NERC CIP IT Compliance Manager

Overview

Hybrid
$140,000 - $160,000
Full Time
No Travel Required

Skills

Auditing
NERC
Risk Assessment
Risk Management
Regulatory Compliance
IT Audit

Job Details

Title: NERC CIP IT Compliance Manager

Schedule: Hybrid - Need to go to the office 3 days a week

Job Description

The NERC CIP Compliance Manager is responsible for leading and maintaining the electric utility s compliance with the NERC CIP standards. This role ensures the protection of Bulk Electric System (BES) Cyber Systems that support generation, transmission, and distribution operations.

Responsibilities:

  • Lead the NERC CIP compliance program for applicable standards (CIP-002 through CIP-014).
  • Serve as the primary NERC CIP subject matter expert for our electric utility clients.
  • Oversee BES Cyber System identification, classification, and impact rating processes.
  • Develop, implement, and maintain NERC CIP policies, procedures, standards, and internal controls.
  • Coordinate and manage NERC and Regional Entity audits, spot checks, self-certifications, and compliance inquiries.
  • Manage evidence collection, validation, retention, and audit defense activities.
  • Conduct internal compliance assessments, gap analyses, and risk evaluations for BES Cyber Systems.
  • Continuous monitoring of IT General Controls based on NERC regulations
  • Conduct IT audits, controls consulting and special projects for IT areas including application controls, General IT Controls (systems development, change management, computer operations, networking, database management, security and emerging technologies), risk management, project management, governance and compliance
  • Develop audit programs and testing procedures relevant to risk/compliance and test objectives based on NERC regulations
  • Complete or participate in operational, compliance, and IT Security investigations
  • Develop, plan, and perform internal audits of IT processes and information systems
  • Participate in creating narratives and required documentation for IT controls and analysis
  • Perform Risk and Controls Analysis of the audit area
  • Identify the audit scope and develop an audit program
  • Work with Operations, Control Centers, IT, OT, and Engineering teams to ensure secure and compliant system designs.
  • Track, manage, and remediate compliance findings, violations, and mitigation plans.
  • Monitor and interpret changes to NERC CIP standards and regional reliability requirements.
  • Support incident response, reporting, and recovery activities related to cyber or physical security events.
  • Deliver compliance training and awareness programs for utility personnel and contractors.
  • Prepare compliance metrics, executive briefings, and regulatory reports.
  • Act as the primary liaison with NERC Regional Entities and regulators.

Required Qualifications:

  • 5+ years of experience in NERC CIP compliance within an electric utility, transmission operator, or generation environment.
  • Strong working knowledge of BES operations, control centers, substations, and field assets.
  • Demonstrated experience managing NERC CIP audits and regulatory interactions.
  • Understanding of OT/ICS environments, including SCADA, EMS, DMS, and substation automation systems.
  • Experience with Audit preparation and evidence management
  • Experience with Risk assessment and mitigation
  • Experience with Policy/Procedure development
  • Strong documentation, organizational, and stakeholder communication skills.
  • Ability to work cross-functionally and manage multiple compliance initiatives simultaneously.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.