ABOUT NPCC

Northeast Power Coordinating Council, Inc. (“NPCC”) is a not-for-profit corporation in the state of New York responsible for promoting and enhancing the reliability of the international, interconnected bulk power system in Northeastern North America. NPCC is one of six Regional Entities which, together with the North American Electric Reliability Corporation (“NERC”), make up the Electric Reliability Organization Enterprise. NPCC operates under a delegation agreement with NERC. This agreement recognizes that NPCC meets the qualifications for delegation of certain roles, responsibilities and authorities of a cross-border regional entity as defined by Section 215 of the Federal Power Act in the U.S. and through Canadian provincial regulatory and/or governmental Memoranda of Understanding (“MOUs”) or Agreements.
As a part of the ERO Enterprise, NPCC is committed to the collective vision of a highly reliable and secure North American bulk power system and shares the joint mission of assuring the effective and efficient reduction of risks to the reliability and security of the grid.
NPCC carries out this mission through (i) the development of regional reliability standards and compliance assessment and enforcement of continent-wide and regional reliability standards, coordination of system planning, design and operations, and assessment of reliability, (collectively, “regional entity activities”), and (ii) the establishment of regionally-specific criteria, and monitoring and enforcement of compliance with such criteria (collectively, “criteria services activities”). NPCC provides the functions and services for Northeastern North America of a cross-border Regional Entity through its regional entity division, as well as regionally-specific criteria services for Northeastern North America through its criteria service’s division.
The NPCC geographic region includes the State of New York and the six New England states as well as the Canadian provinces of Ontario, Québec and the Maritime provinces of New Brunswick and Nova Scotia. Overall, NPCC covers an area of nearly 1.2 million square miles, populated by more than 55 million people. In total, from a net energy for load perspective, NPCC is approximately 44% U.S. and 56% Canadian. With regard to Canada, approximately 65% of Canadian net energy for load is within the NPCC Region.

POSITION DESCRIPTION

The Senior CIP Compliance Analyst is responsible for participating as a compliance monitoring team member in making determinations of compliance with NERC Critical Infrastructure Protection (CIP) Standards and, under certain circumstances, NERC Operations and Planning (O&P) Standards.

EDUCATION AND CERTIFICATION/LICENSE CREDENTIALS

• Bachelor’s degree in Information Systems, Computer Science, Electrical Engineering or industry-related field of study with 5 or more years related industry experience; or equivalent combination of education and related industry experience showing the ability to perform major duties.
• 5 - 10 years of experience in the electric utility industry or related technical industry in at least one of the following discipline areas:
• Desktop and systems design
• Information security concepts and practices
• EMS and SCADA systems
• Networking
• Systems architecture
• Windows and Linux operating systems
• NERC CIP standards and related internal controls
• NERC/NPCC Compliance Monitoring and Enforcement Programs

PHYSICAL REQUIREMENTS

• Prolonged periods of working on a computer.
• Travel to main office and in-person meetings, as required (barring no restrictions based on travel or health advisories, or occupancy restrictions).
• Ability to work and travel within the U.S. and travel to Canada.

• Evaluates Registered Entity evidence, as an Audit Team member, to determine compliance with applicable NERC CIP Reliability Standards.
• Serves as the Audit Team Lead when assigned.
• Reviews the facts and circumstances of audit findings to provide input on initial root cause and risk to the Bulk Power System.
• Assesses the maturity of Registered Entities internal controls as part of document and evidentiary reviews.
• Creates sufficient documentation to support NPCC’s compliance determinations and ensures a complete and final record exists.
• Supports the Compliance Monitoring program with the creation and maintenance of compliance monitoring documentation, records, and metrics.
• Maintains awareness of NERC Rules of Procedure, NERC Reliability Standards, NERC Reliability Standards under development, and related projects and activities.
• Leads efforts to identify cyber and physical security trends within NPCC and develop “lessons learned” or other analysis documents.
• Provides subject matter expertise to the Entity Risk Assessment and Enforcement departments on completed compliance monitoring engagements; assessment and risk of potential non-compliances; and mitigation activities.
• Provides training, education, and communications to NPCC staff, Registered Entities, and ERO Enterprise staff.