Senior NERC CIP Compliance Analyst

Senior

NERC CIP

Compliance Analyst Consolidated Asset Management Services, LLC - 3.1 New Haven, CT Job Details Full-time $130,000 - $160,000 a year 1 day ago Benefits Health insurance Dental insurance Tuition reimbursement Vision insurance Life insurance Qualifications Program management Driver's License Patch management Driving Supply chain management Personal Protective Equipment (PPE) Full Job Description The Sr.

NERC CIP

Compliance Specialist provides critical on-site leadership to protect and maintain the integrity of control and business networks at our Low and medium-impact generating stations. This role drives continuous compliance with

NERC CIP

cybersecurity standards, leads site security initiatives, and serves as the primary subject matter expert for station personnel. Operating as a key liaison, this position partners with cross-functional stakeholders to enforce a secure operational environment and ensure continuous audit readiness through rigorous evidence management.

Essential Duties and Responsibilities Program Ownership:

Build, optimize, and maintain on-site processes and documentation to ensure continuous adherence to

NERC CIP

standards.

Asset & Baseline Management:

Maintain accurate cyber asset inventories and manage baseline change control workflows.

Audit Leadership:

Lead

RSAW/ERT

preparation and submission for Regional Entity audits, spot checks, and compliance investigations.

Access Control:

Maintain compliant physical and electronic security perimeters and access controls for all site assets.

Routine Compliance:

Execute daily, monthly, quarterly, and annual CIP compliance activities in accordance with program procedures.

Liaison & RFI Coordination:

Serve as the primary site contact for Regional Entities; coordinate cross-functional teams to fulfill RFIs and remediate findings.

Training Delivery:

Deliver and support mandatory

NERC CIP

cybersecurity compliance training programs for site personnel.

Patch Management:

Direct the end-to-end patch management lifecycle, ensuring BES Cyber Assets are monitored and updated within regulatory timelines.

Incident Response & Drills:

Lead the annual testing, documentation, and reporting of the Cyber Security Incident Response Plan (CIP-008) and Recovery Plans (CIP-009). Vulnerability Assessments (CIP-010): Orchestrate annual Critical Vulnerability Assessments (CVAs) while ensuring zero adverse impact to operational BES infrastructure.

Information Protection:

Oversee the identification, classification, and secure handling of Bulk Electric System (BES) Cyber System Information (BCSI) to prevent unauthorized disclosure. Supply Chain Risk (CIP-013): Lead supply chain risk assessments and collaborate with procurement/legal to enforce cybersecurity contract clauses.

Self-Assessments & Mitigation:

Conduct proactive internal compliance self-assessments; manage the identification, self-logging, and mitigation of compliance deviations. Bachelor's degree in Engineering, Computer Science, IT, Cybersecurity, or a related technical discipline (equivalent direct experience considered). Minimum of 7-10 years of professional experience in regulatory compliance, power utility operations, or industrial cybersecurity. At least 5 years of hands-on experience implementing and managing a

NERC CIP

compliance program across Medium or High-impact assets. Demonstrated success drafting RSAWs, preparing ERT responses, and managing RFIs during Regional Entity audits or spot-checks. Deep operational understanding of the 35-day patch/baseline lifecycle (CIP-007/010), security perimeters (CIP-005/006), and supply chain management (CIP-013). Ability to successfully pass a mandatory

NERC CIP-004

Personnel Risk Assessment and background check. Ability to work full-time on-site at the designated facility, travel up to 25% as needed, and safely navigate physical plant environments. Ability to perform physical job duties, including lifting to 25 pounds, climbing, bending, and working in industrial environments (Use of PPE is required). Preferred Skills and Certifications Prior experience working directly within a power generation plant, transmission control center, or EMS/GMS environment. NERC Certified Compliance Professional (NCCP) designation. CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or CISM (Certified Information Security Manager).

SANS GIAC

certifications, specifically GCIP (GIAC Critical Infrastructure Protection) or GICSP (Global Industrial Cyber Security Professional). Established working relationships and direct audit experience with our specific Regional Entity (e.g., SERC, WECC, NPCC, RF, MRO, Texas RE). Commitment to cybersecurity excellence and regulatory compliance is a must. Applicants must possess a valid driver's license and maintain a clean driving record, as this position requires occasional travel for company business. Candidates should be comfortable operating a vehicle as part of their job responsibilities and must meet any applicable company and insurance requirements. CAMS offers a variety of excellent benefits. Full-time employees are offered the following: medical, dental, vision, LTD, STD, and Life insurance plans. You can even select additional "a la carte" benefits to meet all your needs. You can also enroll in our 401k, flex spending accounts for medical and childcare needs, and participate in our employee referral and tuition reimbursement programs. Qualified Applicants must be legally authorized for employment in the United States. Qualified Applicants will not require employer sponsored work authorization now or in the future for employment in the United States. We believe in transparency and providing candidates with important information to make informed decisions. The salary range for this position is commensurate with experience, qualifications, and location. Actual compensation will be determined based on several factors, including but not limited to skills, experience, and relevant qualifications. This range represents the base salary and does not include other forms of compensation, such as bonuses, benefits, or equity, which may be offered in addition to the base pay. The company reserves the right to modify compensation ranges at any time in accordance with business needs and market conditions.