Tri-State Generation and Transmission Association, Inc. Senior OT Cyber Security Engineer/Compliance - Exempt (IRC36366) in Westminster, Colorado
Brief Posting Description
Responsible for the administration, support and maintenance of cyber security systems and analyzing data to support objectives to identify, prevent, detect, respond, and recover Operational Technology (OT) systems and networks. Develops and implements strategies to reduce risk and improve the confidentiality, integrity and availability of OT systems and networks. Coordinates Enterprise Risk Management's regulatory compliance activities and is accountable for creating and presenting documentation to demonstrate compliance. Develops and maintains cybersecurity programs and procedures. The OT Cyber Security Engineer is responsible for being aware of the enterprise's security goals as established by its stated policies and procedures and actively work towards upholding those goals.
Tri-State recognizes the value of a highly-engaged and committed workforce and provides an excellent benefits program that includes: Medical Insurance, Dental Insurance, Vision Insurance Health Savings Account (HSA), Flexible Spending Accounts (FSA), Tuition Reimbursement, Flexible Work Schedules, Life Insurance, Retirement Security Pension Plan, 401K, Long Term Disability (LTD), Short Term Disability (STD), Employee Assistant Program (EAP) and Paid Leave Benefits.
Senior OT Cyber Security Engineer - Compliance
Hiring Salary Range: $99,000-$123,000
Actual compensation offer to candidate may vary outside of the posted hiring salary range based upon work experience, education, and/or skill level.
ESSENTIAL FUNCTIONS AND RESPONSIBILITIES
Direct, hands-on experience administrating and maintaining cybersecurity systems and platforms.
Ability to analyze cybersecurity logs and alerts to detect cybersecurity events and assist investigations.
Works with OT asset owners and vendors to deploy, maintain and enhance security solutions.
Implement and execute cyber security systems, controls and processes that support the enterprise's ability to protect, detect, respond, and recover OT systems.
Primary compliance coordinator for Enterprise Risk Management.
Organize, maintain, and present documentation to demonstrate compliance with NERC CIP and, Sarbanes Oxley (SOX) regulations for internal and external audits.
Liaise with OT asset owners and the Cyber Security Center (CSC) to respond to incidents.
Maintains and improves OT cybersecurity controls and processes to increase detection and response times.
Ability to identify cybersecurity risks and advise leadership with recommendations to decrease risk.
Determine baseline security configurations and network segmentation solutions.
Adhere to and demonstrate compliance with appropriate electric utility industry regulatory requirements. Attain knowledge and remain knowledgeable of development in regulations, laws, standards, and best practices applicable to the functional area including, but not limited to, Standards of Conduct, Environmental, Employment Law, NERC Reliability Standards and Safety. Must be familiar with, and comply with, all aspects of Corporate Policy C-54, Compliance.
Demonstrate behavior consistent with Tri-State's culture embodied in the Cooperative principles and spirit and core values of technical competency, respect and dignity, accountability, integrity, trustworthiness, and servant leadership to empower or otherwise enable others to optimally perform their job responsibilities.
Demonstrate and promote ethics and behaviors consistent with Tri-State's culture, Board policies, and business practices. Understand and fulfill the role and responsibility for all compliance programs within the company.
Because Tri-State is an electric utility with continuous service obligations to its customers, regular, reliable, and predictable performance of the essential functions and responsibilities is an essential function of the job.
Because Tri-State has an obligation to provide continuous, reliable electric service to its customers, the ability to work overtime at any time of the day or week is considered an essential function of the job.
- Perform other related duties as assigned
SUCCESS FACTORS/JOB COMPETENCIES:
Excellent written and verbal communication skills.
Ability to analyze complex issues and effectively communicate with various audiences.
Strong background with NERC CIP and SOX audit requirements.
Familiarity with information security, risk management, and governance standards and frameworks (e.g., NIST Cybersecurity Framework, ISO 27001, ISO 31000, and similar standards).
Background with OT systems (e.g., DCS, SCADA, PLCs, RTUs, HMIs, and other related systems).
Proven analytical problem-solving skills and investigation abilities.
Ability to effectively prioritize and execute tasks.
Highly motivated and self-directed.
Team-oriented person skilled in working within a collaborative environment.
Willingness to take on impromptu tasks.
