Director NERC Compliance - Critical Infrastructure Protection #3916

Primary Purpose:

The Director, NERC CIP Compliance is responsible for establishing and leading the company’s NERC CIP compliance program. This role owns program governance, standards interpretation, evidence management, internal controls testing, audit readiness, remediation tracking, and coordination with Cyber Security, IT, OT, Engineering, Operations, Legal, and Compliance teams.

The position serves as the primary subject matter expert for NERC CIP requirements and ensures the organization maintains a defensible, repeatable, and audit-ready compliance posture.

Essential duties & responsibilities:

NERC CIP Program Leadership:

• Own and lead the end-to-end NERC CIP compliance program, including interpretation and application of applicable CIP standards and requirements.
• Develop, maintain, and execute the NERC CIP compliance calendar, ensuring all periodic requirements, reviews, testing, and evidence collection activities are completed on time.
• Serve as the primary point of contact for NERC CIP compliance matters across Cyber Security, IT, OT, Engineering, Operations, Legal, and Compliance teams.

Compliance Execution & Evidence Management:

• Define, document, and maintain compliance processes, procedures, controls, and supporting documentation required to meet NERC CIP obligations.
• Establish and manage an evidence management framework that ensures artifacts are complete, accurate, traceable, and audit-defensible.
• Coordinate and perform internal compliance reviews and self-assessments to validate ongoing adherence to NERC CIP requirements.
• Track, manage, and report on compliance gaps, remediation plans, exceptions, and corrective actions through closure.

Audit Readiness & Regulatory Interface:

• Prepare the organization for NERC CIP audits, spot checks, and data requests, including coordination of evidence collection and stakeholder responses.
• Act as the primary liaison with auditors, regulators, and company stakeholders for NERC CIP matters.
• Support audit walkthroughs, interviews, and evidence reviews, and manage follow-up actions resulting from audit findings.

Cross‑Functional Coordination:

• Partner closely with OT engineering and operations teams to ensure controls are implemented in a manner that supports safe, reliable operations.
• Coordinate with Cyber Security Operations and Cyber GRC to align NERC CIP requirements with broader cyber security governance, policy, and risk management activities.
• Work with Legal and Compliance teams as needed to address regulatory interpretation, documentation, and response requirements.

Reporting & Continuous Improvement:

• Develop and maintain metrics and reporting that provide leadership visibility into NERC CIP compliance status, risks, trends, and remediation progress.
• Identify opportunities to streamline compliance processes, improve evidence quality, and reduce audit risk through standardization and automation where appropriate.
• Stay current on changes to NERC CIP standards, guidance, and industry practices, and assess impacts to the organization.

Education:

• Bachelor’s degree from an accredited institution in Electrical Engineering, Law, Information Security, Engineering, Information Systems, Computer Science, or a related discipline; or equivalent experience.

Experience/Specific Knowledge:

• Minimum of 10 years of experience leading, managing, or supporting NERC CIP compliance programs in power generation environments.
• Strong working knowledge of NERC CIP standards, compliance lifecycle, and audit expectations.
• Experience coordinating compliance activities across IT, OT, Engineering, and Operations teams.
• Familiarity with evidence management, internal controls testing, and audit readiness practices.
• Ability to translate regulatory requirements into practical, operationally feasible controls.
• Demonstrated ability to drive accountability across cross-functional teams without direct reporting authority.

Certifications, Licenses & Registrations:

• Must possess and maintain a valid driver’s license and a driving record satisfactory to the company and its insurers (for travel).
• NERC‑related or security certifications (e.g., CISSP, CISM, CISA, CRISC) preferred but not required.

Competencies, Skills & Abilities:

• Strong organizational and attention-to-detail skills with the ability to manage multiple compliance activities and deadlines simultaneously.
• Effective written and verbal communication skills, including the ability to clearly explain regulatory requirements to technical and non-technical stakeholders.
• Ability to work collaboratively across functional boundaries and influence decisions without direct authority.
• Sound judgment and professionalism when handling regulatory, compliance, and audit-related matters.
• Ability to bring structure to ambiguity and maintain focus on the highest-priority risks and obligations.

