Tri-State Generation and Transmission Association, Inc. CIP Program Manager (IRC28072) in Westminster, Colorado
The CIP Program Manager is responsible for the development, implementation, and maintenance of a strategy and program to effectively oversee and coordinate the compliance with the North American Electric Reliability Corporation's (NERC) Critical Infrastructure Protection (CIP) Reliability Standards, across all responsible Business Units. Responsible for providing leadership, direction, project management, and subject matter expertise to all internal impacted personnel regarding compliance with NERC CIP standards as well as other regulatory initiatives such as NERC alerts and related policy matters. Under proper Delegation of Authority may from time to time fill in for the Senior Manager, Reliability Compliance.
ESSENTIAL FUNCTIONS AND RESPONSIBILITIES:
Compliance Program Management:
- Develop and lead administration of NERC CIP-related compliance policies, programs and procedures.
- Identify and recommend programs and initiatives to ensure all relevant systems and processes are compliant and effective for long-term success.
- Anticipate and plan for changes in compliance program requirements at the national and regional levels.
- Track documentation (compliance evidence) sent and received to/from Subject Matter Experts (SMEs) and cooperative members in response to specific requests and linked to specific CIP Standards requirements.
- Review and transmit correspondence from NERC, WECC, and MRO to appropriate SMEs and cooperative members.
- Timely notify and engage the Sr. Manager, Reliability Compliance when instances of critical resource or schedule issues become apparent.
- Prepare updates to management on the status of programs, plans, reports, and related documents.
Controls Framework Assessment:
- Identify compliance controls for all relevant Business Units and develop plans to monitor them.
- Identify control gaps; recommend process improvements to remediate gaps.
- Conduct risk-based security assessments and identify risks and process gaps in existing processes, procedures and systems.
- Lead tracking, identification and disposition of potential instances of noncompliance with CIP standards, including leading investigations.
- Analyze results and document conclusions and remediation plans.
- Develop and present briefings on industry and/or Tri-State incidents.
Analysis and Implementation:
- Provide technical advice and assistance on the interpretations of CIP Reliability Standards, and ensure consistent application across all responsible Business Units.
- Lead research and impact analysis of new CIP standards. Convene subject matter experts and compliance coordinators to address implementation challenges and develop detailed project scope.
- Develop compliance mechanisms for execution by the various Tri-State Business Units.
- Oversee the work of teams charged with the development and implementation of compliance processes and procedures. Teams may include management and SMEs from the various Business Units that are stakeholders in compliance.
- Develop time lines and oversee gathering and review of compliance evidence.
Internal and External Relationships:
- Under proper Delegation of Authority may perform the duties of the Senior Manager, Reliability Compliance to include the supervision of the Reliability Compliance Group employees.
- Directly coordinate the work of CIP Reliability Compliance Analysts, SMEs, or other administrative staff as needed.
- Establish and maintain effective relationships with industry, regional entities and internal stakeholders to allow for effective achievement of business goals and compliance with requirements.
- Adhere to and demonstrate compliance with appropriate electric utility industry regulatory requirements. Attain knowledge and remain knowledgeable of development in regulations, laws, standards and best practices applicable to the functional area including, but not limited to, Standards of Conduct, Environmental, Employment Law, NERC Reliability Standards and Safety. Must be familiar with, and comply with, all aspects of Corporate Policy C-54, Compliance.
- Demonstrate behavior consistent with Tri-State's culture embodied in the Cooperative principles and spirit and core values of technical competency, respect and dignity, accountability, integrity, trustworthiness, and servant leadership to empower or otherwise enable others to optimally perform their job responsibilities. Demonstrate and promote ethics and behaviors consistent with Tri-State's culture, Board policies, and business practices. Understand and fulfill the role and responsibility for all compliance programs within the company.
- Because Tri-State is an electric utility with continuous service obligations to its customers, regular, reliable, and predictable performance of the essential functions and responsibilities is an essential function of the job.