REQUIRED JOB QUALIFICATIONS
Education and Training
Bachelor's degree in computer science, information technology, or other related area or equivalent combination of experience and education.
One or more of the following certifications:
Certified Information Systems Security Professional (CISSP)
GIAC Global Penetration Tester (GPEN)
GIAC Global Industrial Cyber Security Professional (GICSP)
Certified Ethical Hacker (CEH)
Certified Risk and Information Systems Control (CRISC)
Certified Information Systems Auditor (CISA)
Knowledge, Skills, and Ability:
Familiarity with OT environments.
Familiarity with governance and controls frameworks, such as International Organization of Standardization (ISO), Control Objectives for Information and Related Technology (COBIT), National Institute of Standards and Technology (NIST), Committee of Sponsoring Organizations (COSO) and Information Technology Infrastructure Library (ITIL).
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate option.
Ability to develop and maintain effective working relationships.
Eight (8) years of cyber security related experience.
Experience managing security systems.
Experience implementing security controls.
Experience developing security procedures and processes into formal documentation.
NERC CIP audit experience.
Experience developing and implementing incident response and disaster recovery planning and execution.
Experience with OT systems to include DCS, SCADA, PLCs, RTUs, HMIs, and similar systems.
Proficient with Microsoft Office applications.
Experience working in fast-paced environments and ability to manage workload even during times of stress or escalated activity.
- Willingness to travel for support, investigations, meetings, and training as needed. (Must possess a valid driver's license.)
DESIRED JOB QUALIFICATIONS
Hands on experience managing firewalls, monitoring sensors, MFA, SIEMs, Active Directory, Domain Controllers, IDS, AV, and virtual environments.
Project management experience.
Advanced Degree in a related discipline.
Power industry experience.
PHYSICAL AND MENTAL DEMANDS: The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of the position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Physical demands : While performing the duties of this position, the incumbent is primarily required to sit, stand, walk, stoop, bend and frequently utilize a keyboard/computer. Specific vision abilities include close vision, peripheral vision, depth perception and the ability to adjust focus.
Mental demands : While performing the duties of this position, the incumbent will be required to problem solve, read, write, and analyze data, work under schedules and deadline pressure, present information to others, work independently and use discretion and judgment for confidential or sensitive projects/issues.
Work Environment : While performing the duties of this position, the employee primarily works in an indoor office environment but will occasionally travel to generation plants, substations, and other facilities as needed. Employee may be exposed to dust, noise, large industrial rotation equipment, traveling in varying weather conditions, and electrical risks associated with working around high voltage substation equipment and facilities.
All employees interested in this position may apply online at the Tri-State Intranet site.
Click on Job Postings, then click on the iRecruitment link, Log In, then click on the iRecruitment Employee Candidate link and then click on Search for jobs.
Tri-State Generation and Transmission Association is a wholesale electric power supplier owned by the 43 electric cooperatives that it serves. Tri-State generates and transmits electricity to its member systems throughout a 200,000 square-mile service territory across Colorado, Nebraska, New Mexico and Wyoming.
Serving approximately 1.5 million consumers, Tri-State was founded in 1952 by its member systems to provide a reliable, cost-based supply of electricity. Headquartered in Westminster, Colo., about 1,480 people are employed by Tri-State throughout its four-state service area.
Tri-State's power is generated through a combination of owned baseload and peaking power plants that use coal and natural gas as their primary fuels, supplemented by purchased power, federal hydroelectricity allocations and renewable resource technologies. Tri-State delivers power to its members through a transmission system that includes substation facilities, telecommunications sites and over 5000 miles of high voltage transmission lines.
Interested? Here is how to Apply:
Go to www.tristategt.org/ and click on the 'Careers' Link. Search for Job and click 'Apply Now' Icon. You will be required to register in order to apply.
Tri-State: Join the people behind the power. Tri-State recognizes the value of a highly-engaged and committed workforce and provides an excellent benefits program that includes medical, dental, retirement and life insurance. Please visit our careers site at www.tristategt.org/careers/ for more details.
Equal Opportunity Employer - Minority/Female/Disabled/Veteran
Tri-State Generation and Transmission Association, Inc.
- Tri-State Generation and Transmission Association, Inc. Jobs