Senior Operational Compliance Analyst - NERC CIP Cybersecurity

At PGE, our work involves dreaming about, planning for, and realizing a smarter, cleaner, more enduring Oregon neighborhood. Its core to our DNA and we haven't stopped since we started in 1888. We energize lives, strengthen communities and drive advancements in energy that promote social, economic and environmental progress. We're always on the lookout for people passionate about leading and being a part of teams that are advancing innovative clean energy solutions that are also affordable and accessible to all.

Summary

In this role, you will have the unique opportunity to join our Governance, Risk and Compliance Cybersecurity (GRC) team! GRC is a department of dedicated Compliance Analysts and Cybersecurity Specialists that support Transmission & Distribution (T&D), Physical Security, Energy and Generation Cybersecurity and North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance programs for PGE's cyber assets.

Our team is responsible for subject matter expertise in Cybersecurity practices relevant to Operational Technology and for developing and overseeing the implementation of a roadmap to reduce the risk of Cybersecurity events impacting PGE's operational systems. GRC Cybersecurity also oversees the development and operation of the NERC CIP compliance programs, interfacing with a wide range of teams who perform planning, design, and hands-on work to ensure the reliable operation of the Bulk Electric System.

In this role you will support the operational units by writing and establishing standards and procedures, gathering support documentation, and collaborating with other internal business units to ensure compliance with NERC CIP Cybersecurity reliability standards.

We're hiring for a position open to both staff operational compliance analyst and senior Operational Compliance analyst candidates. The level will be determined based on the successful applicant's qualifications, experience, and demonstrated skills during the interview process.

Staff Operational Compliance Analyst

Grade 7

Career Level: P3 Career Professional Requires in-depth knowledge and experience Uses best practices and knowledge of internal or external business issues to improve products or services Solves complex problems; takes a new perspective using existing solutions Works independently, receives minimal guidance Acts as a resource for colleagues with less experience.

Key Responsibilities

• Executes operational procedures, processes and practices under supervision, researches and analyzes NERC CIP regulations, requirements and standards.

• Provides guidance on implementation of NERC CIP Cybersecurity standards.

• Drives implementation of new CIP standards in all business units using project management skills, tools, and techniques.

• Coordinates with various business units to ensure consistent, efficient, and achievable practices.

• Supports tracking and documentation of data related to compliance controls. Identifies gaps and suggests remediation strategies. Collaborates with Corporate Regulatory Compliance on companywide compliance reviews.

• Responds to questions about CIP compliance standards and regulations, procedures and processes. Provides guidance and training to others within operational domain.

• Researches changes in technology (with a focus on cybersecurity and operational technology (OT)) process or regulation. Analyzes implications. Determines which procedures may be impacted and how. Recommends changes to operational processes.

• Assists with internal and external audits of federal regulatory compliance matters conducted throughout the company.

Qualifications

• Requires a bachelor's degree in finance, business, technical field or other related field or equivalent experience.

• Typically, five or more years in combination with compliance and one or more years of utility operations, cyber security or auditing, which includes at least two years of FERC/NERC.

• NERC certification preferred.

• FERC/NERC, Generation, T&D, and OT Cybersecurity experience.

• CISSP or other cybersecurity certification.

• Knowledge of business processes and procedures in operational domain (Transmission & Distribution and/or Generation, combined with Information Technology and/or Cybersecurity).

• Intermediate knowledge of relevant NERC CIP Cybersecurity regulations and reliability standards.

Competencies

Functional Competencies:

• Advanced knowledge of business processes and procedures in operational domain.

• Advanced knowledge of relevant regulations and reliability standards.

• Advanced knowledge of corporate and operational compliance and risk. management principles and protocols.

• Advanced analytical skills, including defining problem or issue, researching solutions and alternatives, supporting conclusions and presenting findings.

• Intermediate skills in using database and documentation tools.

General Competencies:

• Intermediate business acumen skills.

• Intermediate problem-solving skills.

• Intermediate decision-making skills.

• Advanced written and oral communication skills.

• Advanced analytical thinking skills.

• Advanced diplomacy skills.

• Advanced organization and prioritization skills Intermediate interpersonal skills.

Senior Operational Compliance Analyst

Grade 8

Career Level: P4 Specialist Professional Requires specialized depth and/or breadth of expertise Interprets internal or external business issues and recommends best practices Solves complex problems; takes a broad perspective to identify innovative solutions Works independently, with guidance in only the most complex situations May lead functional teams or projects.

Key Responsibilities

• Executes operational procedures, processes and practices with limited supervision, researches and analyzes NERC CIP regulations, requirements and standards.

