Principal Cybersecurity Specialist (Compliance and Project Analyst)

Principal Cybersecurity Specialist (Compliance and Project Analyst) - Direct Hire

Sacramento, CA area

Work Setting: Hybrid (3 days on-site)

Rate: $150,000 to $200,000 plus bonus potential

Position Summary

Our client is seeking an experienced Principal Cybersecurity Specialist (Compliance and Project Analyst) to support critical compliance initiatives across power generation assets in the Sacramento, CA area. This role focuses on ensuring adherence to regulatory requirements, internal cybersecurity standards, and industry best practices within a highly regulated energy environment. The ideal candidate will bring a proven track record of managing compliance projects, with deep expertise in NERC CIP standards and the FERC regulatory landscape. You will collaborate across cybersecurity, IT, OT, engineering, legal, and enterprise risk teams to translate regulatory requirements into actionable controls. This is an excellent opportunity for a seasoned professional to grow into a leadership role and serve as a key liaison between technical teams and compliance leadership.

Key Responsibilities

• Lead and support the development, implementation, and continuous improvement of governance, risk, and compliance (GRC) programs aligned with FERC (D2SI SPHP Section 9) and NERC CIP standards for power generation assets.
• Develop, maintain, and operationalize policies, procedures, standards, and guidelines to meet regulatory requirements and industry best practices.
• Conduct compliance gap assessments, risk analyses, and control testing for cybersecurity and OT systems.
• Prepare and maintain audit-ready documentation, including compliance narratives, evidence repositories, and records retention practices.
• Coordinate and support internal and external audits, including NERC Regional Entity audits, spot checks, and self-certifications.
• Collaborate with cybersecurity, IT, OT, engineering, legal, and enterprise risk teams to align compliance requirements with business operations.
• Serve as a liaison between technical teams and compliance leadership to translate regulatory requirements into actionable controls.
• Track compliance metrics, risks, and issues; prepare reports and dashboards for leadership, and monitor regulatory developments and enforcement trends.
• Support compliance training and awareness efforts, and assist in integrating compliance controls into operational and cybersecurity processes.
• Participate in mock audits, tabletop exercises, and incident response planning.

Required Qualifications

• Bachelor's degree in cybersecurity, information systems, engineering, business, or a related field.
• Minimum of 10 years of relevant experience in the power utility industry, with a focus on governance, risk, and compliance (GRC), cybersecurity, or operational technology.
• Deep working knowledge of NERC CIP standards and the FERC regulatory environment.
• Direct experience supporting NERC CIP audits (self-certifications, spot checks, or enforcement actions).
• Experience with compliance documentation, evidence collection, and audit support.
• Familiarity with electric utility operations, OT environments, or ICS/SCADA systems.
• Strong analytical, organizational, and technical writing skills.
• Excellent communication and interpersonal skills, with the ability to work independently and collaboratively.
• Certification from a recognized risk, governance, or cybersecurity organization (e.g., CISSP, CISM, RIMS-CRMP, or equivalent) required.
• Ability to travel independently and be physically present at client office or client sites in Northern California as required.

Preferred Qualifications (Nice to Have)

• PMP certification.
• Experience in the energy sector, particularly power generation or utilities.
• Additional certifications such as CISA, CRISC, or equivalent.
• Familiarity with SCADA/ICS systems and processes.
• Knowledge of related frameworks (e.g., NIST CSF, NIST SP 800-53, ISO 27001).
• Experience in project management, including scope, schedule, and budget tracking, and involvement in professional organizations or industry committees.

About Unison Systems

Unison Systems is a national IT & Engineering Services firm that delivers secure, innovative technology solutions and resources for our clients ranging from the Fortune 500 to the U.S. Navy. We bring together the strongest talent and tools in the business to solve complex problems and build solutions that make a measurable impact. At Unison, we invest in our people, foster a collaborative culture, and give our team the opportunity to learn and grow their careers.

Unison is an equal opportunity employer. We are committed to creating an inclusive environment for all employees, and we do not discriminate on the basis of race, color, religion, sex, national origin, disability, or veteran status.