Infrastructure;Security;Support Services

Senior Cyber Security Risk & Governance Compliance Analyst



Apply Now

<< Return to Search Results

Title: Senior Cybersecurity Governance & Risk Compliance Analyst

Terms: 6-12 month contract to hire

Location: Remote until further notice

Brooksource is searching for a Senior Cybersecurity Governance and Compliance Analyst to join our Fortune 500 Utility partner located in Uptown Charlotte, NC for a 6-12 month contract with potential for extension or hire (currently remote.) Our ideal candidate is someone with working NERC CIP experience and has a depth of root cause/analysis understanding.

The NERC CIP Cybersecurity Governance and Risk Analyst is responsible for achieving team objectives for the enterprise North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Cybersecurity Compliance Program. This role works closely with multiple internal Business Areas to ensure effective, efficient and consistent adherence with the NERC CIP Standards and a strong compliance culture is achieved across the organization. This role includes developing and maintaining the Program Standards, Procedures, Processes and Tools in addition to performing quality assurance (QA) and validation of those Standards and Procedures to ensure compliance is achieved.


  • Produce and implement completed Possible Violation (PV), Self Reports (SRs), Cause Analysis, and Mitigation Plan documentation in support of Duke IT NERC CIP Compliance 
  • Ability to adapt to and learn new tools (e.g., KANBAN Board, CATSWeb)
  • Perform Quality Assurance reviews of NERC CIP documentation being presented to senior leadership
  • Flexibility – ability to work in changing environment: Incorporate and manage ad hoc requests
  • Be a Team player.
  • Ability to work effectively in stressful situations (e.g., NERC CIP Audits)
  • Provide leadership and mentoring to staff members to ensure quality work and improved performance and increased knowledge over time
  • Interact with functional leads and stakeholders across NERC CIP compliance groups to gather data, solicit inputs, negotiate corrective actions, and conduct follow up verifications
  • Support IT Compliance interactions with corporate compliance and with compliance teams from other business units; particularly as it relates to enterprise problems and solutions
  • Identify and escalate risks requiring attention by senior leadership
  • Plan and schedule daily work to meet established schedules and time obligations
  • Develop and/or enhance compliance procedures, processes, documentation and training
  • Apply process and controls knowledge to support NERC CIP compliance requirements
  • Communicate compliance information in a clear and concise manner
  • Perform quality assurance (QA) reviews and validation reviews of CIP-related implementations (processes, procedures, internal controls) and associated evidence to ensure compliance with NERC CIP cybersecurity policy (IT 503) and with the NERC CIP Standards
  • Develop interpretations of new CIP Standards using a variety of inputs such as regulatory guidance and industry benchmarking to produce unambiguous descriptions of compliance obligations for internal stakeholders to use as guidance for implementations
  • Develop modifications to the NERC CIP cybersecurity policy (IT 503) that are triggered by: new and/or changing NERC Standards, newly published guidance from the regulators, and by internal requests for improvements
  • Provide enterprise coordination, project oversight, reporting, and issue resolution for implementation of future versions of the NERC CIP Standards (e.g., CIP Version 6 for low-impact systems, CIP Version 7, etc.)
  • Prepare reports on the results of internal reviews of compliance evidence, including categorization of findings and recommendations to be addressed
  • Perform internal consulting with business area personnel to ensure that they understand, plan for, and implement compliance requirements
  • Perform training, change management, and communication support for CIP implementations and ongoing compliance activities
  • Provide leadership, support, input, and oversight for the implementation of the NERC CIP Recovery Plan
  • Influence new standard development through industry and regulator engagement
  • Ability to conduct challenging conversations in a tactful, professional manner
  • Models behaviors that promote effective interactions between individuals in a work group and between work groups
  • Ability to demonstrate a customer service-oriented attitude
  • Ability to perform day-to-day tasks with minimal direction

Working Requirements

  • Must pass a personnel risk assessment including seven (7) year background screening and annual cyber security training
  • Demonstrated focus on safety
  • Adhere to client's policies and ensure necessary administrative procedures are followed

Basic/Required Qualifications

  • Bachelors’ degree in a related field and four (4) or more years of utility, cyber security, auditing, compliance, regulatory or related experience; OR 10 or more years of utility, cyber security, auditing, compliance, regulatory or related experience without a degree

Desired Qualifications

  • Bachelor or Master degree in Information Technology, Information Systems Security, or Electrical Engineering
  • Four (4) or more years of experience working with the NERC CIP standards and requirements
  • Experience with large programs and efforts, particularly with Agile method experience
  • Understanding of basic principles of power system protection theory, practices, and application
  • Certified Information Systems Security Professional (CISSP) certification
  • Audit certifications such as: Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified
  • Government Auditing Professional Certification (CGAP), NIST Cybersecurity Framework (CSF) Foundation, etc.
  • Experience with implementing new enterprise processes and methods in environments with distinct departmental processes
  • Experience working effectively in a matrixed organization
  • Ability to communicate clearly, concisely and accurately with peers, customers, team members, and leadership verbally and in writing

Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.


Apply Now

Tagged as: Yes