Principal Cybersecurity Compliance Analyst
Listed on 2026-06-26
-
IT/Tech
Cybersecurity
What You Will Do
GFT is seeking a Principal Cybersecurity Compliance Analyst to join our Security and Safety team in Northern California. This role follows a hybrid work model, requiring regular attendance at the client’s office.
Responsibilities- Lead and support the development, implementation, and continuous improvement of governance, risk, and compliance (GRC) programs aligned with FERC (D2SI SPHP Section
9) and NERC CIP standards for PG&E’s power generation assets. - Develop, maintain, and operationalize policies, procedures, standards, and guidelines to meet regulatory requirements and industry best practices.
- Conduct compliance gap assessments, risk analyses, and control testing for cybersecurity and OT systems.
- Prepare and maintain audit-ready documentation, including compliance narratives, evidence repositories, and records retention practices.
- Coordinate and support internal and external audits, including NERC Regional Entity audits, spot checks, and self-certifications.
- Collaborate with cybersecurity, IT, OT, engineering, legal, and enterprise risk teams to align compliance requirements with business operations.
- Serve as a liaison between technical teams and compliance leadership to translate regulatory requirements into actionable controls.
- Track compliance metrics, risks, and issues; prepare reports and dashboards for leadership.
- Monitor regulatory developments, FERC and NERC standards changes, and enforcement trends.
- Support compliance training and awareness efforts for internal stakeholders.
- Assist in the integration of compliance controls into operational and cybersecurity processes.
- Participate in mock audits, tabletop exercises, and incident response planning.
- Bachelor’s degree in cybersecurity, information systems, engineering, business, or a related field.
- Minimum of 10 years of relevant experience in the power utility industry, with a focus on governance, risk, and compliance (GRC), cybersecurity, or operational technology.
- Deep working knowledge of NERC CIP standards and the FERC regulatory environment.
- Direct experience supporting NERC CIP audits (self-certifications, spot checks, or enforcement actions).
- Experience with compliance documentation, evidence collection, and audit support.
- Familiarity with electric utility operations, OT environments, or IC/SCADA systems.
- Strong analytical, organizational, and technical writing skills.
- Excellent communication and interpersonal skills, with the ability to work independently and collaboratively.
- Certification from a recognized risk, governance, or cybersecurity organization (e.g., CISSP, CISM, RIMS-CRMP, or equivalent) required.
- Experience in the energy sector, particularly power generation or utilities.
- PMP certification.
- Familiarity with SCADA/ICS systems and processes.
- Knowledge of related frameworks (e.g., NIST CSF, NIST SP 800‑53, ISO 27001).
- Experience in project management, including scope, schedule, and budget tracking.
- Involvement in professional organizations or industry committees.
The salary range for this role is $150,000 - $200,000. Salary is dependent upon experience and geographic location.
Benefits- Hybrid (in-person and remote) work environment.
- Comprehensive benefits package including wellness programs, parental leave, pet insurance, and medical, dental, vision, disability, and life insurance.
- Tax‑deferred 401(k) savings plan.
- Competitive paid‑time‑off (PTO) accrual.
- Tuition reimbursement for continued education.
- Commitment to professional development, access to internal and external training programs, and support of active participation in professional organizations.
- Incentive compensation for eligible positions.
GFT is an Equal Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veterans’ status, or other characteristics protected by law.
Applicants in the County of Los Angeles, the City of San Francisco, and the State of California with arrest or conviction records will be considered in accordance with applicable fair‑chance ordinances and laws.
Location & Employment DetailsLocations:
Sacramento, CA;
Roseville, CA;
Oakland, CA.
Core Business
Hours:
8:00 AM – 5:00 PM.
Employment Status:
Full‑Time.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).