• CIP Compliance Analyst

    Job Locations US-MA-Andover
    Job ID
    # of Openings
    NERC Compliance
  • Overview

    The role of the CIP Compliance Analyst is to support the ongoing implementation and monitoring of EGP’s Compliance Monitoring and Enforcement Program (CMEP). The CIP Compliance Analyst in this role is responsible for oversight and administration to ensure compliance with all NERC CIP requirements for which Generation ICS, Operations, and Physical Security are the primary responsible stakeholders. The position coordinates activities with responsible stakeholders for scheduled compliance checks, self-certifications, audit preparation, self-reporting, remediation plans, and stakeholder training. This role involves coordination of NERC deadlines and the implementation of compliance activities by key CIP stakeholders as well as analysis and organization of evidence that demonstrates compliance. The CIP Compliance Analyst will support the CIP Manager in implementing a premier culture and record of compliance with North American Electric Reliability Corporation (NERC) standards.


    • Assist NERC Compliance Group (NCG) in assigning and tracking ongoing CIP stakeholder action items that are required to remain compliant as well as for remediation and corrective actions.
    • Coordinate reviews of Medium Impact Network topology for vulnerabilities/changes to configuration(s) for both electronic and physical perimeters.
    • Documentation control and evidence retention and organization in SharePoint CKS platform (information repository).
    • Responsible for the development, enhancement and maintenance of the NERC CIP Compliance procedures, processes, and general operation of the compliance program and its related activities, incorporating lessons learned and enhancements needed pursuant to compliance monitoring activities.
    • Cybersecurity Awareness direct communications (emails, posters, monthly presentations).
    • Participate in NCG Quarterly Standards reviews and compliance assessments with each applicable CIP standard. This includes remaining current on FERC Orders that impact 693 and CIP Standards enforcement and effective dates.
    • NERC Alert.com administration

    o     Acknowledgements

    o     Entity responses

    o     Administer required actions (where applicable)

    • MRO Portal administration

    o     Self-certifications

    o     Data requests

    • Assists in conducting compliance reviews, investigations, preparation and audits to assess compliance with NERC CIP Regulations and Standards:

    o     NERC 706 Critical Infrastructure Protection Reliability Standards

    • Perform periodic required reviews/verifications and program maintenance with regards to the following standards; CIP-002, CIP-003 and CIP-004. This involves quarterly and annual reviews.


    • Supporting the monitoring and enforcement of higher priority CIP standards for this role including all requirements within these standards:


    o   CIP-005 - Electronic Security Perimeter

    R1 – Electronic Security Perimeter(s) verification and management


    o   CIP-007 – Systems Security Management

                   R1 – Ports and Services

                   R2 – Security Patch Management

                   R3 – Malicious Code Prevention

                   R4 – Security Incident and Event Monitoring (SIEM)

                   R5 – System Access Controls


    o   CIP-008 – Cybersecurity Incident Reporting and Response

                   R1 – Cybersecurity Incident Response Plan


    o   CIP-009 – Recovery Plan(s) doe BES Cyber Systems

    R1 – Recovery Plan reporting and support during an actual system recovery


    o   CIP-010 – Configuration Change Management Control

                   R1 – Configuration change monitoring and management


    Other Duties

    The CIP Compliance Analyst role will also participate in the analysis and preparation of CIP standards subject to future enforcement and the impact on Enel, such as CIP-003-7 and CIP-013.



    • BS degree in Computer Science, Information Systems or related field.
    • Preferred CISA Certification.
    • Experience in the energy industry is desirable.
    • Minimum 3-5 years of Information Technology system auditing and testing.
    • Working knowledge of NERC Reliability Standards.
    • Excellent organizational, time management and project management skills required.
    • Ability to work with and analyze data-intensive and detailed information, and to draw meaningful conclusions from that information. Computer skills including proficiency in Word, Excel and PowerPoint. Proficiency in SharePoint is a plus.
    • Ability to work off deadlines and meet them.
    • Ability to deal effectively with regulators, auditors, and stakeholders.
    • Excellent verbal and written communications skills to work effectively with a variety of Subject Matter Experts across different departments within Enel.
    • Excellent verbal and written communications skills to effectively state and justify Enel’s positions before regulatory agencies and organizations.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.