CIP Compliance Program Manager

Notice to recruiters: Platte River Power Authority does not accept unsolicited resumes from headhunters, recruitment agencies or fee-based placement services. No agency emails, calls, or solicitations to staff are accepted without a valid agreement. Any unsolicited resume submitted to staff will be considered property of Platte River Power Authority and with no obligation to pay any referral fees.

Job summary  

Provides governance, coordination, documentation, and compliance assurance for Platte River’s North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) program. Partners closely with Information Technology (IT), Operational Technology (OT), Physical Security, and business units to ensure applicable CIP requirements are implemented, evidenced, and audit-ready across Low and Medium Impact BES Cyber Systems.

The position resides within the Cybersecurity organization and serves as the primary point of coordination for CIP compliance activities, internal reviews, and audit preparation. The role works in close coordination with the Reliability Compliance organization to support regulatory compliance activities while remaining independent of the Registered Entity compliance function. System ownership and control implementation remain with IT, OT, and other designated control owners across the organization.

This role is critical to ensuring the secure and reliable operation of the Bulk Electric System by supporting compliance with evolving NERC CIP standards.

This posting will close no later than February 26.

Work environment and schedule  

This position works a typical workweek schedule (Monday through Thursday or Monday through Friday) in a general office environment and may be eligible for hybrid workdays. The successful candidate should reside within a commutable distance of Fort Collins. Performing this work requires occasional physical effort to lift and carry light objects and is primarily sedentary; minimal walking or standing is required on an as-needed basis.

Essential duties and responsibilities  

CIP compliance governance and coordination

• Provide governance and oversight for the execution of Platte River’s NERC CIP compliance program
• Serve as the central point of coordination for CIP-related compliance activities across applicable business units
• Establish and maintain CIP compliance schedules, milestones, and tracking mechanisms
• Partner with IT and OT control owners to interpret CIP requirements and define compliance expectations
• Identify, track, and escalate compliance risks, gaps, and material issues through established governance channels

CIP program documentation and evidence management

• Develop, maintain, and update CIP programs, procedures, and supporting documentation
• Coordinate document review, approval, and version control processes
• Establish and maintain a structured system for evidence collection, storage, retention, and retrieval
• Ensure evidence meets audit defensibility standards, including completeness, traceability, and timeliness

Compliance assurance and internal controls

• Perform periodic internal compliance reviews, validations, and spot checks
• Review completed compliance activities for accuracy and completeness
• Design, implement, and maintain internal compliance controls to support sustained compliance
• Provide independent compliance assurance activities in support of the Reliability Compliance function
• Support Low Impact attestations and Medium Impact self-certifications

Audits and regulatory interface

• Serve as the primary internal coordinator for NERC CIP audits, working in partnership with the Reliability Compliance organization
• Support Reliability Compliance with audit preparation, evidence readiness, interviews, and response development
• Collect, review, and format evidence for audit submissions
• Maintain and update Reliability Standard Audit Worksheets and Evidence Request Tool content
• Track mitigation activities, milestones, and closure documentation

IT and OT compliance interface

• Act as a liaison between compliance requirements and IT/OT implementation activities
• Provide guidance on CIP interpretation without assuming system design or operational responsibility
• Review technical and procedural controls for compliance sufficiency
• Coordinate remediation tracking for identified compliance gaps

CIP training and program support

• Develop and deliver CIP compliance training and awareness sessions
• Facilitate CIP status meetings and compliance reviews
• Provide implementation guidance as CIP standards and guidance evolve

Compliance tooling and automation

• Administer and maintain CIP compliance tools (e.g., SigmaFlow)
• Configure workflows, notifications, reporting, integrations, and evidence collection
• Act as business owner for CIP compliance tooling enhancements
• Ensure compliance tools operate effectively and support audit and reporting needs

Standards monitoring and industry participation

• Monitor changes to NERC CIP standards, guidance, alerts, and lessons learned
• Coordinate internal responses to NERC Alerts and industry communications
• Participate in industry working groups, workshops, and standards review activities
• Translate standards changes into updated compliance documentation and processes

Knowledge, skills, and abilities  

• Strong understanding of NERC CIP standards and compliance expectations
• Ability to evaluate technical implementations for: 
  • Electronic Security Perimeters (ESPs)
  • Interactive Remote Access (IRA) solutions
  • Jump hosts and access gateways
  • Firewall rulesets and logging controls
  • System integrity monitoring solutions and controls
• Familiarity with Identity and Access Management (IAM) and Privileged Access Management (PAM)
• Ability to interpret regulatory requirements and translate them into actionable compliance guidance
• Excellent organizational skills and attention to detail
• Strong verbal and written communication skills
• Ability to work independently with limited supervision
• Proficiency in Microsoft Office suite
• Ability to conduct research, develop compliance documentation, and recommend courses of action

Qualified candidates  

Required criteria

• Five years in NERC CIP compliance, regulatory compliance, cybersecurity governance, or audit-related work experience in technical or regulatory documentation and evidence development.
• Demonstrated experience supporting NERC CIP audits, self-certifications, or internal compliance reviews. 
• Bachelor's degree in information technology, cybersecurity, engineering, or related technical field, or equivalent experience
• GIAC GCIP certification or ability to obtain within one year.
• Valid driver’s license and ability to remain insurable under the vehicle liability policy.
• A bachelor’s degree in information systems, cybersecurity, engineering, or related field is preferred; a high school diploma or GED is required.

Pay  

This is an exempt role; salaries are paid bi-weekly and are annualized below for reference. Factors that may be used to determine actual salary include specific skills, years of experience, education, and certifications.  

• Full range: $122,373 to $177,442    
• Hiring range: $122,373 to $149,908 

Salary : $122 - $177