Job Description
Responsible for managing the enterprise wide NERC Critical Infrastructure Protection for a fast paced Fortune 200 energy company. Primary responsibilities include:
Build, manage and continue to develop an 18 person NERC CIP group into a high performing team
Review, improve and continue implementation of a Version 5 compliance program for 150 high, medium and low impact sites that delivers effective and risk managed compliance
Achieve process improvement to drive efficiency and effectiveness in the NERC CIP program; deliver ongoing improvement outcomes
Develop and manage annual budget for the NERC CIP team and program implementation
Partner with Regulatory Compliance to deliver positive audit results with minimal self-report and financial impacts to the Company
Monthly and quarterly progress reporting and corrective action planning accountability to the NERC CIP Steering Committee consisting of the COO, CAO, SVP IT, SVP Operations and SVP Compliance
Partner with Regulatory Compliance to manage any self-report and violation mitigation efforts in an effective and expedient manner.
Key relationship management responsibilities with the SVP of IT, SVP Plant Operations and Plant Operations Region VP’s
Primary advocate responsible for communicating and gaining enterprise-wide support for Version 5 compliance; develop and implement an enterprise wide awareness program
Accountable for clearly defining roles and responsibilities among HR, IT, Accounting, Regulatory Compliance, Plant Operations and Commercial Operations stakeholders.
Develop and implement a performance reporting capability that effectively measures and provides visibility to ongoing program implementation status and compliance risks
Partner with IT and Plant Operations to manage project implementation for cyber remediation at newly identified critical asset sites due to changes in cyber regulations
Coordinate cyber vulnerability assessments and remediation on control systems at critical sites
Manage guidance and technical expertise to site personnel for troubleshooting and resolving cyber incidents
Manage the NERC CIP team thru regular assessments and tracking of compliance to all technical requirements for each site including information protection, account management, change control, patch management, anti-virus programs and test procedures
Partner with IT with respect to licensing and software requirements for existing cyber critical assets
Manage Technical Feasibility Exceptions submittals, reporting and remediation as needed until completion of mitigation, where needed
Act as business owner of NRG Cyber corporate policies
Bachelor degree. Concentration in computer science, engineering, management information systems or related field is a plus. MBA is a plus
Five to ten years of experience in the Information Technology industry or related Cyber Security role
Two years in a role responsible for, or heavily involved in, managing an enterprise-wide Cyber Security program
Proven experience in building, leading and developing a team of 10 to 20 individuals into a high performing cohesive group. Experience with all aspects of personnel decisions, management and development
At least 5 years’ experience in an industrial controls environment (power plant/energy, manufacturing, industrial, or equivalent) with practical knowledge of SCADA/DCS systems and related hardware and software managing Cyber Security requirements.
Proven experience in working large cross-functional efforts in a matrix organization
Proven experience in developing and implementing efforts to drive efficiency and effectiveness thru process improvement in a large scale program or project
Knowledge and identification of network infrastructure threats or virus, intrusion containment and mitigation techniques
Practical knowledge of basic security and networking concepts including: LAN/WAN, firewalls, routers and switches, VPN, encryption, IDS/IPS sensors
Experience with NERC Critical Infrastructure Protection standards is required
Experience implementing changes on large networks
Demonstrated ability to communicate (verbal and written) with all levels of internal and external customers. Demonstrated presentation skills
Demonstrated planning and project management skills
Demonstrated ability to set priorities and to respond to changing requirements
Demonstrated analytical and problem solving skills
Ability to respond to issues outside of normal working hours and flexibility to travel domestically 30% of the time
Audit experience a plus
Friday, October 02, 2015
Posts
