Skip Ribbon Commands
Skip to main content

Position Title

CIP Risk Assessment and Mitigation Engineer

Reports To

VP of Risk Assessment, Mitigation, and Standards


St. Paul, MN

Posted Date


Position Summary

​The CIP Risk Assessment and Mitigation Engineer is a highly regarded subject matter expert (SME) on control systems that are used to operate and monitor the Bulk Power System (BPS) and will use that knowledge to technically apply the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) security standards.

The CIP Risk Assessment and Mitigation Engineer analyzes the technical facts and circumstances associated with potential noncompliances to determine the risk they present to the reliability and security of the BPS, and works with Registered Entities (electric utilities) to implement mitigation plans.  The CIP Risk Assessment and Mitigation Engineer also reviews BPS events, such as Energy Management System (EMS) failures, loss of Inter-Control Center Protocol (ICCP) links, and non-convergence of State Estimator (SE) and Real-Time Contingency Analysis (RTCA) models.

Operations Technology (OT) / SCADA  network expertise is leveraged to fulfill the objectives of the position. The CIP Risk Assessment and Mitigation Engineer serves as a technical SME to other MRO departments and registered entities (electric utilities). The CIP Risk Assessment and Mitigation Engineer participates in North American-wide discussions with colleagues from NERC and other Regional Entities regarding the technical application of the CIP Standards, and delivers presentations at workshops, webinars, and conferences regarding the application of the CIP Standards to control systems, generation facilities, and substations. 

The CIP Risk Assessment and Mitigation Engineer must be able to lead a wide variety of analytical evaluations of technical difficulty and critical importance, and to exhibit independent expertise.  

Primary Responsibilities

​The CIP Risk Assessment and Mitigation Engineer will make decisions including independent and authoritative evaluation of:  (a) compliance discovery records; (b) entity mitigation plans to correct noncompliances; (c) acceptable entity settlements for correction of violations; (d) investigations of system events; and, (e) comprehensive tracking of process steps, evidence, reports, and activities.  The CIP Risk Assessment and Mitigation Engineer works directly with registered entities in order to obtain additional information pertaining to a noncompliance, as well as additional information requested by NERC staff, NERC Board of Trustees, and regulators.

Key responsibilities:

  1. Technically evaluate the facts and circumstances for possible noncompliances to determine the risk presented to the reliability and security of the BPS;
  2. Work directly with registered entities to obtain necessary information to support analyses, and to develop mitigation plans;
  3. Review and validate completion of mitigation plans as submitted by registered entities.
  4. Reviews BPS Events from a compliance perspective;
  5. Assists with Inherent Risk Assessments (IRAs)of entities used to develop risk-based compliance monitoring plans, particularly in the area of transmission and generation control systems, and substation networks;
  6. Assists with the development of outreach materials to assist registered entities in the implementation of CIP requirements;
  7. Coordinate and ensure records are in order for enforcement activities;
  8. May perform other duties related to the Compliance Monitoring and Enforcement Program (CMEP), as assigned or required; and
  9. Coordinate with Standards drafting teams on improvements to standards.



Bachelors or Masters Degree in Electrical Engineering.  Extensive, directly related experience may be considered in lieu of engineering degree, with an emphasis in OT/SCADA systems, analyzing and understanding system risk such as power systems operations, substation environments, and communication systems. 


  • Knowledge of cybersecurity frameworks such as NIST and NERC CIP Standards is highly desirable
  • Experience managing complex projects is helpful
  • Negotiation skills are desired
  • Consensus-building facilitation skills are essential
  • Relevant technical industry experience in at least one, or preferably more, of the following areas:
    1. EMS design, administration, and configuration,
    2. Distributed Control System (DCS) design, administration, and configuration in a power system generation environment,
    3. Network design, administration, and configuration,
    4. Real-time power system operations,
    5. Configuration of Intelligent Electronic Devices (IEDs) such as protective relays, Remote Terminal Units (RTUs), and Programmable Logic Controllers (PLCs) in a substation environment.

Knowledge and Abilities/Skills:

  1. Technical knowledge of factors involved in protection and control of the BPS, and the networks that support those systems.  Must possess a high degree of professional competence and skill; a working knowledge of power system operation and security principles.  Must demonstrate knowledge of the electric industry, electric power generation, transmission, and power system reliability.
  2. Ability to execute a wide range of complex analyses, reports, and investigations concerning the configuration and security of control systems used in power system control centers, substations, and generation facilities.
  3. Ability to conduct extensive investigations or reviews of events and complaints, determination of noncompliance with reliability standards, and evaluation of mitigation plans.
  4. Ability to effectively present research, findings, and recommendations; both orally and in writing, to a diverse audience of technical and non-technical professionals.
  5. Ability to provide clear, comprehensive reports and to present findings and recommendations to a diverse audience of professionals and non-professionals.
  6. Ability to work effectively in teams and to facilitate consensus-building among participants in the region.

Downloadable Job Posting

CIP Risk Assessment and Mitigation Engineer