CIP Auditor

Charlotte, NC

Full Time Mid-level / Intermediate
SERC Reliability Corporation logo
SERC Reliability Corporation
Apply now Apply later

The electric grid is vital to our everyday lives. It is fundamental for the health, safety, and well-being of our communities, and provides the platform for our economy and our societal and technological advances. SERC's mission is to reduce risks to the reliability and security of the electric grid (also known as the bulk power system), not only for today but also for the future.

To achieve this mission, we maintain a diverse team of experts across numerous disciplines in order to address the complex, evolving, and dynamic challenges facing the grid. Our team also partners with the best and brightest individuals from both the power industry and the federal government to understand and address the challenges facing the grid. These key partnerships make our work more informed, pragmatic, responsive, and impactful.

The Critical Infrastructure Protection (CIP) Auditor coordinates, schedules and leads audit teams in the execution of Compliance Monitoring Engagements, Organizational Certifications and Spot-Checks on behalf of SERC Reliability Corporation (SERC). The incumbent supports implementation of the Compliance Monitoring and Enforcement Program (CMEP) established by SERC in coordination with the North American Electric Reliability Corporation (NERC), the Electric Reliability Organization (ERO) under the jurisdiction of the Federal Energy Regulatory Commission (FERC).

 

DUTIES AND RESPONSIBILITIES:

  • Conducts Compliance Monitoring Engagements, and other CMEP activities in accordance with SERC's Regional Delegation Agreement.
  • Coordinates information gathering, dissemination, data retention and confidentiality related to performance of Compliance Monitoring Engagements and Spot-Checks as assigned by manager.
  • Acts as Audit Team Leader (ATL), or a team member reporting to the ATL, during the Compliance Monitoring of entities within the SERC Region.
  • Participates as a team member on Certifications and Investigations as assigned.
  • Ensures audit reports are accurate, thorough, and contain sufficient information upon which to base compliant/non-compliant findings.
  • Provide audit reports to the ATL/audit team as requested for comment and to manager in a timely manner following monitoring engagements and in accordance with the ERO Enterprise Compliance Monitoring and Enforcement Manual.
  • Provides timely notification to ATL and manager of compliant or non-compliant/potential non-compliance findings commensurate with their significance.
  • Prepare draft audit reports, based on the on-site or remote reviews, questionnaires, documentation, self-assessments and audit team input; ensure this information is accurate and contains sufficient justification for manager to provide to Risk Assessment and Mitigation department.
  • Ensures the proper administrative and security controls are in place for managing CIP related information.
  • Assists in the development and implementation of reporting forms associated with the compliance processes.
  • Analyzes data related to compliance including routine filings, self-certification statements, self-reports, complaints and other forms and draw logical conclusions relative to non-compliances and PNCs of reliability standards.
  • Prepare pre-audit documentation, effectively document the audit process and report results.
  • Ensures appropriate processing, data retention and confidentiality of all documentation required for Compliance Monitoring Engagements, and other CMEP actions.
  • Evaluates and assesses compliance of periodic data submittals and self-certifications.
  • Develops CIP compliance data reports and presentations used for internal training, seminars, SERC Board Meetings and other SERC or ERO activities.
  • Ensures compliance with Government Auditing Standards for objectivity, independence, impairment, rules of evidence and professional judgment.
  • Serves as a project coordinator with minimal oversight by direct manager.
  • Coordinates responses to entity questions.
  • Review and supports entity specific Inherent Risk Assessment and Compliance Oversight Plan.
  • Develops risk based scopes for entity monitoring engagements.
  • Participates on corporate committees and cross-functional teams, as assigned.
  • Comply with SERC policies with regard to anti-trust, conflicts of interest, and confidentiality.
  • Performs other assignments as directed.

QUALIFICATIONS AND EXPERIENCE:

  • Four year and/or higher educational degree in Engineering, Computer Engineering or Computer Science/Technology, or equivalent experience.
  • 3-5 years of experience associated with computer systems used in the electric utility industry, or 3 years of experience in securing computer systems, including both physical and/or cyber security.
  • 3-5 years of experience associated with computer systems used in the electric utility industry, or 3 years of experience in securing computer systems, including both physical and/or cyber security.
  • Knowledge of Generally Accepted Government Auditing Standards. Prior audit experience a plus.
  • 3-5 years of information technology auditing preferred.
  • 3-5 years of project management experience preferred.
  • Excellent organizational and time management skills.
  • Effective communication skills (face-to-face, telephone, written and email, and presentation skills).
  • Computer skills, proficient with Microsoft Office applications, including Word, Excel, and PowerPoint.
  • Knowledge of bulk electric system and security infrastructure a plus.
  • Knowledge of information technology and security infrastructure including IDS,IPS, antivirus solutions, logging solutions, switches, firewalls, etc.
  • Ability to work with and analyze data intensive and detailed information, and to draw meaningful conclusions from that information.
  • Demonstrate the ability to coordinate activities for diverse groups of people that comprise the audit teams.
  • Ability to interface between audit teams and upper management of SERC registered entities.

 

COMMITMENT TO CULTURE:

SERC is dedicated to being a highly desirable place to work through culture and purpose. We place a strategic focus on critical elements such as Diversity & Inclusion, Innovation & Collaboration, and Organizational Development & Talent Management. Through this strategic focus, SERC has identified its four Cultural Attributes that we believe keeps us on the path of continuous improvement.

 

CULTURAL ATTRIBUTES:

  • Leader - Is trustworthy, principled, and respectful and strive to create value that reduces risk. Has a positive vision and is actively building support to execute it. A leader takes personal accountability for the outcomes of their choices and actions, acts with professionalism and adapts to change in a calm and positive manner. A leader will, when appropriate, ask questions and recommend alternative solutions to new processes or procedures.
  • Collaborative - Partner and engage, both internally and externally, to drive meaningful action by leveraging skills, knowledge and tools. This would include effective written and verbal communication to ensure ideas and messages are clearly and concisely conveyed, being responsive to all stakeholders, understanding goals and objectives while exceeding key metrics and targets. Encourages dialog and candor while making it safe for others to voice their opinion to ensure all alternative viewpoints are heard, they are an active listener.
  • Expert - Being credible, objective, disciplined, and sought after to help with continuous learning, improvements, and innovations. Exhibit knowledge of and ensures compliance with industry best practices and regulations. Take initiative to set priorities and convey important information in a timely and efficient manner. Employ good judgment when evaluating a problem by analyzing risk and identifying consequences while demonstrating a sense of organizational stewardship.
  • Purposeful - Proactively demonstrate initiative, intentionality and resourcefulness to help anticipate and navigate current and future challenges. Committed to the quality of work and ensures work is delivered at appropriate deadlines while seeking operational efficiencies. Initiate appropriate follow-up while leveraging industry knowledge and business acumen to make appropriate decisions. Treat others with compassion and empathy and embrace the organization's mission and vision while providing meaningful contributions to organizational endeavors.

 

If the traits and characteristics listed in our Cultural Attributes resonate with you, we encourage you to apply!

 

SALARY/BENEFITS:

This position is located in the Charlotte, NC office. The salary range for this position is dependent on experience. We offer a generous PTO package; paid holidays; medical, dental, vision, life, short-term and long-term disability insurance, and a 401(k) plan with an organization match.

 

SERC is an Equal Opportunity Employer

SERC does not work with third-party recruiters.

Job region(s): North America
Job stats:  57  1  1
  • Share this job via
  • or

Explore more Information Security career opportunities