CIP/O&P ENGINEER/SPECIALIST, RISK ASSESSMENT AND MITIGATION
SERC Reliability Corporation, Charlotte, NC, United States
SERC OVERVIEW
SERC Reliability Corporation (SERC) is one of six Regional Entities in North America authorized by the Federal Energy Regulatory Commission (FERC) through delegation agreements with the North American Electric Reliability Corporation (NERC). SERC is responsible for promoting the reliability and security of the bulk power system across the southeastern and central United States.
SERC's footprint spans approximately 630,000 square miles and serves more than 97 million people, including all or portions of Florida, Georgia, Alabama, Mississippi, Louisiana, Texas, Oklahoma, Arkansas, Missouri, Iowa, Illinois, Kentucky, Tennessee, Virginia, North Carolina, and South Carolina.
The electric grid is essential to public health, safety, and economic stability. SERC's mission is to reduce risks to the reliability and security of the bulk power system through effective and efficient oversight, analysis, and collaboration.
To support this mission, SERC maintains a multidisciplinary team of experts and works closely with industry stakeholders, neighboring Regional Entities, NERC, and federal partners. These partnerships enable informed, pragmatic, and impactful approaches to emerging and evolving reliability challenges.
POSITION SUMMARY
The CIP/O&P Engineer/Specialist, Risk Assessment and Mitigation is a subject matter expert (SME) responsible for performing risk assessments of potential Bulk Electric System noncompliance issues and associated mitigating activities, verifying the completion of those mitigating activities, performing inherent risk assessments of registered entities, and participating in internal controls assessments of registered entities in support of the Compliance Monitoring and Enforcement Program for the Critical Infrastructure Protection (CIP) reliability standards and/or the Operations & Planning (O&P) reliability standards.
DUTIES AND RESPONSIBILITIES
Compliance Enforcement Process
Provide subject matter expertise on the CIP and/or O&P reliability standards.
Act as compliance Single Point of Contact (SPOC) for registered entities, as assigned, to respond to potential noncompliances, and investigate, evaluate and make risk determinations of alleged violations; record relevant violation information in the compliance tracking and reporting system.
Develop comprehensive risk determination documentation comprising the relevant record for each assigned CIP and/or O&P noncompliance processed.
Communicate with registered entities, NERC, and other regions as necessary to investigate noncompliances and to pursue appropriate enforcement actions.
Review submitted mitigation plans for appropriate content; work with registered entities to produce mitigation plans to remedy violations and recommend mitigation plans for regional acceptance.
Respond to inquiries from registered entities, other SERC staff, other regional entities and NERC.
Obtain, document, and reference evidence and documentation in support of settlement discussions.
Utilize, create and maintain when appropriate, database queries and reports in support of compliance processing.
File documentation related to each step of the Compliance Monitoring and Enforcement Program process in the appropriate documentation repository.
Develop and produce compliance enforcement materials in support of presentations to the SERC Board of Directors and committees.
Perform initial screening and prioritization of new issues (self-report, audit findings, complaints, disturbances, or events).
Provide evidence, testimony, and documentation in support of Hearing Proceedings, as needed.
Risk Assessment
Assess regional risk on a periodic basis.
Assess entity level risk and controls in preparation for scoping compliance monitoring activities, as appropriate.
Assess risk / harm of Possible Violations and recommend Enforcement disposition commensurate with the assessed risk posed by the specific violation.
Identify and analyze emerging risks that have potential impact to the Bulk Electric System in conjunction with events analysis and compliance assessments.
Develop registered entity risk assessments.
Participate in registered entity internal control reviews.
Compliance Program Support
Assume responsibility as a subject matter expert for the development and revision of compliance implementation procedures and guides.
Review and summarize data analysis on CIP-related issues, including themes and trends.
Manage potential non-compliances of CIP and/or O&P issues and their related mitigation plans.
Facilitate, and lead where applicable, inter-regional working groups including scheduling and meeting preparations, agenda management, taking minutes, and maintaining task lists; participate in stakeholder interface group meetings, as assigned.
Perform other assignments as directed.
QUALIFICATIONS
Comprehensive and in-depth knowledge of the NERC CIP and/or O&P reliability standards.
Working knowledge of Bulk Electric System engineering, operations, and technical issues as they apply to NERC Reliability Standards.
Excellent organizational and time management skills.
Project management skills.
Ability to work with and analyze data‑intensive and detailed information, and to draw meaningful conclusions from that information.
Computer skills, proficient with Microsoft Office applications, including Word, Excel, Access, and PowerPoint.
Effective communication skills (face‑to‑face, telephone, written and email, and presentation skills).
DESIRED EDUCATION AND/OR EXPERIENCE
Five years of experience in electric utility industry operations, with experience working within an electric utility Control Center preferred.
Four year degree in Electrical Engineering, Computer Engineering, or similar advanced degree, or equivalent work experience.
One or more of the following certifications, or the ability to obtain within 12 months:
Professional Engineer license (PE)
NERC Certified System Operator (NCSO)
Certified Information Systems Auditor (CISA)
Certified Information System Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Risk and Information Systems Control (CRISC)
SALARY/BENEFITS
The salary range for this position is DOE. We offer a generous PTO package; paid holidays; medical, dental, vision, life, short-term and long-term disability insurance, and a 401(k) plan with an organization contribution of up to 14%.
PHYSICAL DEMANDS
Regularly required to sit for long periods of time; frequent hearing and talking required. Extensive keyboarding. May be required to lift up to 30 lbs.
WORK ENVIRONMENT
Hybrid work environment
Option 1: Dedicated office; Report to office 3-days per week
Option 2: Non-Dedicated Office (Hoteling); Report to office 2-days per week
Ability to travel as needed.
