Description
Job Summary:
- The Manager of Critical Infrastructure Protection (CIP) has primary responsibility for CIP compliance from an enterprise, non-technical aspect. Scope includes oversight of policies, procedures, program administration, compliance quality assurance and audit management. The Manager has direct reports which cover administrative and performance CIP standards at the enterprise level.
Essential Duties/Responsibilities:
- Provide leadership and mentoring to the CIP Team in support of team performance, efficiency and personnel development.
- Lead CIP compliance activities for administrative compliance activities such as asset classification, policy and procedure development and updates, access management
- Lead the maintenance of the enterprise compliance policies and procedures
- Lead the annual CIP-002 Cyber System identification process
- Lead the personnel security awareness, training, and access administration processes, CIP-004
- Manage the BES Cyber System Information protection program, CIP-011
- Lead the compliance of the CIP-013 standard, Supply Chain Security
- Review evidence for use in RSAW response with the various SMEs in the region to meet NERC CIP audit submittal requirements; assist in preparing evidence collection for use in audit submittals.
- Ensuring SME execution by tracking and review of specific controls for meeting NRG requirements in accordance with NERC CIP program requirements and submittals.
- Assist CIP management, specialists and subject matter experts in development of self-reports, requests for information, TFE development, mitigation plans and evidence collection for mitigation completion.
- Identify areas for improvement, provide critical feedback lead projects to improve the compliance, security and efficiency of the CIP Team
- Through cross training, provide backup activities and response for the CIP team
- Escalate any potential violations or near misses as it relates to the assigned standards for consideration as self-reports
- Provide input for detailed analysis, diagnosis and testing based upon findings and deficiencies
Conditions:
- Majority of work by telecommuting
- Open office environment.
- Some overtime required as special projects arise.
- Travel up to 15%
Minimum Requirements:
- Bachelor's degree with a concentration in a technical, regulatory or business-related field and 3 years of experience in developing or managing a NERC CIP program.
OR
- High School diploma and 10 years experience in developing or managing a NERC CIP program.
- Experience preparing RSAWs and participating in NERC CIP audits
- Management of personnel in a regulatory environment
Preferred Qualifications:
- Experience in a management role for CIP audits
- 5-8 years of experience in development and management of CIP regulatory processes and processes and procedures
- Supply chain security experience
Additional Knowledge, Skills and Abilities:
- Working knowledge of cybersecurity and security tools
- Demonstrated ability to communicate (verbal and written) with all levels of internal and external customers.
- Demonstrated presentation and development skills
- Demonstrated project management skills.
- Demonstrated ability to work independently and as a team member.
- Demonstrated ability to set priorities and to respond to changing demands from multiple sources.
- Ability to exercise discretion and independent judgment in applying established techniques, procedures or standards.
- Demonstrated analytical and problem-solving skills.
Physical Requirements:
- Occasionally requires lifting as appropriate to perform duties and responsibilities.
Contact
NRG Energy, Inc.
1201 Fannin Street
Houston
Texas United States
www.nrg.com/home.html
From the same organization
26 Aug, 2025
