Security Control Assessor - Cybersecurity Regulatory Compliance (Onsite)

Security Control Assessor - Cybersecurity Regulatory Compliance (Onsite)

Our client, a leading Pacific Northwest utility provider committed to public service and environmental preservation, is looking for a Security Control Assessor – Cybersecurity Regulatory Compliance for their Vancouver, WA location. This position supports the implementation of operational technology cybersecurity and compliance practices for Transmission systems used in control of the Bulk Electric System. This position will review documentation of mandatory technical or process-based cybersecurity controls and evaluate artifacts and evidence of compliance activities. The role applies specialized knowledge and experience to Information/Operational Technology security controls and security programs supporting the Operational Technology organization.  The position also participates in processes for incident analysis, identification of potential compliance violations, and causal analysis, as well as administering program processes and procedures. Additionally, the position will provide support and assistance to junior Security Control Assessors, Cybersecurity personnel, and co-workers on a variety of ad hoc and standing projects requiring policy/procedure/process analysis. This position will work closely with leadership and staff to collaborate on and facilitate success of assigned cybersecurity and compliance programs.

This Onsite position is a one-year renewable contract that includes employee benefits! If this opportunity is well-aligned with your experience and goals, we would love to hear from you!

Key Responsibilities for Security Control Assessor – Cybersecurity Regulatory Compliance:

• Monitor, review, analyze and support Operational Technology Security Governance & Oversight compliance management processes including regulatory audits, investigations of potential violations, and mitigation of violations.
• Provide quality assurance reviews of NERC CIP compliance evidence, violation mitigation documentation, and cybersecurity controls documentation. Draft and present recommendations for improvement to documentation or artifacts.
• All materials related to audit responses must also be reviewed by management.
• Facilitate and coordinate efforts to maintain and improve documentation of program processes and procedures.
• Serve as a technical team member supporting Subject Matter Experts on cybersecurity compliance activities such as facilitating recurring cybersecurity processes and procedures; compile and submit compliance evidence in a Governance, Risk, and Compliance tool; and contribute to investigations into potential violations.
• Serve as a reliability compliance process point of contact for the organization, primarily supporting BES Cyber System Categorization and Physical Security of BES Cyber Systems.
• Draft documentation necessary for compliance reporting and audit requirements.
• Develop and recommend strategies and actions to improve incident response maturity.
• Develop reports, graphs, and other informational materials to support improvement recommendations.
• Review process and procedure documentation to identify gaps and potential improvement areas. 
• Collaborate with internal stakeholders and facilitate information gathering and analysis using standard tools and approaches, or developing new methodologies when needed, to assess business operations and functions, documents, and map current and future states, perform gap analysis, identify, and evaluate solution alternatives, provide recommendations, and develop/draft associated processes and procedures for management approved direction.
• Recommend mitigation, countermeasures, or other options as needed.
• Identify potential impacts to Transmission programs and processes from new or modified NERC CIP standards and policies or Federal Information Security Modernization Act (FISMA) / National Institute of Standards and Technology (NIST) requirements.
• Provide recommendations to management to mitigate or comment on NERC proposed regulations and policies.
• Assist in developing solutions, processes, and procedures required to achieve and sustain NERC CIP compliance and effective NIST controls.
• Assist staff with the promotion and implementation of approved recommendations and/or adopted procedures.
• Upon request, provide stage-gate input into systems/software implementation projects for potential security or compliance risks and impacts.
• Assist in developing, drafting, and recommending training materials and job aids.
• Provide support and assistance to other Security Control Assessors, Cyber Security personnel and Operational Technology co-workers on a variety of ad hoc and standing projects requiring policy/procedure/process analysis.

Requirements/Qualifications for Security Control Assessor – Cybersecurity Regulatory Compliance:

• A bachelor’s degree in computer science, information technology management, Cyber Security, Forensics, or a closely related technical discipline is preferred.
  • 4 years of experience is required with an applicable bachelor’s degree.
  • 6 years of experience is required with an applicable associate degree.
  • 8 years of experience is required without a degree or applicable degree.
• Experience should be consistent with the specific requirements of operations analysis, incident response, and progressively more technical in nature.
• Ability to research and maintain proficiency in tools, techniques, countermeasures, and trends in information security, computer and network vulnerabilities, data hiding, network security, and encryption.
• Ability to plan, execute and document compliance evaluations both independently and as a team member.

**We are unable to accommodate corp. to corp. candidates**


About Motus Recruiting and Staffing, Inc:
Founded in 2006, Motus is an award-winning recruiting and staffing firm in the Pacific Northwest, specializing in professional services and technology solutions. We are a group of people who not only recognize the importance of representation, but actively fight for diversity, equity, and inclusion in the recruitment process. Our goal is to educate organizations on the importance of DEI when hiring, promoting, and supporting diverse employees. We are calling organizations to demonstrate their commitment to DEI by being intentional about who they hire.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.

ED/BH 13716
 Job ID: 13716