We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
NRG Energy jobs

Compliance Analyst, NERC CIP

NRG Energy
United States, Texas, Houston
Apr 15, 2025

Welcome to the intersection of energy and home services. At NRG, we're all about propelling the next generation of leaders forward. We are driven by our passion to create a smarter, cleaner and more connected future. We deliver innovative solutions that make our customers' lives easier-helping them power, protect, and intelligently manage their homes and businesses. To do this, we need creative and talented people to join our company.

We offer a dynamic work environment and a unified and inclusive culture. NRG fosters a strong sense of belonging that leads to better collaboration and business performance. Our company programs are designed to help employees develop the skills they need for success now and in the future. In everything we do, we aim to champion our employees and bring value to our customers, investors and society.

More information is available at www.nrg.com. Connect with NRG on Facebook, Instagram, LinkedIn and X.

Job Summary:

This position will be part of the Regulatory Compliance team within the NRG Legal Department. NERC CIP Regulatory Compliance executes on the implementation of a framework to ensure OT security practices remain observant of all compliance directives, specifically the NERC Critical Infrastructure Protection (CIP) Standards. This position will provide support to ensure NRG adapts to emergent and ever-changing cyber security regulations while working to continually improve NRG's regulatory compliance posture.

Re

Responsibilities:

The successful candidate will:

  • Provide oversight for all aspects of and task-components related to compliance with NERC CIP Standards, including sustaining compliance with new and developing versions of CIP (or other applicable cyber security) standards.
  • Interpret NERC CIP and other applicable cyber security standards and evaluate the business implications of existing, new, and revised NERC, Regional, Federal (CISA, TSA, etc.) standards; coordinate review of new/revised standards with internal stakeholders and formulate collective feedback to be provided to appropriate regulatory bodies.
  • Act as the Regulatory Compliance liaison with plant management, plant NERC compliance, IT, Engineering, Commercial Operations, Enterprise Security, and OT Security to ensure strict compliance with NERC CIP standards.
  • Monitor and assist in the development of internal controls necessary to maintain adherence to NERC CIP requirements, internal policy, and other applicable cyber security standards. Assess evidence of compliance gathered by business unit subject matter experts to determine its applicability and completeness for demonstrating compliance to NERC and Regional standards.
  • Identify and investigate potential anomalies and/or non-compliances and escalate to management, as necessary; perform root cause analyses and develop corrective actions to mitigate the potential reoccurrence of near-misses and/or non-compliances. Assist in the preparation of self-reports.
  • Provide guidance to OT Security, Plant Operations, Commercial Operations, and Enterprise Security in the development of any policies, procedures, plans, or work instructions necessary to support NERC, Regional, and Federal (CISA, TSA, etc.) standards.
  • Assist OT Security and Technical Training teams in the development of CIP related training and support roll-out of training at the plant and corporate levels to support NERC compliance activities.
  • Support and assist in all efforts to prepare, draft, and coordinate materials responsive to self-certifications, spot checks, audits (internal and external), Inherent Risk Assessments, Entity Risk Profile Questionnaires, and other Requests for Information.
  • Conduct periodic CIP compliance assessments of NRG's program and accompanying internal documentation, identify and communicate any potential deficiencies, areas for continuous improvement, and/or other findings.
  • Support compliance reviews (including zero-day compliance evaluations) and evidence gathering pertaining to any asset acquisitions, divestitures or new asset CIP impact categorizations.
  • Performs other duties as assigned by Director, Regulatory Compliance - NERC CIP.

Qualifications:

  • Associate's or Bachelor's degree in computer science, cyber security, business administration, or related field. Experience will be considered in lieu of college degree requirement.
  • At least 0-2 (SpecialistI), 2-4 (Specialist II), 4-6 (Specialist III), 6-8 (Specialist Sr.) years of work experience in regulatory compliance, audit, or cyber security, preferably within the electric utility sector.
  • Knowledge and/or understanding of one or more of the following cyber security frameworks: NERC CIP, NIST CSF, ISO 27001, NIST 800-53, COBIT, HITRUST.
  • Demonstrated ability to effectively communicate (verbal and written) with all levels of internal or external groups.
  • Ability to prioritize job requirements in a high pressure, multi-task environment
  • Strong organizational and project management skills.
  • Strong interpersonal skills, including the ability to facilitate, coordinate and lead work teams.
  • Strong analytical and problem-solving skills with attention to detail and accuracy.
  • Flexibility to work in fast-paced, lean environment; effective managing multiple issues simultaneously; able to adapt quickly to new situations.
  • Proficiency in Microsoft Office Suite software (Word, PowerPoint, Excel).

Preferred:

  • Bachelor's degree in computer science, cyber security, business administration, or related field.
  • Professional certification such as CISA, CISM, CISSP, or CRISC.
  • Experience implementing NERC CIP standards or one or more of the following cyber security frameworks: NIST CSF, ISO 27001, NIST 800-53, COBIT, HITRUST.
  • Experience writing policies and procedures for a NERC CIP program; experience drafting RSAWs and preparing or presenting evidentiary documentation.
  • Experience interfacing with external regional regulators (ReliabilityFirst, TexasRE, SERC, etc.).
  • Hands-on experience in the regulatory compliance, audit, or cyber security field.
  • Experience with Power Generation or Transmission assets.
  • Experience with the NERC Align and SEL tools.
  • Experience with compliance management software, such as Sigmaflow, RSA Archer.
  • Familiarity with networks, change management, anti-malware, configuration baselines, patching or other security practices.
  • Knowledge of firewalls, switches, routers, Windows, Unix/Linux operating systems.

NRG Energy is committed to a drug and alcohol-free workplace. To the extent permitted by law and any applicable collective bargaining agreement, employees are subject to periodic random drug testing, and post-accident and reasonable suspicion drug and alcohol testing. EOE AA M/F/Protected Veteran Status/Disability. Level, Title and/or Salary may be adjusted based on the applicant's experience or skills.

EEO is the Law Poster (The poster can be found at http://www.eeoc.gov/employers/upload/poster_screen_reader_optimized.pdf)

Official description on file with Talent.

Applied = 0
MORE JOBS LIKE THIS

(web-77f7f6d758-swlff)