The CIP Risk Assessment and Mitigation Engineer is a highly regarded subject matter expert (SME) on control systems that are used to operate and monitor the Bulk Power System (BPS) and will use that knowledge to technically apply the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) security standards.
The CIP Risk Assessment and Mitigation Engineer analyzes the technical facts and circumstances associated with potential noncompliances to determine the risk they present to the reliability and security of the BPS, and works with Registered Entities (electric utilities) to implement mitigation plans. The CIP Risk Assessment and Mitigation Engineer also reviews BPS events, such as Energy Management System (EMS) failures, loss of Inter-Control Center Protocol (ICCP) links, and non-convergence of State Estimator (SE) and Real-Time Contingency Analysis (RTCA) models.
Operations Technology (OT) / SCADA network expertise is leveraged to fulfill the objectives of the position. The CIP Risk Assessment and Mitigation Engineer serves as a technical SME to other MRO departments and registered entities (electric utilities). The CIP Risk Assessment and Mitigation Engineer participates in North American-wide discussions with colleagues from NERC and other Regional Entities regarding the technical application of the CIP Standards, and delivers presentations at workshops, webinars, and conferences regarding the application of the CIP Standards to control systems, generation facilities, and substations.
The CIP Risk Assessment and Mitigation Engineer must be able to lead a wide variety of analytical evaluations of technical difficulty and critical importance, and to exhibit independent expertise.
The CIP Risk Assessment and Mitigation Engineer will make decisions including independent and authoritative evaluation of: (a) compliance discovery records; (b) entity mitigation plans to correct noncompliances; (c) acceptable entity settlements for correction of violations; (d) investigations of system events; and, (e) comprehensive tracking of process steps, evidence, reports, and activities. The CIP Risk Assessment and Mitigation Engineer works directly with registered entities in order to obtain additional information pertaining to a noncompliance, as well as additional information requested by NERC staff, NERC Board of Trustees, and regulators.
Bachelors or Masters Degree in Electrical Engineering. Extensive, directly related experience may be considered in lieu of engineering degree, with an emphasis in OT/SCADA systems, analyzing and understanding system risk such as power systems operations, substation environments, and communication systems.
Knowledge and Abilities/Skills: