Georgia Systems Operations Critical Infrastructure Protection (CIP) Compliance Manager in Tucker, Georgia
Critical Infrastructure Protection (CIP) Compliance Manager
Title: Critical Infrastructure Protection (CIP) Compliance Manager
Employment Duration: Full time
Location: GSOC Headquarters: Tucker, GA
The Critical Infrastructure Protection (CIP) Compliance Manager is responsible for administering GSOC’s Compliance Program regarding applicable NERC CIP Reliability Standards “Compliance Program”. The CIP Compliance Manager collaborates and coordinates with other FOC departments to ensure that GSOC actively maintains its Compliance Program and associated activities necessary to remain in compliance with the CIP reliability standards. The Compliance Program includes activities to ensure compliance associated with GSOC’s regulatory and contractual compliance obligations that have been undertaken on behalf of other companies or that have been delegated to other companies by GSOC.
The CIP Compliance Manager is also responsible for:
Coordinating CIP reporting requirements with the ERO Enterprise
Coordinating self-reporting and mitigation activities internally and with the ERO Enterprise compliance and enforcement functions
Acting as the GSOC liaison with the ERO Enterprise for official communications
Maintaining and updating all documentation, including internal controls, related to the CIP portion of the Compliance Program, including for those tasks/services provided to or by other companies within the FOC
Reporting on the overall status of the CIP portion of NERC compliance and related elements of the Compliance Program
Responding to questions and requests for assistance regarding the Compliance Program from GSOC employees and authorized internal and external compliance authorities
Monitoring the NERC and SERC web sites to identify activities regarding regulatory activities, including new or revisions to existing Reliability Standards that potentially or actually affect GSOC
Ensuring that the Director, Legal and Compliance and the Chief Legal & Compliance Officer are notified and aware of any and all deficiencies in the Compliance Program or GSOC’s compliance with the CIP standards and any associated compliance reviews
Coordinating and ensuring that all improvements and/or corrective actions required to address any deficiencies are completed in a timely manner
Coordinating CIP compliance activities and commenting activities with System Operations and the Family of Companies (FOC)
Performance of an annual risk assessment review and compliance monitoring schedule
NERC Compliance Department Program: Manage, develop, implement, measure, evaluate, and enhance the CIP component of the Compliance Program, including related policies, guidelines, and procedures, education, training, and monitoring of all ongoing aspects of the program. Administer internal steering committees and associated sub-committees or other groups as needed, in the oversight, development, administration, and maturity of the program and GSOC’s compliance posture. Perform an annual risk assessment and review/revise associated compliance monitoring schedules. Develop and maintain procedures to satisfy the objectives of the Compliance Program and establish processes to assure continued compliance. Responsible for continually evaluating and tracking the effectiveness of the program and evaluating the performance of both the company and the Compliance Program in ensuring that the culture of compliance and reliability meets GSOC’s expectation of excellence. Establish and implement periodic monitoring and evaluation programs to effectively assess the Compliance Program and processes that are in place and propose modifications and enhancements as necessary and appropriate to meet Best Practices and assure appropriate maturity. Maintain the CIP Compliance portion of the department’s web site.
Compliance Reviews: Investigate and respond to compliance concerns or business questions by conducting appropriate and thorough reviews. The purpose of the review will be to gather facts and evidence, to perform appropriate and necessary research, to make a clear and factual account of the issue or concerns, and to develop recommendations that will improve and strengthen GSOC’s compliance with reliability standards or the Compliance Program. Monitor, support, and participate in periodic compliance tasks (as applicable), including document, process, and controls reviews, to ensure that they are completed in a timely and accurate manner and that the results include supporting compliance evidence, demonstrate compliance with the requirements(s), supports the internal control program, and is being retained by the appropriate GSOC personnel. Assist the Audit & Consulting (“A&C”) department as requested in audits related to compliance with NERC reliability standards.
Internal Coordination and Communication: Coordinate with GSOC’s subject matter experts and the GTC and OPC compliance personnel on compliance activities and initiatives including, but not limited to, comments requested by FERC, NERC and SERC as applicable and appropriate, audit preparation, data request and other submittals, etc. Determine (in collaboration with subject matter experts) and document the required actions associated with an alert, data request, or other external opportunity/request for data, information, or comment. Coordinate responses with FOC subject matter experts and ensure all submissions, including comments and ballots put forth a consistent, consensus FOC position when possible. Develop, document, and manage efforts to communicate the Compliance Program to all GSOC employees, including written materials and training programs designed specifically to promote understanding of compliance issues, laws and regulations, and consequences of non-compliance. Lead the effort to plan and execute annual, focused NERC compliance activities. Ensure that the appropriate GSOC department has the information to successfully implement process, procedures, tools and training to meet new or revised standards.
