CIP Cyber Security Specialist

Ensures execution of the security services and CIP compliance for generating plants. Will be responsible for maintaining inventories, configuration baselines, security logging and patching. Will work with compliance and controls personnel to implement and maintain the program and serve as the primary contact for the services.

*Ensure compliance to all NERC-CIP Standards at NRG's facilities.

*Primary responsibility for CIP compliance at assigned site.

• Create and maintain compliance or operational procedures as required.

*Be the lead for all CIP related Physical and Electronic Access Control for identified site.

*Be the primary contact for issues with Physical Security at all assigned sites for Physical Security Perimeters, including verifying those needing accesses, response to breaches and security system failures.

*Determination, verification and justification of all open ports and enabled services on Cyber Assets.

*Assessment of security patches and updates for all Cyber Assets.

*Deployment or mitigation of required security patches and updates to all Cyber Assets.

*Insure that Cyber Assets are protected by Antivirus/Antimalware applications; update as required.

*Insure required logging and alerting of Cyber Assets is functional; respond to detection of various types of alerts or breaches.

*Be the administrator for personnel needing electronic access, both local and remote, to Cyber Assets.

*Follow NRG's Policy and Procedure for reporting of Cyber or Physical Security Incidents. Assist in testing of the Incident reporting procedure annually.

*Perform and verify backups of Cyber Assets.

*Create and maintain disaster recovery procedures and assist with performance

• Follow and assist others in following the NRG Policy and Procedures for Change Management.

*Perform Cyber Vulnerability Assessments as needed.

*Provide accurate documentation for all NERC evidence requirements; complete evidence collections tasks in NRG's workflow program in a timely manner.

*Assist with Compliance Requirements at other sites in the region as needed as well as being available to assist team members at other sites across the NRG fleet if needed.

*Work with team members on projects and new, innovative ideas.

*Working with various teams, prepare evidence needed for NERC Audits.

*Maintain great working relationships with site personnel and other teams.

*Some travel required- approximately 15-25%.

*Other duties as required.

*Work in an open office or power plant environment

*Work overtime and non-standard working hours as directed

• Over three years of experience in Cybersecurity, NERC-CIP compliance, and/or power generation and transmission operations.
• Hands-on experience with Distributed Control Systems (DCS).
• Strong understanding of Operational Technology (OT) environments and Balance of Plant (BoP) systems.
• Skilled in performing system backups and restoration procedures for OT systems.
• Proficient in asset protection strategies, including antivirus/antimalware deployment, security patching, and continuous security monitoring.
• Experience in configuring, patching, and maintaining Windows-based servers and workstations, including anti-malware management.
• Solid working knowledge of Microsoft Access, Word, Excel, Visio, and Unix systems for both server and workstation environments.
• Practical experience with Unix/Linux operating systems.
• Familiarity with OT network infrastructure, including firewalls, switches, and routers.

• Bachelor's degree in information technology, engineering or related area
• Cybersecurity certifications such as GCIP, CISSP, CISA, Security
• NERC-CIP experience and knowledge of NERC-CIP Standards and Requirements.
• Knowledge and/or experience working with Distributed Control Systems (DCS).
• Knowledge of OT Technologies and Balance of Plant (BoP) Systems.
• Experience working with Ovation, T3000, Symphony , or GE Control Systems
• Experience using vulnerability scanning tools.
• Experience provisioning and maintenance of PACS.
• Administration experience of Windows and as related to both servers and workstations.

• Demonstrated ability to communicate (verbal and written) with all levels of internal and external customers.

• Demonstrated ability to work independently and as a team member.

• Demonstrated ability to set priorities and to respond to changing demands.

• Ability to exercise discretion and independent judgment in applying established techniques, procedures or standards; demonstrated ability to maintain confidentiality.

*Socialize innovative ideas with the team and others.

*Performs moderately complex work assignments under minimal supervision.

*Works to resolves moderately complex issue and seeks guidance from team members on escalated issues.

*Demonstrated ability to communicate (verbal and written) with all levels of internal and external customers.

*Demonstrated ability to work independently and as a team member.

* 1 year or more of experience with system management (patching, troubleshooting, administration)

* Demonstrated ability to set priorities and to respond to changing demands.

*Ability to exercise discretion and independent judgment in applying established techniques, procedures or standards; demonstrated ability to maintain confidentiality.

Demand

Frequency

*Requires lifting as appropriate to complete duties

Occasional

NRG Energy is committed to a drug and alcohol free workplace.To the extent permitted by law and any applicable collective bargaining agreement, employees are subject to periodic random drug testing, and post-accident and reasonable suspicion drug and alcohol testing. EOE AA M/F/Vet/DisabilityLevel, Title and/or Salary may be adjusted based on the applicant's experience or skills.Official description on file with Human Resources.