The California Independent System Operator (ISO) manages the flow of electricity across the high-voltage, long-distance power lines that make up 80 percent of California's power grid. We safeguard the economy and well-being of 30 million Californians by operating the grid reliably 24/7.

As the impartial grid operator, the California ISO opens access to the wholesale power market that is designed to diversify resources and lower prices. It also grants equal access to 25,865 circuit-miles of power lines and reduces barriers to diverse resources competing to bring power to customers.

The California ISO's function is often compared to that of air traffic controllers. It would be grossly unfair for air traffic controllers to represent one airline and profit from allowing that company's planes to go through before others. In the same way, the California ISO operates independently—managing the electron traffic on a power grid we do not own—making sure electricity is safely delivered to utilities and consumers on time and reliably.

The California ISO is committed to the health, safety, and work/life integration of it employees and is proud to offer flexible work arrangements. This position would be eligible to participate in a remote or hybrid schedule. 

Relocation Assistance is available.

Under the general direction of the Manager, facilitates compliance oversight of NERC Critical Information Protection (CIP) requirements and other information security regulatory obligations. Acts as the department liaison with technology partners for development and implementation of governance and technology compliance tools. Provides in-depth knowledge and technical expertise on NERC CIP requirements, industry best practices, internal controls and information governance tools. Monitors and leads all self-report and mitigation plan activities. Performs technical detailed analysis on NERC CIP compliance assessments, root causes, and internal control reviews to strengthen the NERC CIP compliance program for the ISO. 

What You Will Be Doing:

• Leads the NERC CIP and information security compliance activities. Performs self-certification reviews, compliance assessments, risk assessments, controls monitoring and corrective action activities related of internal controls and compliance oversight activities related to CIP and ISO’s information security policies, procedures and standards.
• Actively participates in the development, implementation and maintenance of NERC CIP reliability standards in coordination with information security, technology and business units in preparation of the requirement effective dates. Facilitates readiness reviews with peers and regulatory bodies, as necessary. Collaborates with industry peers for sharing lessons learned, benchmarking and best practices.
• Acts as Compliance and Corporate Affairs department liaison with technology partners in the development, implementation and maintenance of all information governance tools. Responsible for systems supporting the compliance program and information governance activities. Collaborates with technology resources to explore opportunities for automation of manual processes. Tracks performance and completion of activities supporting CIP compliance and leads optimization activities related to governance risk and compliance (GRC) tools supporting overall compliance activities.
• Supports the Compliance and Corporate Affairs records repositories, business continuity activities and compliance initiatives, as necessary. Assists in the required annual BCP and Incident Response activities and supports the development, implementation and maintenance of the Compliance and Corporate Affairs intranet team pages.

Level of Education and Discipline:

A Bachelor's degree (BA, BS) or equivalent education, training or or experience in Information Technology, Management of Information Systems, or related field. Master degree preferred.

Amount of Experience:

Equivalent years of education and training, plus six (6) or more years related experience.

Certifications:

Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) or Certified Information Systems Auditor (CISA) preferred.

Type of Experience:

Significant experience in information security, analysis, monitoring and investigations. Strong experience in developing presentations and reports for executive and Board level audiences. Knowledge of NERC CIP Reliability Standards and NIST required. Demonstrated experience with performing compliance processes and delivering on commitments. Experience in governance tools, research and complex problem solving is desirable. Experience with compliance, cloud security, network security, information technology and internal audit is preferred.

Additional Skills and Abilities:

Demonstrates fundamental leadership skills with the ability to work effectively in a team environment as a leader, facilitator, and team member. Ability to provide practical and feasible solutions to problems, keeping multiple conflicting considerations into account. Excellent interpersonal, communication, and writing skills required. Excellent analytical skills are required, including the ability to effectively communicate complex technical materials and concepts in a non-technical manner. Must be able to handle a dynamic and changing work environment, and work independently. Strong computer skills in Microsoft Office Suite. Self-motivated, problem solving skills and the ability to influence others without direct authority. 

Must be familiar with SharePoint and have knowledge of system and information security terminology and concepts. Must be able to manage own schedule, prioritize work activities, as well as be willing to work off hours, if necessary, to complete deliverables by the required regulatory deadlines. Must be willing to work California/ Pacific Time business hours.

The pay range for this position is $129,000 - $215,000 / year.

All your information will be kept confidential according to EEO guidelines.