SERC is an Equal Opportunity Employer
#J-18808-Ljbffr
SERC Reliability Corporation (SERC) is one of six Regional Entities in North America authorized by the Federal Energy Regulatory Commission (FERC) through delegation agreements with the North American Electric Reliability Corporation (NERC). SERC is responsible for promoting the reliability and security of the bulk power system across the southeastern and central United States.
SERC's footprint spans approximately 630,000 square miles and serves more than 97 million people, including all or portions of Florida, Georgia, Alabama, Mississippi, Louisiana, Texas, Oklahoma, Arkansas, Missouri, Iowa, Illinois, Kentucky, Tennessee, Virginia, North Carolina, and South Carolina.
The electric grid is essential to public health, safety, and economic stability. SERC's mission is to reduce risks to the reliability and security of the bulk power system through effective and efficient oversight, analysis, and collaboration.
To support this mission, SERC maintains a multidisciplinary team of experts and works closely with industry stakeholders, neighboring Regional Entities, NERC, and federal partners. These partnerships enable informed, pragmatic, and impactful approaches to emerging and evolving reliability challenges.
POSITION SUMMARY
The CIP/O&P Engineer/Specialist, Risk Assessment and Mitigation is a subject matter expert (SME) responsible for performing risk assessments of potential Bulk Electric System noncompliance issues and associated mitigating activities, verifying the completion of those mitigating activities, performing inherent risk assessments of registered entities, and participating in internal controls assessments of registered entities in support of the Compliance Monitoring and Enforcement Program for the Critical Infrastructure Protection (CIP) reliability standards and/or the Operations & Planning (O&P) reliability standards.
DUTIES AND RESPONSIBILITIES
Compliance Enforcement Process
Provide subject matter expertise on the CIP and/or O&P reliability standards.
Act as compliance Single Point of Contact (SPOC) for registered entities, as assigned, to respond to potential noncompliances, and investigate, evaluate and make risk determinations of alleged violations; record relevant violation information in the compliance tracking and reporting system.
Develop comprehensive risk determination documentation comprising the relevant record for each assigned CIP and/or O&P noncompliance processed.
Communicate with registered entities, NERC, and other regions as necessary to investigate noncompliances and to pursue appropriate enforcement actions.
Review submitted mitigation plans for appropriate content; work with registered entities to produce mitigation plans to remedy violations and recommend mitigation plans for regional acceptance.
Respond to inquiries from registered entities, other SERC staff, other regional entities and NERC.
Obtain, document, and reference evidence and documentation in support of settlement discussions.
Utilize, create and maintain when appropriate, database queries and reports in support of compliance processing.
File documentation related to each step of the Compliance Monitoring and Enforcement Program process in the appropriate documentation repository.
Develop and produce compliance enforcement materials in support of presentations to the SERC Board of Directors and committees.
Perform initial screening and prioritization of new issues (self-report, audit findings, complaints, disturbances, or events).
Provide evidence, testimony, and documentation in support of Hearing Proceedings, as needed.
Risk Assessment
Assess regional risk on a periodic basis.
Assess entity level risk and controls in preparation for scoping compliance monitoring activities, as appropriate.
Assess risk / harm of Possible Violations and recommend Enforcement disposition commensurate with the assessed risk posed by the specific violation.
Identify and analyze emerging risks that have potential impact to the Bulk Electric System in conjunction with events analysis and compliance assessments.
Develop registered entity risk assessments.
Participate in registered entity internal control reviews.
Compliance Program Support
Assume responsibility as a subject matter expert for the development and revision of compliance implementation procedures and guides.
Review and summarize data analysis on CIP-related issues, including themes and trends.
Manage potential non-compliances of CIP and/or O&P issues and their related mitigation plans.
Facilitate, and lead where applicable, inter-regional working groups including scheduling and meeting preparations, agenda management, taking minutes, and maintaining task lists; participate in stakeholder interface group meetings, as assigned.
Perform other assignments as directed.
QUALIFICATIONS
Comprehensive and in-depth knowledge of the NERC CIP and/or O&P reliability standards.
Working knowledge of Bulk Electric System engineering, operations, and technical issues as they apply to NERC Reliability Standards.
Excellent organizational and time management skills.
Project management skills.
Ability to work with and analyze data‑intensive and detailed information, and to draw meaningful conclusions from that information.
Computer skills, proficient with Microsoft Office applications, including Word, Excel, Access, and PowerPoint.
Effective communication skills (face‑to‑face, telephone, written and email, and presentation skills).
DESIRED EDUCATION AND/OR EXPERIENCE
Five years of experience in electric utility industry operations, with experience working within an electric utility Control Center preferred.
Four year degree in Electrical Engineering, Computer Engineering, or similar advanced degree, or equivalent work experience.
One or more of the following certifications, or the ability to obtain within 12 months:
Professional Engineer license (PE)
NERC Certified System Operator (NCSO)
Certified Information Systems Auditor (CISA)
Certified Information System Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Risk and Information Systems Control (CRISC)
SALARY/BENEFITS
The salary range for this position is DOE. We offer a generous PTO package; paid holidays; medical, dental, vision, life, short-term and long-term disability insurance, and a 401(k) plan with an organization contribution of up to 14%.
PHYSICAL DEMANDS
Regularly required to sit for long periods of time; frequent hearing and talking required. Extensive keyboarding. May be required to lift up to 30 lbs.
WORK ENVIRONMENT
Hybrid work environment
Option 1: Dedicated office; Report to office 3-days per week
Option 2: Non-Dedicated Office (Hoteling); Report to office 2-days per week
Ability to travel as needed.
SERC is an Equal Opportunity Employer
#J-18808-Ljbffr