Director-NERC CIP Compliance

Director, NERC CIP Compliance

The Director, NERC CIP Compliance is responsible for establishing and leading the company's NERC CIP compliance program. This role owns program governance, standards interpretation, evidence management, internal controls testing, audit readiness, remediation tracking, and coordination with Cyber Security, IT, OT, Engineering, Operations, Legal, and Compliance teams.

The position serves as the primary subject matter expert for NERC CIP requirements and ensures the organization maintains a defensible, repeatable, and audit-ready compliance posture.

Responsibilities

Essential duties & responsibilities:

NERC CIP Program Leadership

• Own and lead the end-to-end NERC CIP compliance program, including interpretation and application of applicable CIP standards and requirements.
• Develop, maintain, and execute the NERC CIP compliance calendar, ensuring all periodic requirements, reviews, testing, and evidence collection activities are completed on time.
• Serve as the primary point of contact for NERC CIP compliance matters across Cyber Security, IT, OT, Engineering, Operations, Legal, and Compliance teams.

Compliance Execution & Evidence Management

• Define, document, and maintain compliance processes, procedures, controls, and supporting documentation required to meet NERC CIP obligations.
• Establish and manage an evidence management framework that ensures artifacts are complete, accurate, traceable, and audit-defensible.
• Coordinate and perform internal compliance reviews and self-assessments to validate ongoing adherence to NERC CIP requirements.
• Track, manage, and report on compliance gaps, remediation plans, exceptions, and corrective actions through closure.

Audit Readiness & Regulatory Interface

• Prepare the organization for NERC CIP audits, spot checks, and data requests, including coordination of evidence collection and stakeholder responses.
• Act as the primary liaison with auditors, regulators, and company stakeholders for NERC CIP matters.
• Support audit walkthroughs, interviews, and evidence reviews, and manage follow-up actions resulting from audit findings.

Cross-Functional Coordination

• Partner closely with OT engineering and operations teams to ensure controls are implemented in a manner that supports safe, reliable operations.
• Coordinate with Cyber Security Operations and Cyber GRC to align NERC CIP requirements with broader cyber security governance, policy, and risk management activities.
• Work with Legal and Compliance teams as needed to address regulatory interpretation, documentation, and response requirements.

Reporting & Continuous Improvement

• Develop and maintain metrics and reporting that provide leadership visibility into NERC CIP compliance status, risks, trends, and remediation progress.
• Identify opportunities to streamline compliance processes, improve evidence quality, and reduce audit risk through standardization and automation where appropriate.
• Stay current on changes to NERC CIP standards, guidance, and industry practices, and assess impacts to the organization.

Qualifications

Education:

• Bachelor's degree from an accredited institution in Electrical Engineering, Law, Information Security, Engineering, Information Systems, Computer Science, or a related discipline; or equivalent experience.

Experience/Specific Knowledge:

• Minimum of 10 years of experience leading, managing, or supporting NERC CIP compliance programs in power generation environments.
• Strong working knowledge of NERC CIP standards, compliance lifecycle, and audit expectations.
• Experience coordinating compliance activities across IT, OT, Engineering, and Operations teams.
• Familiarity with evidence management, internal controls testing, and audit readiness practices.
• Ability to translate regulatory requirements into practical, operationally feasible controls.
• Demonstrated ability to drive accountability across cross-functional teams without direct reporting authority.

Certifications, Licenses & Registrations:

• Must possess and maintain a valid driver's license and a driving record satisfactory to the company and its insurers (for travel).
• NERC-related or security certifications (e.g., CISSP, CISM, CISA, CRISC) preferred but not required.

Competencies, Skills & Abilities:

• Strong organizational and attention-to-detail skills with the ability to manage multiple compliance activities and deadlines simultaneously.
• Effective written and verbal communication skills, including the ability to clearly explain regulatory requirements to technical and non-technical stakeholders.
• Ability to work collaboratively across functional boundaries and influence decisions without direct authority.
• Sound judgment and professionalism when handling regulatory, compliance, and audit-related matters.
• Ability to bring structure to ambiguity and maintain focus on the highest-priority risks and obligations.

Physical Demands:

• Must be able to sit for prolonged periods of time.
• The employee is regularly required to use hands to type, touch, handle, or feel. The employee is required to talk and hear. The employee is frequently required to stand and reach with hands and arms. The employee is occasionally required to walk and climb or balance. The employee must regularly lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds.

Working Conditions:

• Will work non-traditional hours as needed.
• Required to carry a cell phone and be available to respond during working and non-working hours.
• Candidates will be required to clear a drug screen and complete a background check, including a credit report for certain positions after an offer has been extended and prior to being employed.

Supervisory Responsibility:

• Provide leadership for the NERC CIP compliance program, including direct management of assigned team members and coordination across cross-functional stakeholders.

Preferred Education, Experience, Certifications, Competencies, Skills & Abilities:

• Bachelor's degree in Electrical Engineering or Juris Doctor preferred.
• Experience standing up, leading, or maturing a NERC CIP compliance program.
• Experience supporting NERC CIP audits, spot checks, or regulatory inquiries.
• Experience in power generation or other critical infrastructure environments.
• Familiarity with OT/ICS security concepts and operational constraints.
• Experience developing compliance metrics, dashboards, and executive-level reporting.

Compensation:

• The annual salary range for this position will be $189,500-$284,300/yr.

Other Responsibilities:

• The above statements describe the general nature and level of work being performed. This position may perform other duties as assigned.