Physical Demands:

All the physical requirements listed below are those that may be necessary for an employee to successfully perform the essential function of this job. Reasonable accommodations may be made for individuals with disabilities to perform the essential functions.

• Must be able to sit for prolonged periods of time.
• The employee is regularly required to use hands to type, touch, handle, or feel. The employee is required to talk and hear. The employee is frequently required to stand and reach with hands and arms. The employee is occasionally required to walk and climb or balance. The employee must regularly lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds.

Working Conditions:

• Will work non-traditional hours as needed.
• Required to carry a cell phone and be available to respond during working and non-working hours.
• Candidates will be required to clear a drug screen and complete a background check, including a credit report for certain positions after an offer has been extended and prior to being employed.

Supervisory Responsibility:

• Provide leadership for the NERC CIP compliance program, including direct management of assigned team members and coordination across cross-functional stakeholders.

Preferred Education, Experience, Certifications, Competencies, Skills & Abilities:
Above the minimum requirements, not required but advantageous in this position: 

• Bachelor’s degree in Electrical Engineering or Juris Doctor preferred.
• Experience standing up, leading, or maturing a NERC CIP compliance program.
• Experience supporting NERC CIP audits, spot checks, or regulatory inquiries.
• Experience in power generation or other critical infrastructure environments.
• Familiarity with OT/ICS security concepts and operational constraints.
• Experience developing compliance metrics, dashboards, and executive-level reporting.

Compensation:

• The annual salary range for this position will be $189,500-$284,300/yr.

Other Responsibilities: 

• The above statements describe the general nature and level of work being performed. This position may perform other duties as assigned. 

About Us:

Tallgrass was named one of the 2023 Top Workplaces USA and highlighted in Colorado's Top Workplaces for the past seven consecutive years. Tallgrass is a leading energy infrastructure company focused on safely, reliably, and sustainably delivering the energy and services that power our nation and enable our quality of life. 

At Tallgrass, we value our teams and strive to create an environment where employees feel respected, and their contributions are valued. We aim to support employees' physical, mental, and financial well-being through a comprehensive Total Rewards Program.

• Industry competitive pay.
• Health insurance package options that include Flexible Spending & Health Savings Accounts.
• Infertility Coverage.
• Parental Leave.
• 401(k) with up to a 6% match that vests immediately plus an employer discretionary contribution of up to 4%.
• Wellness Programs and Mental Health Resources.
• Employer-paid life insurance, short-term disability, and long-term disability coverage.
• Critical Illness & Accident Insurance.
• Vacation, sick days, paid caregiver leave, volunteer and bereavement paid time off.
• Identity theft protection.
• Annual discretionary bonus.
• Generous Tuition Reimbursement Program.
• Company-paid holidays and floating holidays.
• Company vehicle (if applicable).
• Employee discounts; vehicles, tires, cellular plans, and more.
• Networking and employee engagement events.
• Personal development to grow your career with us based on your strengths and interests.

Application Deadline:  
Recruiting timelines vary by position; however, all Tallgrass positions accept applications for at least five business days from the posting date. This position is open and still accepting applications.

Compensation : 
Compensation ranges are provided in good faith based on what we anticipate when researching wages for this position at the state and national levels. We may ultimately pay more or less than the posted range. This salary range may also be modified in the future.

Notice to External Search Firms : 
Tallgrass does not accept unsolicited resumes from search firms or employment agencies. Unsolicited referrals and resumes are considered Tallgrass property; therefore, Tallgrass will not pay a fee for any placement resulting from the receipt of an unsolicited referral. Approved vendors may be invited to refer talent for specific positions at Tallgrass's request only. A fully executed agreement with Tallgrass must be in place and current in these cases.

EEO Statement:
Tallgrass complies with all Equal Employment Opportunity (EEO) affirmative action laws and regulations. Tallgrass does not discriminate on the basis of age, race, religion, color, sex, national origin, marital status, genetic information, sexual orientation, gender Identity and expression, disability, veteran status, pregnancy status, or other status protected by law.