report on status of compliance
  • Performs other duties as assigned by the Managing Director Regulatory Compliance

Working Conditions:

  • Position will ideally be located in Houston, TX but can also be based in Princeton, NJ
  • Fast-paced, professional, open office, environment
  • Travel (to power plants, conferences, etc.), sometimes on short notice is required
  • Identity verification and criminal background check will be performed

Minimum Requirements:

  • Bachelor's degree in Computer Science, Engineering, Management Information Systems or related field. Relevant experience may be considered in lieu of the bachelor's degree requirement
  • At least 7 years of experience in a network security or cyber security role, with at least 2 years' experience in an industrial controls environment (e.g., power plant, manufacturing, industrial, or equivalent)
  • Demonstrated ability to multi-task and work within a team framework
  • Experience with NERC Critical Infrastructure Protection (CIP) reliability standards
  • Ability to respond to issues outside of normal business hours and flexibility to travel domestically 10-20% of the time

Preferred Qualifications: 

  • At least seven years' experience working in the energy sector, with at least 4-5 years of work focused specifically on compliance with NERC CIP reliability standards
  • Demonstrated comprehension of the NERC CIP standards; experience writing policies and procedures for a NERC CIP program; experience with the NERC CIP audit process, including the preparation of evidence and completion of Inherent Risk Assessments (IRAs) and Reliability Standard Assessment Worksheets (RSAWs)
  • Demonstrated ability to assess CIP controls and identify changes to improve CIP compliance and internal effectiveness
  • Compliance or audit experience
  • Demonstrated ability to collaborate and effectively communicate (verbal and written) with all levels of internal or external stakeholders
  • Practical knowledge of basic security and networking concepts including: LAN/WAN, firewalls, routers and switches, VPN, encryption, IDS/IPS sensors

Additional Knowledge, Skills and Abilities:

  • Ability to prioritize job requirements in a high pressure, multi-task environment
  • Strong analytical and problem-solving skills with attention to detail and accuracy
  • Proficiency in Microsoft Office Suite software (Word, PowerPoint, Excel)
  • Knowledge of compliance management software, such as Intelex, CATSWeb, or SigmaFlow
  • Flexibility to work in fast-paced, lean environment; effective managing multiple issues simultaneously; able to adapt quickly to new situations
  • Familiarity with common client/server and typical energy Management System applications a plus
  • Strong organizational and project management skills.
  • Strong interpersonal skills, including the ability to facilitate, coordinate and lead work teams
  • Information security certifications/qualifications such as CISSP, CISA, CISM, or SANS GIAC

Read the full posting.

Contact

NRG Energy, Inc.

1201 Fannin Street

Houston

Texas United States

www.nrg.com/home.html