Medical, Dental, Vision, Disability, Life, AD&D and Pet Insurance, Pension Plan, 401k and 401k match, HSA and FSA, Paid Time Off, Tuition Reimbursement, Parental Leave
Pay Grade: M08
Assures compliance with NERC (North American Electric Reliability Council) CIP (Critical Infrastructure Protection), reliability standards by combining strong background in compliance environments with technical expertise in one or more of the following areas: Active Directory administration, Server/System Administration (Windows, Linux, virtualization, etc.) firewall administration, and/or database administration. Ensures the security and reliability of Hoosier Energy's critical infrastructure systems, while also maintaining compliance with NERC CIP standards.
DUTIES AND RESPONSIBILITIES
- Lead efforts to establish, implement, and maintain compliance with NERC CIP standards across critical infrastructure systems.
- Stay current with evolving NERC CIP regulations and guidelines, interpreting their implications for the organization and providing actionable recommendations.
- Collaborate with cross-functional teams, regional entities, NERC, consultants, and other third parties to develop and execute compliance strategies, ensuring alignment with industry best practices.
- Advise SME’s responsible for systems in-scope for NERC CIP, ensuring proper access controls, authentication, and authorization mechanisms are in place.
- Review change tickets for items including but not limited to firewall administration (including rule management), intrusion detection/prevention systems, system changes, etc.
- Advise SME’s responsible for handling database administration tasks such as performance optimization, security configurations, and backups/restores to ensure data integrity and availability.
- With third parties, conduct comprehensive risk assessments of critical infrastructure systems, identifying vulnerabilities and potential threats.
- Develop and recommend mitigation strategies to address identified risks, coordinating with relevant teams to implement necessary safeguards.
- With the cybersecurity team and SME’s, develop incident response procedures, providing technical expertise to assist SME’s ability to investigate and resolve security incidents in a timely manner.
- Collaborate with IT and security teams to analyze incidents, assess impact, and implement corrective actions to prevent future occurrences.
- Maintain accurate and up-to-date documentation related to NERC CIP compliance activities, technical configurations, and security measures.
- Prepare detailed reports and presentations for internal and external stakeholders, highlighting compliance status, risks, and recommendations.
- Other duties as assigned in order to meet time sensitive deadlines or compliance goals.
- Bachelor’s Degree in a related field preferred
- Relevant industry or vendor certifications such as Microsoft, Cisco, VMWare, CISSP, CISM, etc. preferred
- 5 years’ experience in an environment subject to NERC CIP compliance required minimum
Skills and Abilities:
- Ability to exercise flexibility to work effectively in a changing environment
- Strong problem solving and decision-making skills to identify, anticipate and resolve problems at hand
- Ability to manage multiple projects with varying scopes and timelines
- Ability to communicate with individuals at all levels and work as part of a team
- Strong written and oral communication skills
- Strong organizational skills and attention to detail
- Intermediate computer skills including Microsoft Office Suite
- Ability to design and initiate risk-based, complex IT and OT system compliance assessments
Hoosier Energy is an Equal Opportunity Employer and prohibits discrimination on the basis of race, color, religion, national origin, sex (including pregnancy and gender identity), sexual orientation, age, ancestry, genetic information, disability, veteran status or any other characteristic protected by federal, state or local laws.