About Encari Careers NERC CIP Compliance Specialist

NERC CIP Compliance Specialist

Job Description:

North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Compliance Specialist. The position of NERC CIP Compliance Specialist will have responsibility in establishing and executing NERC CIP compliance strategies. The NERC CIP Compliance Specialist will fulfill a strong role in conducting NERC CIP compliance assessments, formulation NERC CIP compliance (i.e., remediation) strategies, and implementing various aspects of NERC CIP compliance remediation plans for clients.

Principal Duties and Responsibilities:

  • Fulfill leadership role in assessing clients’ business practices, business processes, operating procedures and enterprise security management programs
  • Ability to work with client personnel fulfilling both technical and non-technical roles (i.e., business-oriented roles), such as technical IT personnel, technical information security personnel, business analysts, project managers, process control engineers, and NERC CIP compliance managers.
  • Develop / refine and implement standards and operating procedures
  • Conduct NERC CIP compliance assessments
  • Assess clients’ NERC CIP compliance through engaging in interviews with client personnel and validating received information with actual current business operations
  • Conduct NERC CIP documentation reviews
  • Develop NERC CIP compliance assessment and remediation reports (i.e., documentation deliverables)
  • Prepare presentations providing updates of works in progress, outcomes of completed NERC CIP compliance assessments and documentation reviews, and any other information that may be required during the course of delivering consulting services
  • Must be capable of tailoring presentation content so that it is suitable for the anticipated audiences (e.g., technical, operations, and executive management)
  • Report to necessary client personnel and clients’ project managers, including the preparation of weekly status reports

Required Skills and Qualifications:

  • Bachelor's degree in any discipline and at least three (3) years of experience working in an enterprise security support role or information security consulting role.
  • Extensive understanding of and ability to articulate how people, process and technology, collectively, are essential in establishing and executing an enterprise security strategy.
  • Extremely knowledgeable and conversant with at least two of the following:
  • Several NIST series 800 special publications
  • Control Objectives for Information and Related Technology
  • ISO/IEC 27005:2008, ISO/IEC 27001 and ISO/IEC 27002
  • Information Security Forum: The Standard of Good Practice for Information Security
  • Strong experience in implementing regulatory / industry standards compliance strategies involving at least two of the following:
    • Sarbanes-Oxley
    • Payment Card Industry Data Security Standards
    • Health Insurance Portability and Accountability Act
    • Federal Information Security Management Act
    • NERC CIP Reliability Standards
  • Currently in possession of an active CISSP certification

Desired Skills:

  • PMP or other project management certification
  • Strong knowledge and proficiency in establishing and implementing enterprise security policies, security business process and operating procedures, and security standards
  • Strong knowledge of incident management, change management and control, corporate security policy management, personnel security, information security awareness and training program development and management, secure systems development lifecycle, enterprise security risk management, risk assessment methodologies, enterprise security assessment methodologies, information protection (including information classification), identity and access management, physical and environmental security, event management, systems security management, business continuity, disaster recovery, and compliance management
  • Demonstrated knowledge of common network security vulnerabilities, including the ability to describe prevalent vulnerabilities and standard remediation activities
  • Competency with network security and information security concepts and technologies
  • Must be able to effectively communicate with the client:
    • Must be able to work well with client personnel
    • Project management experience is a plus
    • Extremely strong writing, verbal communication and documentation skills

Mental and Physical Requirements:

  • Potentially 75% travel, including air travel
  • Ability to meet pressured deadlines and time constraints
  • Ability to occasionally work more than 40 hours / week and weekends

Benefits:

  • Health insurance
  • Dental insurance
  • 401k contribution and matching plan
  • 125 Plan (health)
  • Paid time off (i.e., sick + vacation days)
  • Paid holidays off

Why Do Our Clients Choose Encari?

  • Encari consultants are security experts who have deep knowledge and extensive experience in all aspects of information security.
  • Among Encari’s consultants are individuals with more than fifteen years experience in the area of SCADA/process control security within transmission and generation and more than four years experience in providing implementation services to electric utilities and Regional Reliability Organizations based on NERC cyber security standards, starting with the UA1200 standard in 2004 and continuing with CIP in recent years.
  • Encari consultants have worked with the NERC CIP Committee Drafting Team for the current CIP requirements, and are now participating with the drafting team for the revised requirements.
  • Encari consultants have extensive experience in performing assessments and providing recommendations with respect to: 24x7 critical control system operations; limited dependence systems; vulnerability assessments; network architectures; information security policies, standards, guidelines, and procedures; general industry process control security standards (e.g., IEC, NIST SP 800-82 and ISA 99); identity and access management; intrusion detection and prevention; and secure network architecture.

 If you are interested in being considered for employment by Encari, This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

Copyright 2008-2010 Encari, LLC.