Manager, OT Security & Compliance

Overview

About us:

Founded in 1990, LS Power is a premier development, investment, and operating company focused on the North American power and energy infrastructure sector, with leading platforms across generation, transmission and energy expansion solutions. Since inception, LS Power has developed or acquired 50,000 MW of power generation, including utility-scale solar, wind, hydro, battery energy storage, and natural gas-fired facilities. Through its transmission business, LS Power Grid, the company built and operates 780+ miles of high-voltage transmission and 7 transmission utilities and has another 375+ miles currently in construction or development. LS Power actively invests in and scales businesses that are meeting the growing needs of the energy expansion, including electric vehicle charging, demand response, microgrids, renewable fuels and waste-to-energy platforms. Over the years, LS Power has raised more than $76 billion in debt and equity capital to support North American infrastructure.

Our Purpose, Mission, & Values:

Our Purpose is to solve complex energy problems that improve the world

Our Mission is to make lives better by developing a cleaner and more reliable energy ecosystem

Our Values are the willingness to participate in and help strengthen our culture of integrity, Innovation, Teamwork, and Taking Ownership

Our People create value and are our Most Valuable asset. We take our values of Integrity, Innovation, Teamwork and Taking Ownership seriously and ask candidates to think about how they can help us further enhance our culture with their specific skillsets, capabilities and experiences.

Benefits

We provide our team the opportunity to share their unique perspectives, solve new challenges, and continue in their career growth. We are committed to supporting employees’ happiness, healthiness, and overall well-being by providing comprehensive benefits that include 100% employer paid premium healthcare, paid parental leave and more.

About the Role

LS Power Grid is seeking an Manager of OT Security & Compliance to lead two closely aligned teams within our Operations Technology organization: the OT Compliance Engineering team, responsible for operating and maintaining our core security tooling, and the OT Governance, Risk & Compliance (GRC) team, responsible for the policy framework, risk management, and regulatory compliance program that governs our OT environment.

A defining expectation for this role is the ability to bridge technical and non-technical worlds with equal precision. You will need to engage directly with your engineers on tool configurations, scan results, and control implementation — and engage directly with senior leadership, regulators, or auditors and communicate the same subject matter in terms of business risk, program posture, and organizational impact. That translation capability is not incidental to this role. It is central to how it operates.

Responsibilities

What Will You Do

OT Compliance Engineering Team Leadership

• Directly manage a team of OT Compliance Engineers responsible for operating Splunk (SIEM and log management), Nessus/Tenable (vulnerability scanning), and Tripwire (file integrity and configuration monitoring) in production OT environments.

• Ensure tool outputs are fully operationalized: alerts are triaged and actioned, vulnerability findings are tracked through remediation, configuration baselines are enforced, and compliance evidence is generated consistently and on schedule.

• Set performance expectations, conduct regular 1:1s and formal reviews, and develop engineers from compliance executors into deeper program owners with domain expertise.

• Build a team culture of documentation discipline and continuous audit readiness; establish and maintain evidence quality standards so the program is always prepared, not just ahead of scheduled engagements.

• Identify gaps in tooling coverage or team capability and develop justified proposals for headcount, tooling, or process improvements.

OT GRC Team Leadership

• Lead audit preparation and direct engagement with TRE, FERC, and NERC; serve as the primary signatory and point of contact for all regulatory correspondence and submissions.

• Own the full violation management lifecycle — self-identification, mitigation documentation, and corrective action plan development and tracking through closure.

• Own end-to-end compliance with CIP-006, CIP-007, CIP-008, CIP-010, and CIP-011; serve as the authoritative interpreter of CIP requirements for both your teams and peer functions.

• Monitor NERC, TRE, and FERC regulatory developments; assess impact of new or revised standards and drive program updates ahead of enforcement deadlines.

• Directly manage a team of OT GRC Analysts responsible for policy management, risk assessment, control framework maintenance, audit evidence coordination, and regulatory reporting.

• Own the OT GRC program end-to-end: policy library, standards, control framework, risk register, exception management, and governance reporting cadences.

• Maintain a living OT security risk register; ensure risks are formally assessed, assigned to owners, tracked to resolution, and reported to leadership with clear business context and recommended disposition.

• Develop and enforce OT security policies and procedures that satisfy regulatory obligations and are written to be operationally executable — not just audit-ready on paper.

• Support multi-entity expansion and new facility onboarding: manage compliance readiness for PSP and ESP certifications, NERC registration, and regulatory filings with long lead-time coordination across legal, engineering, and operations.

Stakeholder Communication & Organizational Bridging

• Communicate OT Security & Compliance topics effectively at every level of the organization: giving precise technical direction to your engineers, coordinating peer-to-peer with network, systems, and physical security teams, and delivering clear business-risk framing to senior leadership and executives.

• Translate technical findings — scan results, configuration gaps, evidence deficiencies, control failures — into language that non-technical stakeholders can act on, without sacrificing the accuracy or context that makes the communication meaningful.

