Role: Risk & Compliance – NERC CIP
Location: - San Diego, CA – Onsite / HYBRID – 3 days at office every week and 2 days remote.
Work-Experience:
Total 8-10 years in IT Technical role with at least 7 years’ experience in Information Security and exposure to regulatory audits and testing.
Type of Experience:
- Possess strong knowledge of IT security technologies, operating systems, databases, and network infrastructure.
- Experienced in implementing, managing, and auditing security and compliance regulations (NERC CIP, SOX, PCI DSS, GDPR, HIPAA, GLBA), standards (ISO 27001, BS 17799), and frameworks (ITIL, NIST, COBIT).
- Hands-on experience with GRC tools for building and supporting Governance, Risk, and Compliance solutions.
- Proficient in risk management, compliance assurance, and audit processes.
- Coordinate Information Security initiatives to support NERC CIP, SOX or regulatory compliance activities.
- Demonstrated success in delivering risk and compliance management services within a client-based delivery environment
Certifications
- CISSP / CISA / CISM / ISO 27001 is a must, along with other technical certification like CCNA, CCNP, CCSA etc.
Areas of Responsibility
- Develop and maintain NERC CIP compliance frameworks, policies, and procedures.
- Collaborate with internal and external stakeholders to fulfill security audit requirements and facilitate audit processes.
- Design and implement NERC CIP control testing procedures tailored to the organization’s IT environment.
- Conduct control testing for NERC CIP compliance across applications and IT infrastructure.
- Monitor and report Key Risk Indicators (KRIs), and perform root cause analysis for significant deviations.
- Continuously assess the effectiveness of existing security measures and identify areas requiring remediation.
- Review, design, and implement IT security procedures and guidelines across various IT functions and services.
- Maintain documentation and evidence in accordance with BES Cyber System Information requirements.
- Generate reports to support compliance monitoring and continuous improvement initiatives, ensuring alignment with internal security policies and regulatory requirements
- Manage and respond to information security incidents in a timely and effective manner.
- Support compliance initiatives at both functional and organizational levels, with a focus on information security and risk management.
- Understanding of GRC tool for policy or regulatory compliance Management
- Lead and mentor a team of compliance analysts and security professionals to ensure effective execution of compliance activities
Soft Skills Required
- Strong problem-solving skills, effective team collaboration, and excellent communication and documentation abilities.
- Capable of managing multiple tasks across diverse teams within a broad domain.
- Proficient in preparing informative presentations and MIS documentation.
- Willing to work in rotational shifts
- Adheres to organizational policies and procedures in alignment with Information Security guidelines.
- Self-motivated and proactive, with the ability to take initiative and work independently with minimal supervision
