Be a Part of Something that Matters
At WECC, we affect the lives of 80 million people by mitigating risks to a reliable power system in the West. The grid is changing quickly as environmental regulations, economics, technology, and customer demands continue to push the power industry to new limits. As a Staff Compliance Auditor, Critical Infrastructure Protection (CIP), you will make a difference by ensuring compliance with the NERC Reliability Standards through partnership with registered entities in the Western Interconnection.
In your role as the Staff CIP Compliance Auditor, you will satisfy the audit schedule requirements of the Compliance Monitoring Enforcement Program (CMEP) according to the delegation agreement that WECC has with the North American Electric Reliability Corporation (NERC), the Electric Reliability Organization (ERO) of the Federal Energy Regulatory Commission (FERC). In addition, this position is a center point for cross-functional work with the Entity Risk Assessment and Enforcement & Mitigation teams in WECC. Your job level will be equal to the level of experience (Associate, Staff, or Senior).
A remote-work option may be considered for candidates outside of the Salt Lake City area, if located in the Western Interconnection.
- Conduct comprehensive cybersecurity audits of critical electricity infrastructure throughout western North America following NERC’s CIP Standards.
- Evaluate entities’ strategies for cybersecurity.
- Audit how entities deploy technical networks.
- Create and give professional presentations at NERC/WECC outreach events.
- Develop and update compliance status report
- Give SME and technical support to Entity Risk Assessment and Enforcement & Mitigation departments on self-reporting assessments and mitigation plan acceptance, including the review of evidence to confirm the entity’s return to compliance.
- Review mitigation plans and other mitigating actions taken by entities to restore compliance and reduce the likelihood of future noncompliance.
- Assist in the daily administration of the CMEP.
- Participate in ERO activities and working groups, as requested.
You will enjoy this role if—
- You hold a bachelor’s degree in information systems, electrical engineering, or a related field; or you have an equivalent combination of education and industry experience showing your ability to perform the duties of this position.
- You have at least three years of experience working on cybersecurity implementation or auditing in a regulated industry (electric utility or regulatory agency preferred).
- You have a working knowledge of:
- NERC CIP Standards;
- NERC/WECC CMEP;
- Generally Accepted Government Auditing Standards (GAGAS).
- You have experience in:
- Design or maintenance of SCADA/EMS;
- Development and implementation of cybersecurity strategies;
- Professional presentation development and delivery;
- CISA, CISSP, or related professional auditing or cybersecurity certifications;
- NERC Operations and Planning (O&P) Standards.
- You are experienced in professional presentation development and delivery.
- You are a current or previous certified auditor, such as Certified Internal Auditor, Certified Government Auditing Professional, Certified Quality Auditor.
- You can effectively engage and participate in stakeholder discussions and work as a stakeholder.
- You maintain excellent organizational skills and can work on many projects at once with only occasional guidance.
- You can and are willing to travel up to 50% of your work time.
At WECC we—
- Seek information and ask for help,
- Are accountable,
- Embrace the challenges and rewards of change,
- Treat everyone as a colleague,
- Pursue continuous learning,
- Focus on results over completing activities.
WECC offers an excellent benefits package, including medical, dental, vision, life insurance, short-term and long-term disability, a 401(k) plan, and paid personal time.
Be a part of something that matters!