• Serve as the organizational voice in external regulatory interactions, including TRE audit engagements, NERC inquiry responses, and FERC filings.

• Produce written communications across a wide range of formats and audiences: regulatory correspondence, executive briefings, team-facing work instructions, and vendor accountability documentation.

Qualifications

We Want You on Our Team Because You Have…

• 5+ years of progressive OT or ICS cybersecurity experience, with direct ownership of a NERC CIP compliance program at a registered entity and a demonstrated record of successful audit outcomes.

• Formal designation or functional experience as a manager or compliance program authority, with firsthand experience managing regulatory interactions with TRE, FERC, or NERC.

• Direct, production hands-on experience operating Splunk, Nessus or Tenable, and Tripwire or equivalent security tooling in OT or ICS environments.

• Proven experience directly managing both a technical operations team and an analyst/GRC team, including hiring, performance management, and developing staff into program ownership.

• Demonstrated ability to communicate technical OT Security & Compliance topics with equal clarity to engineers, peer managers, auditors, and executive leadership — adjusting framing and depth without losing accuracy.

• Strong working knowledge of CIP-006, CIP-007, CIP-008, CIP-010, and CIP-011, with the ability to interpret requirements, identify gaps, and build controls that satisfy both regulatory intent and operational reality.

• Experience building and maintaining GRC program components: risk registers, control frameworks, policy libraries, and exception management workflows.

• Excellent written communication skills across multiple document types: regulatory submissions, executive summaries, work instructions, and compliance evidence documentation.

• 7+ years of experience in OT/ICS cybersecurity or critical infrastructure protection, with at least 3 years in a compliance program leadership role at a NERC-registered entity.

• Named NERC CIP compliance program ownership with direct engagement in Regional Entity (TRE, WECC, RF, or equivalent) audit and enforcement processes.

• Demonstrated experience managing Splunk, Nessus or Tenable, and Tripwire or equivalent OT security tooling.

• Demonstrated experience managing both a technical security team and a GRC/analyst team simultaneously.

• Demonstrated ability to communicate OT Security & Compliance topics clearly and accurately across all organizational levels: from engineering staff through executive leadership, and to external regulatory bodies.

• Active security certification required: GICSP, CISSP, CISM, or GIAC equivalent.

• Bachelor’s degree in computer science, Information Systems, Engineering, or a related field; in lieu of degree, 10+ years of directly applicable OT/ICS security and compliance experience.

Ideally, You Also Have…

• Familiarity with IEC 62443, NIST SP 800-82, or NIST CSF as complementary frameworks to NERC CIP in OT environments.

• Experience with compliance evidence management platforms (AssurX or equivalent) and ITSM/CMDB tools (ChangeGear, ServiceNow, or equivalent).

• Background supporting multi-entity, multi-jurisdictional compliance programs across transmission and generation assets in different regional footprints.

• Active security certification: GICSP, CISSP, CISM, or GIAC equivalent.

• Bachelor’s degree in computer science, Information Systems, Engineering, or a related field; equivalent experience considered.

What Success Looks Like

• Within 3 Months: You took ownership of OT Security & Compliance, evaluated compliance and GRC posture across all relevant entities, built working relationships with both teams and key peer managers, and identified the most critical gaps in program coverage and evidence quality.

• Within 6 Months: Both teams are operating to consistent standards — your compliance engineers are producing evidence on schedule and your GRC analysts are maintaining a current risk register and policy library. You are the recognized internal point of contact for all regulatory matters. Stakeholders at every level are receiving communications from you that are calibrated to their context and actionable.

• Within 12 Months: The GRC framework is documented, enforced, and scaling to support new entities. The program is continuously audit-ready. You have measurably strengthened both compliance posture and team capability, and you are the trusted voice on OT security risk for your teams, your peers, and senior leadership.

Requirements

• 7+ years of experience in OT/ICS cybersecurity or critical infrastructure protection, with at least 3 years in a compliance program leadership role at a NERC-registered entity.

• Named NERC CIP compliance program ownership with direct engagement in Regional Entity (TRE, WECC, RF, or equivalent) audit and enforcement processes.

• Demonstrated experience managing Splunk, Nessus or Tenable, and Tripwire or equivalent OT security tooling.

• Demonstrated experience managing both a technical security team and a GRC/analyst team simultaneously.

• Demonstrated ability to communicate OT Security & Compliance topics clearly and accurately across all organizational levels: from engineering staff through executive leadership, and to external regulatory bodies.

• Active security certification required: GICSP, CISSP, CISM, or GIAC equivalent.

• Bachelor’s degree in computer science, Information Systems, Engineering, or a related field; in lieu of degree, 10+ years of directly applicable OT/ICS security and compliance experience.

Job Locations US-TX-Austin

ID 2026-1892

Category LSP GRID

Type Full Time