NERC CIP Compliance Consultant

Description

Dragonfli Group seeks a seasoned NERC CIP professional with proven experience in audit preparation, execution, and post-audit support for a critical engagement with a large municipal utility enterprise. The role centers around preparing for and supporting the utility's Western Electricity Coordinating Council (WECC) compliance audit, ensuring adherence to North American Electric Reliability Corporation (NERC) standards, especially those pertaining to Critical Infrastructure Protection (CIP) and Operations & Planning (O&P).

This role will operate in close coordination with the enterprise's internal compliance, cybersecurity, and operations teams, providing both advisory and hands-on execution in documentation, evidence preparation, process refinement, and mock audit exercises.

Preference will be given to candidates located within the PST or West Coast.

Key Responsibilities:

• Lead or support the utility's NERC CIP and O&P audit readiness activities in alignment with WECC expectations.
• Review and assess compliance evidence, documentation, and procedures against current NERC Reliability Standards.
• Conduct gap assessments and provide remediation plans to ensure full audit compliance.
• Facilitate or participate in mock audits, internal audits, and interviews to prepare internal stakeholders.
• Develop and refine compliance narratives and responses to WECC Data Requests or audit communications.
• Support the compilation, QA/QC, and submission of audit evidence and documentation.
• Provide guidance on best practices related to cyber asset identification, BES Cyber System categorization, and CIP-003 through CIP-013 control implementation.
• Collaborate with internal IT, OT, and compliance staff to ensure alignment across technical and regulatory domains.
• Advise on compliance strategy and sustainment to ensure post-audit continuity.

Requirements

General:

• Minimum 6 years of professional experience in the electric utility or energy sector
• At least 3 years of focused experience supporting NERC CIP compliance, including hands-on audit preparation
• 1+ full audit cycles supported for NERC or WECC audits, preferably within large municipal utilities or ISOs
• Bachelor’s degree in a related field (e.g., Engineering, Cybersecurity, Regulatory Compliance, or equivalent experience)

Certifications highly desirable:

• NERC System Operator Certification (RC, TO, or BA)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Ethical Hacker (CEH) or other technical credentials

Skill(s)

• In-depth knowledge of NERC CIP Standards (CIP-002 through CIP-014) and relevant O&P standards
• Experience with WECC audit processes, audit documentation portals, RSAWs, and audit interviews
• Familiarity with asset management systems, security event logging, incident response, and CIP Evidence packages
• Understanding of PRC, TOP, IRO, and EOP standards for O&P compliance support (preferred)
• Familiarity with: Tripwire, Splunk, SolarWinds, RSA Archer
• Familiarity with: GRC platforms (e.g., RSA Archer, MetricStream, or custom solutions)
• Familiarity with: Microsoft SharePoint and secure file repositories for audit evidence

Benefits

Insurance - health, dental, & vision

PTO & federal holidays

401K

Travel

Monthly travel to Southern California between Mon - Thurs.