×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Senior NERC CIP Compliance Analyst

Job in New Haven, New Haven County, Connecticut, 06540, USA
Listing for: GOEBEL FIXTURE COMPANY
Full Time position
Listed on 2026-06-23
Job specializations:
  • IT/Tech
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 130000 - 160000 USD Yearly USD 130000.00 160000.00 YEAR
Job Description & How to Apply Below
  • Base Pay $ - $ / Year
  • Employee Type Full Time Exempt
Description

The Sr. NERC CIP Compliance Specialist provides critical on-site leadership to protect and maintain the integrity of control and business networks at our Low and medium-impact generating stations. This role drives continuous compliance with NERC CIP cybersecurity standards, leads site security initiatives, and serves as the primary subject matter expert for station personnel. Operating as a key liaison, this position partners with cross-functional stakeholders to enforce a secure operational environment and ensure continuous audit readiness through rigorous evidence management.

Essential Duties and Responsibilities
  • Program Ownership:
    Build, optimize, and maintain on-site processes and documentation to ensure continuous adherence to NERC CIP standards.
  • Asset & Baseline Management:
    Maintain accurate cyber asset inventories and manage baseline change control workflows.
  • Audit Leadership:
    Lead RSAW/ERT preparation and submission for Regional Entity audits, spot checks, and compliance investigations.
  • Access Control:
    Maintain compliant physical and electronic security perimeters and access controls for all site assets.
  • Routine Compliance:
    Execute daily, monthly, quarterly, and annual CIP compliance activities in accordance with program procedures.
  • Liaison & RFI Coordination:
    Serve as the primary site contact for Regional Entities; coordinate cross-functional teams to fulfill RFIs and remediate findings.
  • Training Delivery:
    Deliver and support mandatory NERC CIP cybersecurity compliance training programs for site personnel.
  • Patch Management:
    Direct the end-to-end patch management lifecycle, ensuring BES Cyber Assets are monitored and updated within regulatory timelines.
  • Incident Response & Drills:
    Lead the annual testing, documentation, and reporting of the Cyber Security Incident Response Plan (CIP-008) and Recovery Plans (CIP-009).
  • Vulnerability Assessments (CIP-010):
    Orchestrate annual Critical Vulnerability Assessments (CVAs) while ensuring zero adverse impact to operational BES infrastructure.
  • Information Protection:
    Oversee the identification, classification, and secure handling of Bulk Electric System (BES) Cyber System Information (BCSI) to prevent unauthorized disclosure.
  • Supply Chain Risk (CIP-013):
    Lead supply chain risk assessments and collaborate with procurement/legal to enforce cybersecurity contract clauses.
  • Self-Assessments & Mitigation:
    Conduct proactive internal compliance self-assessments; manage the identification, self-logging, and mitigation of compliance deviations.
Requirements
  • Bachelor’s degree in Engineering, Computer Science, IT, Cybersecurity, or a related technical discipline (equivalent direct experience considered).
  • Minimum of 7–10 years of professional experience in regulatory compliance, power utility operations, or industrial cybersecurity.
  • At least 5 years of hands‑on experience implementing and managing a NERC CIP compliance program across Medium or High‑impact assets.
  • Demonstrated success drafting RSAWs, preparing ERT responses, and managing RFIs during Regional Entity audits or spot‑checks.
  • Deep operational understanding of the 35‑day patch/baseline lifecycle (CIP‑007/010), security perimeters (CIP‑005/006), and supply chain management (CIP‑013).
  • Ability to successfully pass a mandatory NERC CIP‑004 Personnel Risk Assessment and background check.
  • Ability to work full‑time on‑site at the designated facility, travel up to 25% as needed, and safely navigate physical plant environments.
  • Ability to perform physical job duties, including lifting to 25 pounds, climbing, bending, and working in industrial environments (Use of PPE is required).
Preferred Skills and Certifications
  • Prior experience working directly within a power generation plant, transmission control center, or EMS/GMS environment.
  • CISSP, CISA, or CISM certification.
  • SANS GIAC certifications, specifically GCIP or GICSP.
  • Established working relationships and direct audit experience with our specific Regional Entity (e.g., SERC, WECC, NPCC, RF, MRO, Texas RE).
  • Commitment to cybersecurity excellence and regulatory compliance is a must.
Summary

Applicants must possess a valid…

Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search