Our Company

The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the bulk power system through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United States, Canada, and the northern portion of Baja California, Mexico. NERC is the Electric Reliability Organization (ERO) for North America, subject to oversight by the Federal Energy Regulatory Commission (FERC) and provincial authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the bulk power system, which serves nearly 400 million people.

Our Mission

The vision for the ERO Enterprise, which is comprised of NERC and the six Regional Entities, is a highly reliable and secure North American bulk power system. Our mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid.

Your Impact

The Electricity Sector OT/ICS Cybersecurity Specialist will provide cyber and physical security subject matter expertise and industry leadership in support of the ERO Enterprise’s evaluation and management of risks to the reliability, security, and resilience of the bulk power system (BPS). This role will coordinate and participate in industry stakeholder committees and working groups as well as lead and collaborate on various projects related to electric sector cyber and physical security risk mitigation. This role will help the ERO Enterprise integrate cyber and physical security into all aspects of system planning, operations, and restoration as well as strategically evaluate emerging technologies for their potential impacts to BPS security and reliability. This position reports to the Manager of Engineering and Security Integration and will participate on multiple cross-functional efforts with other departments within NERC, the Electricity Information Sharing and Analysis Center (E-ISAC), and industry stakeholder groups.

Your Role

Provide subject matter expertise and thought leadership in the fields of cyber and physical security to effectively evaluate and mitigate risks posed to the electric sector.
Identify and prioritize potential cyber and physical security risks to operational technology (OT)/industrial control systems (ICS); collaboratively develop white papers, guidelines, and frameworks to facilitate risk mitigation within the electric industry.
Support industry in integrating cyber and physical security concepts into engineering practices of system planning, design, and operation of the BPS.
In coordination with industry stakeholders, develop and refine recommended practices for the improvement of industry activities in operational preparedness and security incident response and recovery.
Provide support and technical leadership to industry-wide initiatives to help ensure a strong security posture for the electric sector; conceptualize, coordinate, and lead cyber and physical security-related projects and assist in the development of educational materials and programs for the industry.
Provide guidance and coordination in managing programs and processes to monitor, review, and evaluate the effectiveness of industry efforts to manage risks to BPS reliability from a cyber and physical security perspective.
Support industry efforts through participation and engagement with NERC Critical Infrastructure Protection (CIP) standards development activities.
Coordinate with internal NERC departments and the E-ISAC on relevant security-related initiatives.
Effectively communicate with industry stakeholders through coordinated engagements, presentations, seminars, conferences, and other industry forums.
Engage with NERC committees, subcommittees, working groups, and industry stakeholder groups as necessary on project activities through roles including coordination and administration.
Other duties as assigned.

Qualifications

The successful candidate will have at a minimum:

A bachelor’s degree from an accredited four-year college or university.
At least five years of experience working in OT/ICS environments, particularly in the energy sector.
Experience with OT/ICS cyber and physical security controls, tools, and technologies.
Familiarity with OT networks and systems security vulnerabilities.
Experience with the NERC CIP standards.
Experience working in or with utility environments that operate and control electric grid assets or other critical infrastructure.
Ability to manage projects and analytical experience.
Ability to work independently and proactively in a fast-paced environment.
Competence in interpersonal communications with the ability to interact diplomatically with people from many levels of industry and government.
Excellent oral and written communication skills, including editing and proofreading skills.
Proficiency in using Microsoft Office tools, including Word, Outlook, Excel, and PowerPoint.
Ability and willingness to travel as needed to attend conferences and industry forums.

Preferred candidates will also have:

Expertise in implementing security controls for OT/ICS environments.
Expertise in network discovery, vulnerability scanning, or penetration testing of OT networks.
Experience with full suite of NERC CIP standards.
Experience or familiarity with other compliance frameworks and/or audit experience with said frameworks.
CISSP, CISM, GIAC, GCIP, CRISC, or other security-related certification.
A master’s degree or higher in security-related fields.
Minimum five years’ technical cyber security and/or physical security experience, preferably in the electric sector, the utility industry, or another OT/ICS environment.
Understanding of law enforcement operations (especially regarding U.S. DOE, DHS, FERC, and FBI).
Military experience, particularly with physical security or cyber security.

Other

A background check will be conducted prior to employment.
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
This position has been classified as exempt.
The position may be based remotely but must be able to travel to NERC offices if needed. Reimbursement of travel expenses will be in accordance with the company’s travel and expense reimbursement policies.
Travel necessary. Passport required for travel within North America.

Our Culture Declarations

Everyone at NERC is a leader.
We are accountable personally and organizationally to deliver on commitments.
We develop ourselves and people in the organization to ensure that NERC realizes its strategic objectives.
We are resilient and adaptable to the challenges and needs of the business/people.
We exude a growth mindset and empower teams to take risks.
We build collaborative relationships within NERC, the ERO, and the stakeholders of NERC.
We exemplify NERC cultural behaviors:
- We reward high-quality, creative, and innovative work.
- We attract, engage, and retain top talent.
- We value and respect diverse perspectives.
- We provide a safe, inclusive, and collaborative work environment.
- We form strong relationships within the company and with the ERO Enterprise.
- We demonstrate curiosity in a wide variety of areas and are open to exploring new situations, knowledge, and opportunities for growth and development.
- We demonstrate an anticipatory mindset by preventing problems and building contingencies where appropriate.
- We champion diversity and inclusion by seeking out and valuing diverse perspectives.