NERC Compliance Manager - Rochester, United States - City of Rochester, MN

Description

The City of Rochester invites applications for:
NERC Compliance Manager

Rochester Public Utilities

RPU, a division of the City of Rochester, MN, is the largest municipal utility in the State of Minnesota.

RPU serves over 57,000 electric customers and 41,000 water customers in a 60 square mile service area and has revenues nearing $161 million annually.

Vision- "We Will Set the Standard for Service"

The City of Rochester is committed to a community where all members feel a sense of belonging.

We commit to recognizing the diversity of our community members, listening to ALL voices and providing equitable services to create an inclusive place to live, play and work.

We believe EQUITY should be at the center of all our work.

We strive to represent our community in our teammates, as we know that diverse and inclusive teams are more innovative, and have an empowering impact on the work, progress and culture of our community.

It takes us all working together

Nature of Work

The NERC Compliance Manager is a professional position, responsible for coordinating Rochester Public Utilities' (RPU) North American Electric Reliability Corporation (NERC) Operations and Planning Standards, NERC Critical Infrastructure Protection (CIP) Standards Midwest Reliability Organization (MRO) Reliability Standards, and Midwest Independent System Operator (MISO) electric system operations standards, policies and procedures.

and other regulatory compliance requirements, as well as coordination with the security and reliability of RPU's business cyber systems.

This individual will report to the Director of Core Services with a secondary reporting function to the Director of Corporate Services for the NERC CIP program.

This position will provide technical guidance, advice, and support to RPU's Subject Matter Experts (SME's) in the development and maturation of RPU's policies, procedures, and tooling.

Work is performed with limited supervision under general guidance of the Director of Core Service and the Director of Corporate Services.

Work will occasionally need to be performed outside of normal business hours (including weekends and holidays) to minimize the impact to customers and employees, or to respond to compliance and/or security incidents.

Application review will begin on February 12, 2024

The work below is representative of the scope of work performed within this job classification. Individual job duties will vary based on work assignment.

• NERC Compliance Program Administration and Development.

Coordinate and oversee RPU's NERC compliance program to ensure RPU's continued compliance with all applicable NERC Operations, Planning, and CIP Standards and support internal RPU staff by performing the following:

• Technical review, evaluation, and project management responsibilities for changes to applicable Operations, Planning, and NERC CIP standards with affected Subject Matter Experts to ensure continued compliance.
• Manage the proactive development and updates of plans, procedures, tooling, and record keeping for new or revised NERC standards with RPU subject matter experts.
• Maintain and improve RPU's overall NERC Compliance Program systems and processes to ensure compliance with NERC Compliance Monitoring & Enforcement Program (CMEP), NERC Rules of Procedures (ROP), NERC Alerts and NERC Event Analysis and Performance.
• Develop and maintain evidence databases, compliance tracking software, and reporting tools to achieve consistency and efficiency in RPU's documentation and procedures.
• Represent RPU on applicable MRO, MISO, and NERC compliance committees and working groups as a Subject Matter Expert.
• Serve as project manager for RPU compliance related projects and as a NERC Compliance representative on various RPU project teams.
• Serve as the resident expert for NERC Operations, Planning and CIP standards, policies, procedures, cyber security and industry trends. Provide advice based on research of related sources, including but not limited to Guidelines and Technical Basis, published violations, and lessons learned.
• Monitor, track and coordinate all NERC related compliance tasks to ensure timely and quality completion compliant with NERC standards, RPU policies and procedures.
• Monitor, review, evaluate, and project manage changes to applicable NERC standards with affected SMEs to ensure continued compliance.
• Maintain effective working relationships with regulatory agencies and other utilities.
• Develop and provide training as needed.
• NERC Auditing Administration

Provide technical guidance, advice, and support within RPU's NERC Compliance Program relating to the following function pertaining to NERC auditing:

• Act as RPU's primary compliance contact to the MRO to coordinate all activities required for an on-site MRO audit, quarterly self-certifications, data requests, and follow-up action items, which includes evidence submittal and internal direction of Subject Matter Experts.
• Participate in the proactive development and updates to plans, procedures, Reliability Standard Audit Worksheets (RSAW'S), and recordkeeping of evidence with indirect reports acting as internal RPU Subject Matter Experts.
• Coordinate the development, technical review and submittal of compliance evidence, quarterly self-certifications, data requests, NERC Alerts, Technical Feasibility Exceptions (TFE's), corrective action plans, self-reports and mitigation plans.
• Coordinate the dissemination of information from the MRO and NERC to Subject Matter Experts relating to data requests, evidence handling and submittals, as well as new filing requirements.
• NERC Compliance Program Oversight and Analysis.

Provide technical guidance, advice, and support within RPU's NERC Compliance Program relating to the following oversight and analysis responsibilities:

• Review internal controls of RPU's policies and procedures to ensure compliance with NERC standards, guidelines and policies.
• Provide technical/administration guidance and advice to Subject Matter Experts for ensuring compliance with all NERC and MRO approved standards and requirements.
• Respond promptly to external and internal concerns.
• Develop and provide comprehensive training as needed.
• Coordinate and lead internal self-audits and gap analyses to verify, oversee and monitor that RPU's policies and procedures are compliant with the NERC Reliability Standard requirements by performing analysis of compliance evidence and recommend priorities and goals for current and future company compliance needs.
• Ensure the quality, appropriateness, and responsiveness of all submitted compliance evidence for MRO audits, quarterly self-certifications, data requests.
• Perform statistical, logical or mathematical analysis as needed for special studies and reports.
• Present analysis results to the Manager of System Operations/Reliability, RPU's Executive Team, and/or the Utility Board as requested.
• Enterprise Security Program

Work collaboratively with the IT Compliance and Security Coordinator to leverage knowledge and resources to support the RPU and Citywide IT security program.

