Duck River Electric Membership Corporation
SENIOR NERC CIP COMPLIANCE SPECIALIST
Duck River Electric Membership Corporation, Tampa, Florida, us, 33646
Position Summary Description
The position is responsible for the development, implementation, monitoring, and management of Seminole’s North American Electric Reliability Corporation (NERC) compliance program. This role executes specific tasks, prepares or reviews evidence showing compliance with NERC Critical Infrastructure Protection (CIP) Reliability Standards, coordinates compliance activities, and provides guidance to Subject Matter Experts (SMEs). Implements systematic continuous improvements of compliance policies, procedures, training materials, and asset lists. Maintains knowledge of current and future regulatory requirements and assesses their impact on Seminole.
Essential Functions
Guides SMEs in the development and implementation of compliance processes and procedures.
Develops internal processes and controls to achieve and sustain compliance with all applicable NERC Reliability Standards, FERC Standards of Conduct, and market manipulation training requirements.
Completes internal activities relating to initiation and implementation of program changes.
Assists in the development and maintenance of relevant training materials for compliance program.
Provides training and direction to personnel in order to maintain an environment of continuous improvement.
Oversees, Coordinates, and/or Manages:
the non-compliance process to document non-compliance to NERC standards, coordinates the evaluation of each occurrence, and tracks the implementation of corrective action
regulatory audit preparation activities to include preparation, critique and validation of reliability standard audit worksheets (RSAW's) and periodic updates
all on and off-site activities for self-certifications, audits, and cyber vulnerability assessments through the collection of documents and evidence and interaction with regulatory personnel
response and action items required to ensure audit and cyber vulnerability assessment findings, and non-compliance suspense dates and required regulatory submittals are met
the storage of required NERC compliance documentation and evidence to ensure the material is available and follows BES Cyber System Information requirements
balloting reviews for new and revised NERC Reliability Standards
Presents updates to leadership on the status of programs, plans, reports, and related documents.
Establishes and maintains effective relationships with local industry, regional entities and internal stakeholders to allow for effective achievement of business goals and compliance with program requirements.
Monitors NERC Reliability Standards as well as SERC Compliance Monitoring and Enforcement Program (CMEP), to ensure Seminole remains in compliance with regulatory requirements.
Participates in the NERC Standards Development Process as necessary to ensure Seminole’s interests are addressed when existing standards are revised, or new standards are proposed.
Reviews correspondence from NERC, SERC, and industry groups to gain understanding of compliance program and appropriate electric utility industry regulatory requirements.
Performs other duties as applicable to the position or as assigned
NERC Compliance
NERC Compliance Program roles if/as designated in Seminole’s Standard Ownership Matrix (SOM) including ongoing evidence retention in "audit-ready" form. Familiarity with Seminole’s Enterprise Internal Compliance Program (ENT-GCD-RGC-EP-054) is also expected.
Qualifications and Education Requirements Bachelor's degree in Computer or Information Sciences, Cyber Security, Electrical Engineering, Mechanical Engineering, Business Administration or Process Management, Auditing, or Risk Management. Alternative degrees in combination with specialized experience and/or certifications may be considered.
Desire four (4) - six (6) years' experience in two of the following:
NERCCIP Compliance
Information Technology (IT), Cyber Security or comparable experience with emphasis on technical and security domains
Auditing or Risk Management
Electric Utilities experience subject to NERC Standards
Core Competencies: Adaptable, Collaborative, Conscientious, Critical-Thinking, Outcome-Driven and Professional
Technical Competencies/Skills
Demonstrated experience of sufficient knowledge of:
NERC CIP Reliability Standards
auditing procedures and risk management
change management, incident reporting and response planning
developing, implementing, and maintaining processes, procedures, and evidence
business continuity processes and disaster recovery
basic enterprise cyber security principles
system operator protocols
Transmission, Generation, Distribution, or Energy Management Systems
Proficiency with Microsoft Office applications
Soft Competencies/Skills
Effective verbal/nonverbal, listening and written communications
Proficient writing and presentation skills
Ability to:
multitask and manage multiple priorities to meet multiple deadlines
direct program work and lead cross‑functional team efforts as necessary
direct compliance teamwork during absence of Regulatory Compliance Management
interpret data and produce informative reports
initiate projects as required
Be self‑directed, originate new ideas, and be able to present methods to others
Physical Requirements Must be able to follow established protective measures including wearing required personal protective equipment (PPE). Must have a valid driver’s license and be able to maintain an acceptable motor vehicle report. Must be able to lift 25 pounds if needed.