- Because Tri-State has an obligation to provide continuous, reliable electric service to its customers, the ability to work overtime at any time of the day or week is considered an essential function of the job.
OTHER DUTIES AND RESPONSIBILITIES:
- Perform other related duties as assigned
SUCCESS FACTORS/JOB COMPETENCIES:
- Planning: ability to think ahead and plan within timelines and resources; develop scopes, plan and schedule work; set priorities and goals; anticipate and adjust for problems; evaluate workloads; measure and evaluate performance against established goals.
- Time management: ability to successfully plan and implement objectives within established timelines and work schedules and adhere to set response times, deadlines, and time-sensitive tasks.
- Ability to analyze problems and develop effective solutions at both strategic and functional levels.
- Demonstrate behavior consistent with company values.
- Excellent interpersonal and communication skills.
- Strong team player: accomplishes tasks by working with others and being a good team player. Recognizes how his/her decisions may impact others; seeks input from others.
- Computer proficiency in operating a personal computer and standard business office applications including Microsoft Office suite, databases, and other related applications.
- Ability to work independently, with minimal direction as a highly motivated self-starter.
REQUIRED JOB QUALIFICATIONS:
Education and Training:
- Bachelor's degree in Computer Science, Information Science, Electrical Engineering, Business Administration, Business Process Management, or equivalent experience.
Knowledge, Skills, and Ability:
- Knowledge of risk assessments techniques and controls frameworks.
- Knowledge of change management, incident reporting and response planning.
- Knowledge of business continuity processes and disaster recovery.
- Knowledge of enterprise security architecture, network design, and operational risk management.
- Ability to multitask and work effectively with Subject Matter Experts.
- Ability to maintain effective working relationships and team work.
- Advanced problem-solving skills including ability to consistently use logic or scientific thinking to define problems, collect information, establish facts and draw valid conclusions.
- Intermediate decision-making skills and ability to follow through on decision-making tasks.
- Advanced written and oral communication skills including ability to communicate and problem solve under stress.
- Advanced analytical thinking skills.
- Advanced diplomacy skills.
- Ability to respond and adapt to frequent change, including reprioritization of tasks.
- Ability to follow accuracy standards.
- Advanced organization and prioritization skills
- Minimum of eight (8) years' experience in compliance, including at least three years NERC CIP compliance implementation or oversight.
Minimum of eight (8) years' combined experience in any of the following:
a. Information Technology (IT) security and management,
b. IT auditing,
c. COBIT and/or COSO framework implementation or oversight,
d. NIST 800 series implementation or oversight,
e. or other comparable experience with an emphasis on technical and security domains.
- Willingness to travel as required. (Must possess a valid driver's license.)
- Must be able to demonstrate that he/she can perform all of the essential functions of the position.
DESIRED JOB QUALIFICATIONS:
- Certified Information Systems Security Professional (CISSP) certification or other comparable certification.
- Project management experience and certification.
PHYSICAL AND MENTAL DEMANDS: The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of the position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Physical demands: While performing the duties of this position, the incumbent is required to sit for long periods of time, occasionally stand, walk, stoop, bend, and reach above and below shoulder level. Incumbent is frequently required to use hands and fingers to handle, or feel objects, tools, or controls, talk and hear.
- Mental demands: While performing the duties of this job, the incumbent is required to read, write, perform basic math, analyze data and reports, exercise judgment, develop plans, procedures and goals, and present information to others and work under pressure. This position requires incumbent to possess substantial cognitive abilities.
- Work Environment: While performing the duties of this position, the incumbent is occasionally exposed to dirt/dust, chemicals, confined areas and noise. Most duties are performed indoors and at a desk, operating office equipment.
Job Title: CIP Program Manager (IRC28072)
Location: Westminster, CO, US
Base Location: Headquarters - Westminster, CO
Amount of Travel: Up to 10%
Equal Opportunity Employer – Minority/Female/Disabled/Veteran