Standards Development/Data Request/External Monitoring and Response: Review, summarize, and/or disseminate relevant information by actively monitoring the SERC web portal (or any successor system), FERC, NERC, and SERC communications obtained from web sites, webinars, NERC news, SERC lessons learned, NERC Notices of Penalties, etc. Ensure timely acknowledgments to NERC alerts or other data requests. Submit all information, responses, comments, and votes on reliability matters or as requested of GSOC. Serve either as the administrator or back up administrator for the SERC web portal administrator (or any successor system).
Self-Assessments/Certifications: Ensure that those responsible for assigned standards and/or requirements are aware of self-assessments/certifications requirements (whether internal or external) as well as compliance effective dates and readiness reviews in advance of the required dates. Monitor processes and notifications, review documents and evidence provided by GSOC’s subject matter experts, identify potential compliance concerns, and complete any necessary regulatory certification statements or other internal completion steps. Ensure self-assessments/certifications are approved by the appropriate senior manager in a timely manner. Ensure that compliance evidence is being collected and stored and is sufficient to demonstrate compliance.
Various other responsibilities:
Documentation: Maintain accurate and comprehensive documentation of the compliance activities performed pursuant to the Compliance Program as needed to successfully meet requirements of audits and to demonstrate that tasks are completed timely.
A&C Coordination/Reviews: Work with A&C to ensure audit requirements are met. Follow up on the commitments made with regard to corrective action(s) to assure implementation/completion. On occasion, this position, in conjunction with A&C, may support and/or participate in internal compliance reviews of the Compliance Program and prepare documentation for management review.
Backup: Serve as backup for the Director, Legal and Compliance as needed.
Assist, as needed, in the administration of the corporation’s efforts with regard to compliance generally.
Responsible for supporting and administering audit preparation efforts, other efforts that support periodic compliance monitoring of GSOC, and other special projects, as assigned.
Education: Bachelor of Science in Electrical Engineering, or Bachelor of Computer Science or Business. A Master’s degree in Business Administration is very desirable.
Experience: Twelve (12) years of experience as a business analyst, control engineer, information technology analyst, or a similar position in the computer industry. Six (6) years of experience with an electric utility in Compliance, Operations, or Information Technology role is required. Experience in a NERC CIP Compliance role and experience with a GE XA21 Energy Management System are very desirable. Five (5) years of experience in project management is preferable. Additional experience in change management, process design, process improvement, performance monitoring, quality assurance, training and auditing is desirable.
Equivalent Experience: Eighteen (18) years of experience as a business analyst, compliance control engineer, information technology analyst or engineer, or a similar position in the computer industry. Six (6) years of experience with an electric utility in Compliance, Operations, or Information Technology is required. Experience in a NERC CIP Compliance role and experience with an Energy Management System is very desirable. Experience with a GE XA21 Energy Management System is very desirable. Five (5) years of experience in project management. Additional experience in change management, process design, process improvement, performance monitoring, quality assurance, training and auditing is desirable.
Licenses, Certifications, and/or Registrations: Project Management certification is very desirable. Must be eligible to be authorized for access as defined in GSOC’s cyber security personnel risk assessment program.
Specialized Skills: Expertise in a variety of MS products is desirable. MS Project expertise is highly desirable. Experience with change management software is highly desirable. Should have working knowledge of process improvement tools and methods. Facilitation skills, presentation skills, excellent written and oral communication skills, and ability to influence others through excellent interpersonal skills are required. Strong analytical ability and ability to prioritize projects and multitask required. Must have experience working with individuals at multiple levels within the Company, handling sensitive and confidential matters, and resolving conflicts. Assignments are broad in nature, requiring appreciable originality, ingenuity, problem-solving ability, sound judgment, and common sense. Excellent organizational skills and customer/team communications skills are needed to be successful.
Georgia System Operations Corporation is an Equal Employment Opportunity Employer, including veterans and disabled. We are a drug-free workplace. All applicants are subject to substance abuse testing.