• Leads and coordinates projects to identify new work standards, procedures and business practices to ensure regulatory CIP compliance.

• Responds to complex questions about CIP compliance standards and regulations, procedures and processes and provides guidance on implementation of NERC CIP Cybersecurity standards.

• Drives implementation of new CIP standards in all business units using project management skills, tools, and techniques.

• Coordinates with various business units to ensure consistent, efficient, and achievable practices.

• Oversees CIP compliance reviews and supports tracking and documentation of data related to compliance controls. Identifies gaps and suggests remediation strategies. Collaborates with Corporate Regulatory Compliance on companywide compliance reviews.

• Researches changes in technology (with a focus on cybersecurity and operational technology (OT)) process or regulation. Analyzes implications. Determines which procedures may be impacted and how. Recommends changes to operational processes.

• Assists with internal and external audits of federal regulatory compliance matters conducted throughout the company. Provides leading functional subject matter expertise.

Qualifications

• Requires a bachelor's degree in finance, business, technical field or other related field or equivalent experience.

• Typically, eight or more years in combination with compliance and one or more years of utility operations, cyber security or auditing, which includes at least three years of FERC/NERC.

• NERC certification preferred.

• FERC/NERC, Generation, T&D, and OT Cybersecurity experience.

• CISSP or other cybersecurity certification.

• Knowledge of business processes and procedures in operational domain (Transmission & Distribution and/or Generation, combined with Information Technology and/or Cybersecurity).

• Advanced/Expert knowledge of relevant NERC CIP Cybersecurity regulations and reliability standards.

Competencies

Functional Competencies:

• Expert knowledge of business processes and procedures in operational domain. Expert knowledge of relevant regulations and reliability standards.

• Advanced knowledge of corporate and operational compliance and risk management principles and protocols.

• Advanced skills in leading others and planning, organizing and executing complex technical studies to demonstrate compliance with regulations and standards.

• Intermediate/Expert skills in using database and documentation tools.

General Competencies:

• Advanced business acumen skills

• Advanced problem-solving skills Intermediate decision-making skills

• Advanced written and oral communication skills

• Advanced analytical thinking skills

• Advanced diplomacy skills

• Advanced organization and prioritization skills

• Advanced interpersonal skills

Physical, Schedule/Attendance

Schedule/Attendance:

• Ability to adhere to pre-established schedule, including start/stop time and break/lunch schedule.

• Ability to work long hours.

• Ability to work a variable schedule.

• Ability to report to work and perform work during periods of severe inclement weather.

• Ability to consistently meet attendance standards for regular, reliable, predictable, full-time attendance.

• Ability to work shift schedule.

• Ability to work on-call schedule.

Physical Capabilities

• Computer use (use computer regularly for entire work shift)

Environment- Indoor/Outdoor

• Office

PGE supports hybrid flexible work arrangements; and will have a combination of in-the-office and working offsite. However, these arrangements may change due to business needs or changes in responsibility.

We are interested in every qualified candidate who is eligible to work in the United States to apply. However, we are not able to sponsor visas for this position.

Compensation Range:

Actual total compensation, including a performance based incentive bonus, is commensurate with experience, skills, qualifications, education, training, and internal equity. While we anticipate the selected candidate for this position will fall towards the middle or entry point of the compensation range, the decision will be made on a case-by-case basis.

PGE believes in rewarding dedicated performance. We provide a total rewards package that is designed to reward your contributions to the company, and, at the same time, support your well-being and professional development, both now and into the future. To find out more, click here.

Join us today and power your potential!

Assisting with storms or other Company emergencies is a part of all positions at Portland General Electric.

PGE is committed to diversity and inclusion in the workplace and is an equal opportunity employer. PGE will not discriminate against any employee or applicant for employment based on race, color, national origin, gender, gender identity, sexual orientation, age, religion, disability, protected veteran status, or other characteristics protected by law.

PGE does not discriminate on the basis of disability. We recognize individuals have a variety of abilities to offer and we believe there is much to value and celebrate by incorporating different abilities into the work we do. One very important way we live this out is in our application and interview process. We work hard to support individuals who may need an accommodation to fully participate in these processes. If you feel you may need an accommodation, or would like to request one, please notify the Talent Acquisition Specialist (Recruiter) associated with the job posting. You may also make this request by contacting talentacquisition@pgn.comor by calling 503-464-7250. The Recruiter will provide information and next steps for the accommodation process. Our Diversity, Equity & Inclusion (DEI) team is also available for support. You can contact them at dei@pgn.com.

To be considered for this position, please complete the following employment application by the posting close date. Posting closes at midnight (Pacific Time) on the closing date below. If no date is listed, job is open until filled.