Cyber Security Auditor

About RF:

ReliabilityFirst Corporation is a regulator focused on the reliability and security of the electric grid. ReliabilityFirst’s mission is to preserve and enhance the reliability, security, and resilience of the Bulk Electric System across 13 states and the District of Columbia. ReliabilityFirst is uniquely positioned to work closely with transmission, generation, and other power companies as well as the federal government to help identify and ensure the mitigation of operational risks and physical and cyber security threats to the electric grid.

Purpose of Your Position:

The Cyber Security Auditor will support the Compliance Monitoring and Enforcement Program by supporting the Compliance Monitoring Processes (CMPs) and by performing cyber and physical security compliance reviews and assessments of utility industry stakeholders that pose a risk to the Bulk Electric System, in accordance with the NERC CIP Standards.

*Position level dependent on experience, skills and knowledge

Key Responsibilities:

1. Perform day-to-day activities associated with the completion of CMPs to include on-site, off-site and spot check audits of the NERC CIP Standards.
2. Assist audit teams with conducting CIP Compliance Audits according to the ReliabilityFirst Audit Processes.
3. Perform functions of the Team Lead or Audit Team Lead (ATL), including: being the main point of contact for audits, coordinating and facilitating pre-audit/onsite/offsite reviews. Responsibilities include: facilitating the opening and closing meetings, completing ATL Checklist, completing final report and possible violation summary forms, (when applicable) ensuring accuracy and submission of this documentation to all required parties.
4. Be a Subject Matter Expert (SME) on CIP Standards and related matters associated with the security, reliability and resiliency of the cyber systems used to support the operation of the Bulk Electric System.
5. Participate on a team of SME’s and effectively contribute to the regulatory oversight process.
6. Provide substantive and technical support to non-technical departments
7. Willingness to travel about 30% of the time.

Qualifications:

1. Bachelor’s degree in computer science, Information Systems / Security, Computer or Systems Engineering, or related technical degree with 2 - 6 years of related experience OR no degree with at least 6 years of related experience/education resulting in demonstrated ability to perform the major duties required.
2. Background knowledge of information technology, information security and/or EMS operations.
3. Strong leadership, interpersonal, problem-solving, and time-management skills.
4. Excellent verbal and written communication skills.

Desirable:

1. Experience with IT Audit, security controls and/or internal controls.
2. Understanding of the Bulk Electric System and supporting technologies.
3. Understanding and familiarity of NERC CIP Standards.
4. Certifications/Licensures pertinent to Cyber Security (Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Information Security Manager (CISM), PE license, regulatory experience, and/or auditor certification.
5. Recent (last 2-3 years) experience in managing or implementing cyber security controls in a corporate environment.
6. Experience in configuration management, IT networking, system engineering, security architecture, security engineering, virtualization, cloud infrastructure and/or Information security auditing.
7. Experience in developing or managing procurement processes and controls used in the procuring of assets, systems or services from vendors.
8. Working knowledge in the operations or planning of the Bulk Electric System and supporting technologies.

ReliabilityFirst is an equal opportunity employer and is committed to providing equal opportunities to all employees and applicants in accordance with local and federal laws. ReliabilityFirst's mission is to preserve and enhance bulk power system reliability and security. This mission cannot be accomplished without a diverse and inclusive staff - one that at all levels feels empowered, valued, respected, and engaged. Learn more at: Diversity, Equity, & Inclusion at RF (rfirst.org)