Cyber Compliance Specialist - NERC CIP

Date: Nov 18, 2024

Location: RICHMOND, VA, US, 23219

Company: Dominion Energy

 

Dominion Energy is committed to providing reliable, affordable, and increasingly clean energy that powers our customers every day. If you want to work for a purpose-driven company that values safety and collaboration, we’re looking for you. You won’t just find a job here; you’ll find your career. Review the position below and apply today.

 

Military service members and veterans with ranks from E5-E9, W1-CW5, or O3-O6, plus appropriate equivalent combination of education and years of experience as outlined below will be considered for this opportunity. 

At this time, Dominion Energy cannot transfer or sponsor a work visa or employment authorization for this position.

This position does not offer relocation assistance. 

 

Job Summary

The Cyber Compliance Specialist role works independently but also leads small teams in the performance, monitoring, or development of complex cyber compliance programs and governance.   This includes the development of policies, procedures, and tools to maintain a strong cyber compliance posture across business units.  The role leverages cyber security best practices and a detailed understanding of cyber regulatory requirements to define guidance for how compliance is achieved and to provide governance and oversight to the entire program.  The role will often provide technical guidance or perform an evaluation of technical procedures intended to achieve compliance.  The role is intended to  reduce or eliminate unnecessary audit findings and implement changes to ensure compliance with all regulatory requirements.
 

This role maintains multiple cyber regulatory compliance programs for business unit(s) processes, applications, and systems as well as consulting on business processes. Using cyber security best practices, a deep knowledge of cyber regulatory requirements, and a deep understanding of business processes, this role:
 

  • Guides teams in doing more advanced cyber compliance program management or creating policies, procedures, and tools to keep a strong cyber compliance position. 
  • Provides consultation services to business personnel seeking to navigate compliance related service company policies, processes, and procedures.
  • Oversees the cyber regulatory compliance program for processes, applications, and systems across business units. 
  • Guides small teams to use cyber security best practices and detailed knowledge of cyber regulatory requirements to set guidance for how compliance is achieved and to provide management and supervision to the entire program. 
  • Completes or ensures completion of compliance related data requests.
  • Gives technical advice or assesses technical controls intended to achieve compliance.
  • Aids in reducing or eliminating audit findings; implements changes and ensures compliance with all regulatory requirements.
  • Often guides and joins in compliance-related projects that need advanced knowledge of regulatory requirements as well as knowledge of suitable security architecture, technology best practices and business area requirements, limitations, and unique system implementations.
  • Makes sure effective compliance processes and procedures are implemented for systems and applications.
  • Assesses processes for failure points and implements controls to reduce those potential failures.
  • Finishes compliance-related data requests, investigates failures or breakdowns in processes and creates plans for fixing or avoiding future incidents.
  • Finds opportunities for improving compliance controls proactively. Increases awareness of current and upcoming policies, regulations, and requirements, and creates solutions for compliance. Typically acts as the expert in one compliance standard or one or more major parts of a compliance standard.
  • Perform other duties as requested or assigned.

Required Knowledge, Skills, Abilities & Experience

7 to 9 years of cyber or IT or OT (Operational Technology), audit, compliance, or technology experience. Note:  A Master's degree will count as one year of experience.  A partial year of six months or more experience will be rounded up to one year.  
 

Specific knowledge, skills, abilities and experience include:
 

  • Experience with NERC CIP experience is required
  • Demonstrated leadership experience in small teams or projects.
  • Experience and understanding of Cyber regulatory standards and requirements.
  • Previous experience creating and updating cyber & human performance controls for compliance requirements.
  • Experience working with internal and external auditing firms or regulators.
  • Experience in writing procedures and policies.
  • Experienced translating procedures into operational steps.
  • Root cause analysis understanding and/or training.
  • Human performance failure analysis training and/or understanding.
  • Understands IT Technology and Business Technology as required to successfully design and implement a compliance program.
  • Understands current security architecture best practices.
  • Understands current cyber security best practices.
  • Possesses the drive to independently learn and become an expert in the evolving regulatory landscape and how that maps to an evolving DE IT and business technology landscape.

Education Requirements

Degree or an equivalent combination of education and demonstrated related experience may be accepted in lieu of preferred level of education:

Bachelor

Preferred Discipline(s): Computer Science; Information Systems; Information Systems Security; Information Technology

Other disciplines may be substituted for the preferred discipline(s) listed above.

Licenses, Certifications, or Quals Description

CISA, CISSP, CCP

Working Conditions

Office Work Environment 76 -100%
Travel Up to 25%

Other Working Conditions

Test Description

No Testing Required

 

Export Control


Certain positions at Dominion Energy may involve access to information and technology subject to export controls under U.S. law.  Compliance with these export controls may result in Dominion Energy limiting its consideration of certain applicants.

 

Other Information


We offer excellent plans and programs for employees. Employees are rewarded with a competitive salary and comprehensive benefits package which may include: health benefits with coverage for families and domestic partners, vacation, retirement plans, paid holidays, tuition reimbursement, and much more.   To learn more about our benefits, click here dombenefits.com.

Dominion Energy is an equal opportunity employer and is committed to a diverse workforce. Qualified applicants will receive consideration for employment without regard to their protected veteran or disabled status.  

You can experience the excitement of our company – it's the difference between taking a job and starting a career.


Nearest Major Market: Richmond

Job Segment: Computer Science, Environmental Engineering, Information Systems, Consulting, Program Manager, Technology, Engineering, Management