Southern Maryland Electric Cooperative has an immediate opening for a Senior CIP Compliance Manager.

Scope of Position:
The Senior CIP Compliance Manager position will solve complex problems in multiple areas of specialization within Information Technology (IT)/Operations Technology (OT) and NERC CIP compliance. The position will be responsible for assisting IT/OT personnel in developing and implementing plans, schedules, procedures, tools, and processes to ensure security of information systems that supports a comprehensive NERC CIP Reliability Compliance Program.

Primary Responsibilities:
* Demonstrates working knowledge of IT/OT, and Cybersecurity policy, standards, processes and controls
* Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure they provide the intended level of protection that are aligned with CIP
* Demonstrates in-depth knowledge of NERC CIP Compliance policy, standards, processes and controls.
* Executes, defines and provides direction for NERC CIP Compliance functional processes and procedures.
* Responsible for the development, implementation, and oversight of Industrial Control Systems Security (ICS security) auditing program to ensure the integrity, confidentiality and availability of all information owned, controlled and/or processed by SMECO.
* Develop, review and update documentation, processes, procedures and standards to maintain compliance with NERC CIP; develop tools and metrics for periodic reporting. Develop NERC CIP compliance assessment and remediation reports.
* Responsible for document development, including NERC RSAWs, and providing evidence for internal assessments and external engagements such as audits, certifications and spot-checks. Responsible for working with the SMEs to support the necessary plans for audit preparation and NERC CIP mitigation activities.
* Develop and coordinate CIP required training for personnel directly responsible for carrying out CIP standards and security awareness training for all SMECO personnel and contractors.

This position requires an individual who has experience in Cybersecurity, preferably with risk identification and management, audit and compliance, policy development and maintenance, evaluation of control requirements, security and related industry regulatory issues. Additionally, we prefer the individual have an understanding of the operation of an electric utility and the ability to develop and administer cyber-security programs, which contribute to the security and reliable operation of the bulk electric system.

Candidate must also demonstrate skill coordinating the development and maintenance of organizational and/or technical procedures to include conducting focus group meetings/interviews with subject matter experts to identify their needs and translate them into procedures; creating procedures, at all levels, from interviews and existing documentation; ensuring adherence of established formats, standards, and governing policies and procedures for approval.

Candidate must have a Bachelor's or advanced degree in Computer Science, Engineering or related field. Experience will be considered in lieu of college degree requirement. Information security certifications/qualifications such as CISSP, CISA, CISM, or SANS GIAC are preferred.

We are seeking candidates with seven or more years' experience in Information Technology, technical writing, energy management systems or compliance auditing. Previous experience working for an electric utility with CIP is preferred.

Starting salary ranges is $86,100-$111,600. SMECO offers and excellent benefits program including a 401k 6% dollar for dollar match and additional 3% non-elective company contribution.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

Interested candidates should apply via SMECO's website at www.smeco.coop/careers.

Candidates must have a Bachelor's or advanced degree in Computer Science, Engineering or related field. Experience will be considered in lieu of college degree requirement. Information security certifications/qualifications such as CISSP, CISA, CISM, or SANS GIAC are preferred.

We are seeking candidates with seven or more years' experience in Information Technology, technical writing, energy management systems or compliance auditing. Previous experience working for an electric utility with CIP is preferred.