Working Conditions Some travel and work outside of normal business hours. While working in certain areas of the plant there is the potential for exposure to hazards typical of an industrial working environment.
Disclaimer - Management may modify this job description at any time and may require the performance of additional duties, or modification of physical requirements, with or without advance notice.
#J-18808-Ljbffr
Essential Functions
Guides SMEs in the development and implementation of compliance processes and procedures.
Develops internal processes and controls to achieve and sustain compliance with all applicable NERC Reliability Standards, FERC Standards of Conduct, and market manipulation training requirements.
Completes internal activities relating to initiation and implementation of program changes.
Assists in the development and maintenance of relevant training materials for compliance program.
Provides training and direction to personnel in order to maintain an environment of continuous improvement.
Oversees, Coordinates, and/or Manages:
the non-compliance process to document non-compliance to NERC standards, coordinates the evaluation of each occurrence, and tracks the implementation of corrective action
regulatory audit preparation activities to include preparation, critique and validation of reliability standard audit worksheets (RSAW's) and periodic updates
all on and off-site activities for self-certifications, audits, and cyber vulnerability assessments through the collection of documents and evidence and interaction with regulatory personnel
response and action items required to ensure audit and cyber vulnerability assessment findings, and non-compliance suspense dates and required regulatory submittals are met
the storage of required NERC compliance documentation and evidence to ensure the material is available and follows BES Cyber System Information requirements
balloting reviews for new and revised NERC Reliability Standards
Presents updates to leadership on the status of programs, plans, reports, and related documents.
Establishes and maintains effective relationships with local industry, regional entities and internal stakeholders to allow for effective achievement of business goals and compliance with program requirements.
Monitors NERC Reliability Standards as well as SERC Compliance Monitoring and Enforcement Program (CMEP), to ensure Seminole remains in compliance with regulatory requirements.
Participates in the NERC Standards Development Process as necessary to ensure Seminole’s interests are addressed when existing standards are revised, or new standards are proposed.
Reviews correspondence from NERC, SERC, and industry groups to gain understanding of compliance program and appropriate electric utility industry regulatory requirements.
Performs other duties as applicable to the position or as assigned
NERC Compliance
NERC Compliance Program roles if/as designated in Seminole’s Standard Ownership Matrix (SOM) including ongoing evidence retention in "audit-ready" form. Familiarity with Seminole’s Enterprise Internal Compliance Program (ENT-GCD-RGC-EP-054) is also expected.
Qualifications and Education Requirements Bachelor's degree in Computer or Information Sciences, Cyber Security, Electrical Engineering, Mechanical Engineering, Business Administration or Process Management, Auditing, or Risk Management. Alternative degrees in combination with specialized experience and/or certifications may be considered.
Desire four (4) - six (6) years' experience in two of the following:
NERCCIP Compliance
Information Technology (IT), Cyber Security or comparable experience with emphasis on technical and security domains
Auditing or Risk Management
Electric Utilities experience subject to NERC Standards
Core Competencies: Adaptable, Collaborative, Conscientious, Critical-Thinking, Outcome-Driven and Professional
Technical Competencies/Skills
Demonstrated experience of sufficient knowledge of:
NERC CIP Reliability Standards
auditing procedures and risk management
change management, incident reporting and response planning
developing, implementing, and maintaining processes, procedures, and evidence
business continuity processes and disaster recovery
basic enterprise cyber security principles
system operator protocols
Transmission, Generation, Distribution, or Energy Management Systems
Proficiency with Microsoft Office applications
Soft Competencies/Skills
Effective verbal/nonverbal, listening and written communications
Proficient writing and presentation skills
Ability to:
multitask and manage multiple priorities to meet multiple deadlines
direct program work and lead cross‑functional team efforts as necessary
direct compliance teamwork during absence of Regulatory Compliance Management
interpret data and produce informative reports
initiate projects as required
Be self‑directed, originate new ideas, and be able to present methods to others
Physical Requirements Must be able to follow established protective measures including wearing required personal protective equipment (PPE). Must have a valid driver’s license and be able to maintain an acceptable motor vehicle report. Must be able to lift 25 pounds if needed.
Working Conditions Some travel and work outside of normal business hours. While working in certain areas of the plant there is the potential for exposure to hazards typical of an industrial working environment.
Disclaimer - Management may modify this job description at any time and may require the performance of additional duties, or modification of physical requirements, with or without advance notice.
#J-18808-Ljbffr