National Grid Compliance Analyst (Associate, Sr., Lead) in Northborough, Massachusetts

_About the Position:_* *

National Grid’s Critical National Infrastructure (CNI) department provides IT support services for the SCADA applications that drive the company’s operations. The Compliance Analyst role will operate as part of the CNI Energy Management Systems (EMS) support team with primary focus on NERC-CIP compliance and cyber security of the application infrastructure located at the Northborough, MA and Lincoln, RI facilities.

The position will require the successful candidate to perform a broad range of infrastructure, compliance, and cyber security support tasks covering desktops, servers, and appliances. Candidate will regularly collaborate with counterparts in other CNI teams to ensure standards and best practices are followed.

_Position Responsibilities (including but not limited to):_* *

  • Ensure that configuration, change management, and patch management processes are documented accurately and actions taken are compliant with National Grid policies.

  • Utilize automated software tools, including the BigFix, Cisco SourceFire, McAfee, and Tripwire products to manage device baselines, changes, security patches, and cyber threats.

  • Monitor and maintain changes to device baselines, investigate and document change reasons. Create security incidents for unauthorized changes.

  • Ensure devices are logging and reporting using the Tripwire software suite.

  • Coordinate with the EMS support staff and application vendors, including EMS vendors, to evaluate software and security patches based on operational constraints.

  • Conduct periodic vulnerability assessments using the Tripwire IP360 tool. Ensure vulnerabilities are documented, develop remediation plans and track activities to completion.

  • Serve as the subject matter expert for compliance assessments and audits.

  • Work cooperatively with other NERC CIP Compliance analysts, cross-train in additional compliance activities and serve as a backup as necessary.

  • Participate in department and/or cross-functional teams to complete special projects or assignments as requested

  • Monitor and maintain the overall health of the electrical SCADA system including workstations, servers, communications’ equipment and application software.

  • Participate in team meetings and conference calls to ensure awareness of ongoing activities and priorities.

  • Respond to major incidents as part of a team.

  • Participate in an on call rotation, providing after-hours and storm support when required.

_Knowledge & Experience Required:_* *

  • Bachelor's degree in Computer Science, Cyber Security, or other related discipline and at least three (3) years of experience working in implementing regulatory/industry security standards and compliance.

  • Must possess strong writing, verbal communication and documentation skills and the ability to achieve and communicate with a sense of urgency

  • Ability to work with a variety of personnel and be conversant with both technical and business-oriented personnel

  • Ability to articulate how people, process and technology, collectively, are essential in establishing and executing a NERC CIP compliance strategy

  • Competency with network security and information security concepts and technologies

  • Ability to meet pressured deadlines, time constraints and periodic requirements

  • Demonstrated ability to develop long-range program plans, set goals and objectives, and decisions on program priorities and analyze program effectiveness

  • Experience with Windows and Linux operating systems.

_Familiarity with the following is desirable:_

  • Patch Management

  • Configuration & Change Management

  • Intrusion Detection and Prevention

  • Risk Assessment methodologies

  • Information Protection (including information classification)

  • Disaster Recovery Planning

  • Industry Standards for Process Control Security

  • Access Management

  • Secure Network Architecture

  • NERC CIP 002-011 Standards

  • Microsoft Excel and Access

This position is one of National Grid’s career path roles which provide for promotional opportunities within and across salary bands as you develop and evolve in the position by gaining experience, expertise and acquiring and applying technical skills.

/National Grid is an equal opportunity employer thatvaluesa broad diversity of talent, knowledge, experience and expertise. We foster a culture ofinclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to bean affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team./

Job: *IS Service Delivery

Organization: *IS Service Delivery

Title: Compliance Analyst (Associate, Sr., Lead)

Location: MA-Northborough

Requisition ID: 20181509