The Senior Corporate Security Critical Infrastructure Protection Program Manager is a key role which will create and lead Corporate Security Critical Infrastructure Protection and Compliance (CIPC) programs. The Program Manager will work with Critical Infrastructure Protection Specialists, Technology Teams and Compliance SMEs to ensure NERC CIP compliance. This position requires broad expertise and advanced knowledge of wide ranging issues related to the implementation of operational technology. Specific experience with CIP-004, CIP-005, CIP-007 and CIP-010. Demonstrated experience implementing these requirements with Physical Access Control System (PACS) infrastructure is preferred. The successful candidate will be expected to develop policy, process, procedures, and internal controls to ensure operations technology systems are sustainably compliant. Candidate will be required to develop department standards consistent with guidance document library formatting and success measures. Appropriate SMEs must be kept informed of new or evolving compliance obligations and necessary documentation captured to demonstrate the successful implementation of security standards and best practices. Should possess excellent writing skills and the ability to create professional and compelling presentation material. As issues arise, the successful candidate will lead and document apparent cause, root cause, fact finding, remediation, mitigation strategies and assist with the development and tracking of mitigation activities as needed.
- Coordinating audits, preparing reports, developing, and maintaining performance metrics, conducting self-certifications, spot checks, and investigations, issue handling, facilitating reporting and violation mitigation.
- Develop documentation related to audit findings, self-reports, root cause analysis, mitigation plans and evidence of completion.
- May manage cross functional projects, programs, or initiatives.
- Applies subject matter expertise (SME) in physical security and regulatory knowledge to evaluate current practices, gap analysis and risk reduction initiatives.
- May lead cross functional teams and engage in activities such as clarifying responsibilities and commitments, hand-offs, training, and communication.
- Conduct quality reviews on programmatic compliance activities.
- Solves complex problems and takes broad perspective to identify innovative solutions.
- Respond to ad hoc requests from other lines of business and compliance oversight organizations to ensure timely oral and written communication.
- May monitor developing or evolving compliance obligations to ensure compliance with national, regional, and local regulations. Developing new metrics as needed.
- Participate, monitor, and track LOB-owned compliance issues in Corrective Action Plans (CAP), initiation through closure.
- Assist with the development, implementation, and maintenance of a cybersecurity compliance framework with an emphasis on physical security elements and program documentation in support one or more of FERC Dam Sector, NERC CIP Physical Security Requirements, CPUC, TSA Gas Pipeline and other regulations as assigned.
- Ensures that all documentation is current, complete, accurate and in compliance with applicable regulatory standards.
- Expected to remain current with evolving regulatory requirements and ensure completeness of requirement inventory and compliance artifacts.
- Support Corporate Security requirement owners in the development, implementation, and maintenance of effective controls.
- May lead written responses to regulatory data requests, investigations, compliance and regulatory audits and customer inquiries.
- PMI-Project Management Institute PMP-Project Management Professional certification
- Six (6) years of relevant work experience or in IT/OT technology, NERC compliance including some experience in physical security or in program management leading multiple complex projects
- Ten (10) years of experience in IT/OT technology, NERC compliance including some experience in physical security or in program management leading multiple complex programs.
- Bachelor’s degree or equivalent work experience
- Master’s degree in job-related discipline or equivalent experience
- CISSP, CISA Certification
- ASIS Certified Protection Professional (CPP) or Physical Security Professional (PSP)
Vacancy Type: Full Time
Job Location: San Francisco, California, USA
Application Deadline: N/A