What are the responsibilities and job description for the Senior NERC CIP Compliance Analyst position at Consolidated Asset Management Services Texas, LLC?
The Sr. NERC CIP Compliance Specialist provides critical on-site leadership to protect and maintain the integrity of control and business networks at our Low and medium-impact generating stations. This role drives continuous compliance with NERC CIP cybersecurity standards, leads site security initiatives, and serves as the primary subject matter expert for station personnel. Operating as a key liaison, this position partners with cross-functional stakeholders to enforce a secure operational environment and ensure continuous audit readiness through rigorous evidence management.
Essential Duties and Responsibilities
- Program Ownership: Build, optimize, and maintain on-site processes and documentation to ensure continuous adherence to NERC CIP standards.
- Asset & Baseline Management: Maintain accurate cyber asset inventories and manage baseline change control workflows.
- Audit Leadership: Lead RSAW/ERT preparation and submission for Regional Entity audits, spot checks, and compliance investigations.
- Access Control: Maintain compliant physical and electronic security perimeters and access controls for all site assets.
- Routine Compliance: Execute daily, monthly, quarterly, and annual CIP compliance activities in accordance with program procedures.
- Liaison & RFI Coordination: Serve as the primary site contact for Regional Entities; coordinate cross-functional teams to fulfill RFIs and remediate findings.
- Training Delivery: Deliver and support mandatory NERC CIP cybersecurity compliance training programs for site personnel.
- Patch Management: Direct the end-to-end patch management lifecycle, ensuring BES Cyber Assets are monitored and updated within regulatory timelines.
- Incident Response & Drills: Lead the annual testing, documentation, and reporting of the Cyber Security Incident Response Plan (CIP-008) and Recovery Plans (CIP-009).
- Vulnerability Assessments (CIP-010): Orchestrate annual Critical Vulnerability Assessments (CVAs) while ensuring zero adverse impact to operational BES infrastructure.
- Information Protection: Oversee the identification, classification, and secure handling of Bulk Electric System (BES) Cyber System Information (BCSI) to prevent unauthorized disclosure.
- Supply Chain Risk (CIP-013): Lead supply chain risk assessments and collaborate with procurement/legal to enforce cybersecurity contract clauses.
- Self-Assessments & Mitigation: Conduct proactive internal compliance self-assessments; manage the identification, self-logging, and mitigation of compliance deviations.