SRP is one of the largest public power and water utilities in the U.S. providing electricity to approximately one million customers in the greater metropolitan Phoenix area. Since its founding in 1903, SRP has fostered a culture of stewardship and customer service consistently ranking as an industry leader in customer service according to J.D. Power. SRP continues to adapt to its changing business environment by seeking innovative ways to reimagine utility service and theprovision of critical resources essential to the life and economy of Arizona.
Salt River Project (SRP) is hiring a NERC CIP Compliance Analyst who will be primarily responsible for providing leadership, independent compliance oversight, guidance, and direction necessary to maintain ongoing compliance with the NERC Critical Infrastructure Protection physical and cyber security framework for the protection ofassets to support reliable operation of the Bulk Electric System. This position is a key member of the high-performing Electric Reliability Compliance CIP independent governance and oversight team within SRP.
- Demonstrate good technical cybersecurity and programmatic knowledge of all NERC CIP standards that are applicable to SRP.
- Act as a liaison between SRP and neighboring utilities with regard to the NERC Critical Infrastructure Protection Standards.
- Provide strategic direction and independent compliance oversight in developing, implementing and evaluating project plans, goals and timelines for theimplementation of internal controls, physical security controls, and cyber security controls.
- Collaborate with plant, engineering, and field personnel and other staff to provide input and technical services in the development and execution of CIP related projects.
- Coordinate with business units to develop and support activities needed to address any identified CIP compliance deficiencies.
- Manage and facilitate violation determination and issue management meetings and discussions. Apply technical CIP expertise in problem-solving and coming up with recommendations and alternative solutions that support compliance.
- Facilitate progress on all compliance related activities, including mitigation plan development and documentation of completion.
- Assist in the development and maintenance of documentation for CIP related programs, processes, and procedures.
- Lead response to regulatory compliance monitoring events, enforcement actions, compliance filings, data-reporting, and data requests.
- Interpret NERC CIP standard requirement language and work with business unit personnel to apply processes, procedures, and technology to ensure compliance.
- Communicate relevant and pertinent NERC compliance information in a clear and concise manner, and conduct NERC CIP presentations or compliance process training for the business units as necessary.
- Direct and participate in the development and implementation of technologies to automate and streamline compliance monitoring and reporting processes.
Track and participate in industry teams, meetings, conferences, and groups to support the creation of new or modified CIP standards.
Participate in industry and trade groups to share information and benchmark compliance program against best practices and differing interpretations.
Completion of a Bachelor's Degree from an accredited institution that prepares the employee for the assignment.
Promotion to Level 2 requires a minimum of two years of experience at Level 1; demonstrated capability to perform advanced and more difficult workas determined by the supervisor. Promotion to Senior Level requires a minimum of three-years of experience at Level 2; is fully competent in all aspects of functional area of assignment and as such would be recognized as a specialist in area of assignment and may have periodic or occasional lead responsibilities.
- Knowledge of cyber security principles and practices.
- Knowledge of NERC CIP standards or similar information security, privacy, or regulatory standards (e.g. PCI-DSS, ISO 27001/27002, NIST, HIPAA).
- Project management, analysis, assessment and investigation skills to determine recommendations or plans of action.
- Excellent communication and interpersonal skills including the ability to consult and resolve internal or external compliance issues which may be sensitive in nature.
- Ability to work with all levels of an organization including people with different styles and backgrounds; ability to work as a member of a team and ability to present alternatives and recommendations.
- Proficient with the use of personal computers including spreadsheet, database, word processing, and presentation applications.
- Demonstrated experience in assisting with the design and implementation of security systems or controls
- Demonstrated experience using good oral and written communication skills and the ability to follow verbal and written instructions.
- Exhibited ability to work under stress and handle stressful situations.
- Experience in successfully leading projects/initiatives with multiple stake-holders and/or across multiple business units.
- 5 years' experience in the cyber security or NERC CIP compliance fields.
- Skills and experience with securing and monitoring SCADA assets and real-time networks
- Knowledge of the OSI model, SONET, serial communication, IDS/IPS, Switches, Routers, Firewalls, Energy Management Systems, RTU's, ICS devices used in theutility industry, TCP/IP, IEC 61850, Modbus, or DNP3
- A working knowledge of electric utility transmission and distribution system practices and principles.
- CompTIA Network+
- CompTIA Security+
- Cisco CCNA
- Any other relevant cyber security certification
Requisition ID: 9613
EOE - SRP encourages a diverse workforce
All candidates must be legally authorized to work in the United States.
Currently, SRP does not sponsor H1B visas.