Na It Nerc Security Lead

EDP Renewables is a global leader in the renewable energy sector and currently operates in more than 25 markets. With eight offices and several sites, at EDP Renewables North America, we are experienced developers and operators of renewable energy. Our portfolio includes wind farms, solar parks, energy storage projects, and green hydrogen solutions throughout the continent. We are ranked among the top 5 in the U.S. in operational renewable energy capacity.
 

Our company is part of EDP, a global energy group present in around 30 markets with a particular emphasis on renewable energies. With more than 45 years of experience, we have been consolidating a relevant presence on the world energy scene based on the commitment to be all-green by 2030, leading the energy transition. With more than 13,000 employees around the world, we are committed to using our energy and heart to drive a better tomorrow.

What you will do

Role Overview:

The NA IT NERC Security Lead will work as part of the IT Team to develop, implement, and maintain the security posture of both the corporate infrastructure and technical networks including networks that must maintain compliance with NERC CIP Standards. This is a role that will require in depth knowledge centered on Anti-Virus/Anti-Malware management, firewall rule design, IPS/IDS, web-filtering, SEIM logging, and security event alerting. This role will work with other security team members to execute vulnerability assessments, DR planning, pen-testing, and other scheduled activities that support the review of policies, procedures, and practices. The Security Engineer will assist in the further enhancement and design of critical network security posture and support the development of new architecture to meet upcoming CIP standards. 

Main responsibilities:

• Promote the reliability of EDPR Systems through rigorous compliance with applicable NERC standards monitoring and enforcement activities and functions as a team member for internal and external audit preparation 
• Ensure relevant, valid, reliable, stacking, and sufficient evidence is available to demonstrate compliance 
• Ensure effective regulatory compliance to the North American Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Standards by providing hands on to support and enhance operational business unit’s risk management, Cyber, Information, Physical and Personnel Security programs 
• Work and support the compliance and regulation team 
• Maintain and revise security/compliance systems infrastructure including the administration and maintenance of compliance policies, programs, and procedures related to the NERC CIP Standards 
• Coordinate and support compliance audits conducted by internal resources, consultants, or regulatory organizations 
• Work with responsible EDPR internal NERC group to resolve compliance issues and develop improvement recommendations and mitigation plans 
• Document and submit potential violations and ensure they are tracked for timely resolution and fully documented in auditable records 
• Utilize EDPR compliance technology to assign, track, and monitor compliance efforts 
• Implement and/or recommend appropriate IT initiatives to ensure effective integration of compliance programs or initiatives 
• Configure and install various network devices and services (i.e., routers, switches, firewalls, etc.) 
• Monitor system resource utilization, trending, and capacity planning 
• Select and implement security tools, policies, and procedures 
• Design and implement configurations management, reporting, and alerting functions to automate the environment 
• Follow standard methodologies and develop new and innovative processes for delivering information security solutions 
• Additional duties as required 

Employment type

Work site

What are we looking for

Minimum Requirements:

• Bachelor's degree in Computer Science, Information Technology, or a related field 
• 7+ years' experience in cybersecurity 
• Prior NERC CIP v5/6 audit experience (preferably within the TRE audit region) 
• Prior physical security regulatory experience 
• Working knowledge of the FERC functional model 
• Good Understanding of NIST-800 and ISO 27001 Security Frameworks 
• Strong Cisco ASA, IPS, and IDS configuration and troubleshooting skillset 
• Solid TCP/IP networking foundation including routing, sub netting, VPN, packet filtering/firewalling, VLANs, packet capture/analysis, and NAT configuration 
• Demonstrated experience in system hardening and Active Directory security policy implementation 
• SEIM management: logging, alerting, and report development 
• Advanced Security Certification - CISSP, CCNP-Security, or GSEC 
• Experience with Federal Compliance Standards: NERC-CIP, HIPAA, SOX, PCI-DSS, etc. 
• NERC CIP Audit experience, specifically from a GO/GOP perspective 
• Working knowledge of SCADA protocols, industrial computers and PLCs, and industrial network design 
• Understanding of Microsoft products and/or complementing products  
• Competency in Analytical Problem Solving, Strong Communication, Customer/Partner Relationships, and Technology Expertise preferred 

Travel:

Less than 10%

Behavioral Requirements:

• Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists 
• Excellent documentation skills and attention to detail 
• Ability and willingness to respond to emergencies 24 hours a day, 7 days a week, as needed 
• Strong time management skills and ability to multi-task 
• Ability to bring project to successful completion within an appropriate timeline 
• Ability to work weekends, holidays, and overtime as needed 

Physical demands & working conditions:

• Sitting/Standing/Flexibility: Ability to stand and sit for 8 or more hours when in an office environment 
• Speech/Reading: Ability to speak, read, and write English proficiently and deliver a variety of instructions furnished in written, verbal, diagram, or schedule form 
• Lifting: Ability to lift items weighing up to 10 pounds 
• Vision/Hearing: Ability to understand a variety of instructions furnished in written, verbal, diagram, or schedule form 
• Safety: Ability to understand and communicate safety precautions when necessary 

Equal opportunities for all
Our vision is that each person combines their unique characteristics and experiences to fulfill our mission of creating new energy for the planet. We are an inclusive employer, ensuring all candidates are treated fairly throughout the recruitment process. We welcome and value all people, and we are committed to fostering a sense of belonging for each person who is part of the EDP group.
 

This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. EDP makes hiring decisions based solely on qualifications, merit, and business needs at the time. For further information, please review this notice from the Department of Labor: EEO is the Law poster (https://www.eeoc.gov/poster). You may have additional rights pursuant to recent amendments to federal labor laws. Please review these protections from the EEO is the Law Supplement (https://www.eeoc.gov).
 

Need more reasons to apply?
As a top employer we:

• Empower our employees through a positive and innovative work environment that promotes collaboration and agile decision-making;
• Respect and value each person, providing a flexible, healthy, and inclusive workplace with a range of attractive benefits;
• Provide a meaningful work experience and prepare our people for future challenges through different opportunities for development and internal mobility;

Our efforts have resulted in several distinctions over time, highlighting the EDP group's strong positioning and its dedication and commitment to attracting and retaining the best talent:

• Top employer certification by Top Employers Institute
• Part of the Bloomberg Gender-Equality Index
• Global certification as a family-responsible company by Fundación Másfamília
• Top 100 Workplaces by Houston Chronicle

Discover our tips to enhance your performance during the recruitment process and apply until January 10th 2025, if you think you are the right fit for this opportunity.