Risk & Compliance - NERC CIP

Role: Risk & Compliance NERC CIP

Location: - San Diego, CA Onsite / HYBRID 3 days at office every week and 2 days remote.

Job Description:

Work-Experience:

• Total 8-10 years in IT Technical role with at least 7 years' experience in Information Security and exposure to regulatory audits and testing.

Type of Experience:

• Possess strong knowledge of IT security technologies, operating systems, databases, and network infrastructure.
• Experienced in implementing, managing, and auditing security and compliance regulations (NERC CIP, SOX, PCI DSS, GDPR, HIPAA, GLBA), standards (ISO 27001, BS 17799), and frameworks (ITIL, NIST, COBIT).
• Hands-on experience with GRC tools for building and supporting Governance, Risk, and Compliance solutions.
• Proficient in risk management, compliance assurance, and audit processes.
• Coordinate Information Security initiatives to support NERC CIP, SOX or regulatory compliance activities.
• Demonstrated success in delivering risk and compliance management services within a client-based delivery environment

Certifications

• CISSP / CISA / CISM / ISO 27001 is a must, along with other technical certification like CCNA, CCNP, CCSA etc.

Areas of Responsibility

• Develop and maintain NERC CIP compliance frameworks, policies, and procedures.
• Collaborate with internal and external stakeholders to fulfill security audit requirements and facilitate audit processes.
• Design and implement NERC CIP control testing procedures tailored to the organization's IT environment.
• Conduct control testing for NERC CIP compliance across applications and IT infrastructure.
• Monitor and report Key Risk Indicators (KRIs), and perform root cause analysis for significant deviations.
• Continuously assess the effectiveness of existing security measures and identify areas requiring remediation.
• Review, design, and implement IT security procedures and guidelines across various IT functions and services.
• Maintain documentation and evidence in accordance with BES Cyber System Information requirements.
• Generate reports to support compliance monitoring and continuous improvement initiatives, ensuring alignment with internal security policies and regulatory requirements
• Manage and respond to information security incidents in a timely and effective manner.
• Support compliance initiatives at both functional and organizational levels, with a focus on information security and risk management.
• Understanding of GRC tool for policy or regulatory compliance Management
• Lead and mentor a team of compliance analysts and security professionals to ensure effective execution of compliance activities

Soft Skills Required

• Strong problem-solving skills, effective team collaboration, and excellent communication and documentation abilities.
• Capable of managing multiple tasks across diverse teams within a broad domain.
• Proficient in preparing informative presentations and MIS documentation.
• Willing to work in rotational shifts
• Adheres to organizational policies and procedures in alignment with Information Security guidelines.
• Self-motivated and proactive, with the ability to take initiative and work independently with minimal supervision