About Encari Careers NERC CIP Compliance Systems Security Consultant

NERC CIP Compliance Systems Security Consultant

Job Description:
North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Compliance Systems Security Consultant. The position of NERC CIP Compliance Systems Security Consultant will have responsibility defining policy, architecting, integrating and supporting the identified critical cyber asset (CCA) and cyber asset systems supporting the Bulk Power System critical assets (CA). The NERC CIP Compliance Systems Security Consultant will ensure the reliability, performance, integrity, and recoverability of identified Cyber Assets supporting NERC CIP Compliance. This position may require all levels of system security support including: policy, design, build, implementation, configuration, cross-functional coordination, daily operational maintenance, troubleshooting, usage monitoring, testing, and system upgrades of the cyber assets. All client-supported cyber asset systems will need to comply with the requirements of the NERC CIP standards and internal corporate policies.

Principal Duties and Responsibilities:

  • Prior to installation, evaluate and test software changes and updates supplied by vendors
  • Work with vendors, application developers, database administrators, corporate IT, and other technology groups to resolve any encountered complications
  • Conduct routine hardware and software audits of all supported systems to ensure compliance with established standards, policies, procedures, and requirements
  • Maintain proper change management documentation for all hardware and software modifications
  • Participate in the Cyber Incident Response Team (CIRT)
  • Provide reliable 24/7 support for numerous facilities within client's service territory
  • Assist in the design and development of system implementations
  • Perform all required operational maintenance and troubleshooting of supported systems
  • Develop and implement standards and operating procedures
  • Perform daily backup and recovery operations for the supported systems
  • Participate in disaster recovery planning, development, exercises, and actual events
  • Assess clients’ NERC CIP compliance through engaging in interviews with client personnel and validating received information with actual current business operations
  • Develop NERC CIP compliance assessment and remediation reports
  • Interface with client personnel to gather information and investigate security controls
  • Report to technical client personnel and client’s project managers, including the preparation of weekly status reports

Required Skills and Qualifications:

  • Demonstrable understanding of the suitability and applicability of state of the art technologies and be able to define system requirements, recommend solutions, and support implementation and operations.
  • Bachelor's degree in any discipline and five (5) years of experience working in an enterprise systems security or systems security consulting role.
  • Extensive understanding of and ability to articulate how people, process and technology, collectively, are essential in establishing and executing an enterprise security strategy.
  • Extremely knowledgeable and conversant with at least one of the following:
    • Several NIST series 800 special publications
    • Control Objectives for Information and Related Technology
    • ISO/IEC 27005:2008, ISO/IEC 27001 and ISO/IEC 27002
    • Information Security Forum: The Standard of Good Practice for Information Security
  • Strong experience in implementing regulatory / industry standards compliance strategies involving any of the following:
    • Sarbanes-Oxley
    • Payment Card Industry Data Security Standards
    • Health Insurance Portability and Accountability Act
    • Federal Information Security Management Act
    • NERC CIP Reliability Standards

Desired Skills:

  • Networking and security certifications, such as CCNA, CCNP, CCSP, CISSP (strongly preferred), CISA, GIAC, or CCIE
  • Strong knowledge and proficiency in establishing and implementing enterprise security policies, security business process and operating procedures, and security standards
  • Knowledge of incident management, change management and control, configuration and patch management, and corporate security policy management
  • Knowledge of security event information management
  • UNIX operating systems and variants
  • Windows operating systems
  • Network Management/monitoring Systems
  • Experience performing similar work in the past year
  • Demonstrated knowledge of common network security vulnerabilities, including the ability to describe prevalent vulnerabilities and standard remediation activities
  • Ability to perform manual verification techniques
  • Competency with network security and information security concepts and technologies
  • Prior experience working in an information security consulting role
  • The candidate must be able to effectively communicate with the client:
    • Must be able to work well with client personnel
    • Project management experience is a plus
    • Good writing and documentation skills

An ideal candidate would have experience in the Energy or Utility industry, experience supporting a 24 x 7 real-time operations environment, experience supporting systems subject to regulatory compliance requirements, or experience with FERC, NERC, or RRO.

Mental and Physical Requirements:

  • Travel, including air travel, ability to meet pressured deadlines and time constraints
  • Ability to occasionally work overtime and weekends, available for occasional 24 x 7 on-call access
  • May need the physical dexterity required to install heavy server equipment

Benefits:

  • Health insurance
  • Dental insurance
  • 401k contribution and matching plan
  • 125 Plan (health)
  • Paid time off (i.e., sick + vacation days)
  • Paid holidays off
Why Do Our Clients Choose Encari?
  • Encari consultants are security experts who have deep knowledge and extensive experience in all aspects of information security.
  • Among Encari’s consultants are individuals with more than fifteen years experience in the area of SCADA/process control security within transmission and generation and more than four years experience in providing implementation services to electric utilities and Regional Reliability Organizations based on NERC cyber security standards, starting with the UA1200 standard in 2004 and continuing with CIP in recent years.
  • Encari consultants have worked with the NERC CIP Committee Drafting Team for the current CIP requirements, and are now participating with the drafting team for the revised requirements.
  • Encari consultants have extensive experience in performing assessments and providing recommendations with respect to: 24x7 critical control system operations; limited dependence systems; vulnerability assessments; network architectures; information security policies, standards, guidelines, and procedures; general industry process control security standards (e.g., IEC, NIST SP 800-82 and ISA 99); identity and access management; intrusion detection and prevention; and secure network architecture.

If you are interested in being considered for employment by Encari, This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

Copyright 2008-2010 Encari, LLC.