ICT NERC Compliance Program Manager Position Available In Essex, Massachusetts

Job Description:

This position reports directly to the Director of ICT, and isresponsible for leading the design, testing and implementation ofthe NERC Compliance Program The Program includes driving adherence to NERC V5 Standards,Critical Infrastructure, Reliability Assessment and PerformanceAnalysis, Reliability Risk Management, Compliance & Enforcement andSystem Operator Training and Certification Responsible for providing leadership for company-wide NERC-CIPrelated projects including potential self-reports, mitigationplans, self-certifications, compliance audits and annual CriticalAsset / Critical Cyber Asset Identifications. Manage NERC compliance reporting, regional transmissionorganization compliance / operational surveys and the developmentof new procedures and processes, working with company’s businessorganizations, to enhance the NERC Compliance Program and complywith new regulatory requirements General Job Description The Program Manager, NERC Compliance is responsible for leading thedesign, testing and implementation of a company-wide NERCCompliance Program. In this role, the

ICT NERC-CIP

Program Manageris accountable for compliance monitoring and tracking, complianceprocedure and policy development, audit preparation andinvolvement, compliance self-certifications, responding to datarequests and NERC Alerts and other NERC activities related to assetregistration. This position will also oversee the interpretation,execution, documentation and reporting of NERC and RegionalReliably Standards and Critical Infrastructure Protection (CIP)Standards. Be the subject matter expert for all applicable NERC andRegional Reliability Standards. Monitor and track NERC compliancethrough the performance of annual internal compliance audits at theregistered assets.

Typical Responsibilities include:

Strategic planning for the operation and administration of the ICTSecurity environment Manage IT Security projects and ensure a robust IT Securityenvironment is maintained and new technology is implemented thatsupports enterprise security initiatives Understand

NIST 800

security framework and a variety of COTSsecurity systems Develop project requirements, statements of work (SOW), request forproposals (RFP), and negotiate contracts Perform problem management/resolution of complex network andsecurity issues Develop, communicate, and maintain policies, procedures andstandards to support organizational needs Develop and perform Security Awareness Training within theorganization Subject Matter Expert (SME) for organizational

NERC V3 / V5

(CIP’s002-011) needs Manage, coordinate, execute, and remediate annual NERC CyberVulnerability Assessment requirements across departments Member of NERC organizational team responsible for complianceprogram Conduct internal cyber security audits and drive compliance forinternal and external audits Utilize process management and improvement through ITIL and ITSM(IT Service Management) efforts Support security event correlation and reporting, contentfiltering, intrusion detection and prevention, firewall management,vulnerability assessment, network access control and remoteaccess Collaborate with network, server and application administrators,technology support center personnel and other securityprofessionals to enhance and improve security processes anddocumentation Qualifications Bachelor Degree in Information Technology, Business, Engineering orrelated discipline, or an equivalent combination of education,training, and experience. Must have three or more years of NERC compliance experienceincluding experience developing and managing compliance policy,procedures and programs Typically possesses seven or more years of experience inorganizational programs or contract management. Demonstrated experience working with NERC and the CriticalInfrastructure Protection (CIP) Standards CIP-002 throughCIP-009. Demonstrated experience monitoring NERC compliance activities andreporting status to senior management. Demonstrated experience developing business policies, proceduresand processes that ensure auditable compliance with NERCStandards. Demonstrated experience developing reports or testimonydemonstrating compliance with the NERC compliance requirements. Demonstrated experience identifying and evaluating modifications tointernal controls, processes and/or systems, and consulting withsenior and executive management regarding relatedrecommendations. Demonstrated strong problem solving, strategic thinking anddecision making skills and ability to analyze complex regulatory orbusiness issues or problems. Demonstrated experience managing and implementing medium to largemultidisciplinary projects and cross functional teams, developingand executing plans, meeting critical deadlines, operating underrigid time constraints, monitoring and reporting project status,and coordinating activities to ensure timely delivery. Demonstrated experience with FERC, NERC, SPP, WECC and/orCAISO. Demonstrated ability to interface effectively with clients, peers,contractors, regulatory agencies and all levels of management todevelop solutions and ensure stakeholder buy-in. Demonstrated ability to accurately analyze information, integratepeople processes, systems, and technologies, and make strategicdecisions regarding project scope, impact, policy, development, andimplementation. Demonstrated ability to follow Edison safety protocols and safework practices. Demonstrated proficiency with Lotus Notes, Microsoft Word, Excel,Power Point, Project and Visio. Must demonstrate the ability to integrate work across relevantareas, develop the business and services to enhance customersatisfaction and productivity, manage risks appropriately, developand execute business plans, manage information, and provideexceptional service to internal and external customers. Must demonstrate effective resource and project planning, decisionmaking, results delivery, team building, and the ability to staycurrent with relevant technology and innovation. Must demonstrate strong ethics, influence and negotiation,leadership, interpersonal skills, communication, and the ability toeffectively manage stress and engage in continuouslearning.