Provide input to the design, installation, maintenance, and optimization of IT security systems, policies and procedures.

• Provide recommendations for security related policies and procedures to ensure the efficiency and effectiveness of the IT security program.
• Provide recommendations for hardware and software configuration with respect to the IT security infrastructure's capacity, throughput, and security.
• Conduct security assessment of new and existing applications, systems, environments and devices.
• Backup the IT Compliance and Security Coordinator in(audit) security related hardware and software are up to date and perform at optimal level based on security policies, best practices and industry standards in the business network.
• Adhere to RPU's security and compliance standards and requirements.
• Support security related activities, such as patching, documentation, vulnerability assessment, investigation, and mitigation.
• Disaster Recovery and Incident Response
• In coordination with the IT Compliance and Security Coordinator support the design, deploy and maintain an effective incident response and disaster recovery plan including:
• Backup/restore and recovery strategy.
• Systematic tests, evaluation and adjustment of recovery plans.
• Provide assistance in business continuity, recovery, and/or investigation.
• Monitor, log, and respond to system and network events.
• Quality Service
• Maintain an effective and productive relationship with customers and vendors.
• Work closely with customers and vendors in identifying, deploying, and maintaining solutions.
• New Technologies
• Stay abreast of trends in the IT and IT Security industry.
• Assist in positioning RPU to effectively utilize state of the art technology for utilities.
• Develop plans for technology life cycle management and provide recommendations for the implementation of new security related technology.

Perform other duties as assigned or necessary.

• ESSENTIAL FUNCTIONS

Education and Experience

Bachelor's degree in computer science, information systems, or a closely related field from an accredited four-year college or university; AND at least three (3) years of IT administration, IT compliance, IT security experience or Electrical SCADA Systems Operations experience in a NERC regulated environment or other regulated IT environment.

Licenses and Certifications

Valid driver's license

Desirable Qualifications

• Familiarity with compliance standards and practices such as NERC Operation, Planning, and CIP, NERC Audit Administration, preparation of self-certification documentation, preparation of self-reports, and mitigation plans.
• Familiarity with of the principles of IT Security, networking, systems administration, and application development.
• Familiarity with development of System Operations processes and procedures.
• Extensive experience with process analysis, development, documentation, and training.

Prior to being hired, promoted or transferred into the position, the candidate must successfully pass a Personnel Risk Assessment, which includes identity verification and a criminal background check.

Prior to being granted unescorted access to cyber secure areas, the candidate must attend cyber security training. Annual cyber security training is also required.

KNOWLEDGE, SKILLS AND ABILITIES


Knowledge of:

• IT systems administration, development and business principles
• IT security and compliance principles, methods, tooling and practices
• Operating policies and procedures for interconnected operations including the NERC Reliability Standards, utility specific operating policies, other federal and state regulations.
• Principles of electrical theory as applied to electrical power transmission and generation systems.
• Electrical utility facilities such as substation equipment, generation equipment, control schemes, relay functions and type, transmission line terminology, equipment, locations, and equipment ratings capacities.

Skill in:

• Strong leadership skills to influence, motivate, increase productivity and maintain a positive image both within the department and as a representative and employee of the utility.
• Time-management, including the ability to plan, document, prioritize, coordinate, and delegate work.
• Interpersonal and listening skills, with the ability to build productive professional relationships and promote a team atmosphere.
• Attention to detail in complex environments.
• Project management and building productive teams.
• Problem-solving, including problem identification and analysis.
• Effective verbal and written communication skills.

Ability to:

• Think strategically, with a focus on achieving tactical and operational goals.
• Understand and follow NERC CIP Standards, PCI, Enterprise Security Policies and other established written procedures and guidelines.
• Write procedures, policies, and Reliability Standard Audit Worksheets (RSAW'S), including construction of compliance evidence.
• Comprehend technical concepts quickly.
• Work independently with only general guidance to complete complex duties, requiring independent judgment, analysis and interpretation of policy.
• Effectively prioritize work, manage multiple tasks, meet deadlines, and adjust work priorities as needed to meet department/organizational objectives.
• Work as part of a team, either as team leader or a member of a team.
• Drive results and ensure work is accomplished properly, safely, and in a timely manner.
• Use discretion in maintaining confidentiality and handling sensitive information.

PHYSICAL AND ENVIRONMENTAL CRITERIA
In compliance with the Americans with Disabilities Act, the following represents the physical and environmental demands for this position. The employee must be able to perform the essential functions with or without accommodation.

In consideration of the overall amount of physical effort required to perform this position, the work is best described as

Sedentary Work:

Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body.

Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.

Physical demands that may be required continuously (2/3 or more of the time), frequently (1/3 to 2/3 of the time), and occasionally (up to 1/3 of the time) are noted below:

Continuous demands:
Sitting, Fine Dexterity.

Note:
this position requires a majority of time (up to 75%) spent in a seated position.

Sensory requirements necessary in the performance of the essential functions of this position include: sight, hearing, and touch.

Environmental conditions that may exist in the performance of the essential functions of this job include: NONE (not substantially exposed to environmental conditions)