The ideal candidate will be an initiative-taker and can tackle multidisciplinary challenges in coordination with various AES teams and third parties. This role will support the growth of the AES CIP NERC Compliance team as the renewable portfolio continues to expand.
Principal Duties and Responsibilities:
The CIP Compliance manager will be responsible to
-
Build a team of NERC CIP compliance specialists and technical experts who can help support and ensure compliance with AES Clean Energy portfolio.
-
Provide Oversight and cross-department coordination of NERC CIP Standards
-
Collaboratively develops KPI's and program metrics, audit coordination/RSAW development.
-
Lead Self Reports, mitigation plans, and self-certification submittal process as needed
-
Develop training and knowledge transfer in CIP Security Controls, with all NERC CIP applicable business areas.
-
Ensure the development of processes, workflows and evidence required for compliance to the CIP standards.
-
Manage day to day responsibilities related to NERC CIP Compliance for Medium Impact Assets.
-
Collaboratively work with all NERC CIP applicable business areas to develop processes, workflows, and evidence necessary to achieve the CIP internal security controls objectives.
-
Serves as a technical expert within CIP workgroup to ensure AES Clean Energy implements CIP NERC Reliability Standards Requirements within regulatory deadlines.
-
Support Director of NERC Compliance to implement organization wide strategies, priorities, and documentation to meet reliability compliance requirements.
-
Leads CIP audits, spot-checks, guided self-certification, internal assessments, compliance filings, mock audits and information requests while relying on internal and third-party support
-
Contribute to internal control actions through risk assessments and lessons learned
-
Evaluate, prepare, and maintain materials for audits, self-certifications, spot-checks, internal compliance assessments, self-reports, mitigation plans, Reliability Standard Audit Worksheets (RSAWs), and evidence documentation
-
Lead response to regulatory compliance requests, enforcement actions, and data-reporting from a NERC CIP perspective.
-
Establish and maintain effective relationships with industry associations, regional entities, and internal stakeholders to promote business goals and compliance with requirements
Desired Skills and Expertise:
-
Four Year Bachelor's Degree or equivalent experience in information security and/or cybersecurity policy.
-
Minimum 5 years of related work experience with NERC CIP standards and requirements.
-
Experience in implementing and/or maintaining a NERC compliance program.
-
Knowledge of physical security, network infrastructure, and security related tools such as whitelisting, IDS/IPS, anti-malware, patch management, baselining, SIEM, access control, and firewalls.
-
Knowledge of industrial control systems and other utility Operational Technology or Information Technology systems
-
Ability to see tasks through to completion without significant guidance
-
Strong verbal and writing skills, technical and non-technical
-
Experience with CIP specific audit skills, controls, cyber and physical security, and related industry regulatory issues.
-
Highly motivated, self-starter willing to take on new challenges
-
Good project management skills.
AES Corporation
4300 Wilson Blvd
Arlington
Virginia United States
www.aes.com
