Company:
First Tek, Inc.
Location: Vancouver
Closing Date: 19/10/2024
Hours: Full Time
Type: Permanent
Job Requirements / Description
POSITION RESPONSIBILITIES
Note: All official drafts, documents and recommendations, as listed below, must be reviewed, finalized and approved / accepted by appropriate BPA manager or other federal personnel with the authority to do so.
Reliability Compliance
Provide monitoring, review, analysis and support for the Security Management Program verifying compliance evidence is collected in a timely manner and that information is reliable, consistent, and useful, providing recommendations for improvement as necessary.
Serve as a process point of contact for the organization
Provide recommendations to management to mitigate, comment on, or provide further review for NERC and WECC proposed rulemaking and policies.
Utilize TT's library publishing process to verify documentation is up-to-date and of adequate quality; performs data tracking. Makes recommendations for changing/enhancing organization and information navigation in TT's library structure.
Identify and engage subject matter experts regarding programmatic cybersecurity, compliance, and conclusion of assessments for completion set by current timetables for regulatory compliance.
At the direction of BPA Management, draft and recommend processes and procedures to support NERC Mandatory Reliability standards and DOE NIST/FISMA security requirements for review and approval by BPA management. Final documents will be reviewed and approved by BPA staff.
Assist in development of training materials and job aids to support above
Support the development of documentation necessary for reporting and audit requirements.
With oversight of the BPA manager/BPA staff, provide quality assurance support to verify that vetted and established compliance standards and guidelines are followed, alert BPA manager of any noted concerns or potential issues.
Provide support to NERC annual certification process and any other spot audit or compliance requests.
Support the development of documentation necessary for reporting and audit requirements.
Draft and recommend procedures to accomplish reliability compliance tasks for review and approval by BPA management. Assist BPA managers with the promotion and implementation of approved recommendations and/or adopted procedures.
Provide support to BPA management / BPA staff in audits by providing technical expertise, data call response coordination and data gathering. All materials related to audit responses must be reviewed by BPA management / BPA staff.
Participate as a technical member of the team performing cyber security reviews and analysis. With oversight of the BPA manager/BPA staff, work with the team to develop and recommend cyber strategies and action plans to improve the team's cyber security maturity.
Provide expert-level insight on cyber security best practices and architecture for data center operations. Review process and procedure documentation to identify gaps and potential improvement areas. Develop reports, graphs and other informational materials to present and support improvement recommendations for management review and approval.
Provide program support to the Performance Analysis manager, including:
Technical writing and coordination: Draft initial System Security Plans (SSP)s and work with BPA resource managers to finalize SSP for Authorization to Operate (ATO) certification. Validate that Plan(s) of Action and Milestones are linked to asset strategies. All drafted materials must be reviewed and finalized by BPA management / BPA staff.
Time management: Provide primary monitoring of key POAM milestone efforts and mitigation efforts dealing with compliance. Verify that these efforts contribute to the asset strategies.
Reporting on performance and accomplishments: Monitor Technical Feasibility Exceptions (TFE) and verify TFEs are updated and retired in a timely manner.
Data Call and Survey Coordination
Provide direct support for data calls and industry surveys. This may entail review and analysis of existing documentation and any new/changing requirements, enlistment of appropriate subject matter expert input, and drafting of responses. All drafted materials related to responses must be reviewed and edited by BPA management / BPA staff.
Organize, monitor, review, and report on performance / metrics pertaining to data call artifacts collection and processes.
Maintain and update process artifacts, verifying they are up-to-date and of adequate quality (reliable, consistent, and useful).
Security Management Program Support
Provide visibility to managers of security related matters, their status and any potential issues or threats. Communicate concerns and recommendations regarding the assessment results and attempts to provide a consistent framework and architecture for security decision making
Provides expertise and recommendations to guide the implementation of security best practices.
Review current and/or develop new processes and procedures needed to reduce cyber security flaws and compliance violation.
Review and interpret respective DOE orders, manuals, policies, and standards and evaluate their inclusion and impact in the respective Transmission Technology (TT) environment
Develop and maintain a baseline of implemented BPA security policies for all components of the Transmission Technology (TT) infrastructure.
Review, interpret, maintain Interconnect Security Agreements (ISA's) with BPA's partners.
Oversight/monitoring/verification of ports and services, security patch management, malicious code prevention, security event monitoring, and system access control.
Interpret and recommend aligning of FISMA policy and standards to NERC-CIP policy and procedures.
Review and interpret various NIST standards to help modernize current process, procedures, and configurations to meet the ever-changing cyber security demands.
Review and interpret various governmental policies, such as DOE Directives, CISA Directives, etc, to determine the potential impact to TT systems and assist in the development of a solution to meet these demands.
REQUIREMENTS
Education & Corresponding Experience (required on matrix)
A degree in Business Administration, Management, Organizational Development, Accounting, Engineering, Computer Science or a directly-related discipline is preferred.
With an applicable Associate's degree, 10 years of experience is required.
With an applicable Bachelor's degree, 8 years of experience is required.
Without an applicable degree, 12 years of experience is required.
Experience should be consistent with the specific requirements of operations analysis and progressively more technical in nature.
Required Technical Skills & Experience (required on matrix)
Experience evaluating the adequacy and existence of IT security controls
Experience implementing and adhering to cyber security standards, knowledge of the application of Cyber Security practices such as NIST
Preferred Skills & Experience (optional on matrix)
Experience with the following:
IT Monitoring/Reporting tools (i.e. SNMP, Tripwire, Nessus, NMAP, Splunk, SolarWinds, etc.).
Trouble ticket/change request tools and processes, IT asset, and/or configuration management suites.
Intermediate level proficiency in MS Excel 2016 sufficient to provide dashboard metrics in a variety of formats including charts and graphs using macros and pivot tables.
Proficiency in automated data systems to include SharePoint and Visio and a high degree of efficiency in technical dynamics of software output (e.g. use of advanced printing such as to plotters, capabilities of cross-software embedding for purposes of presentations, technical webinars, etc.).
Experience devising methods to automate testing activities and streamline testing processes.
Experience with Linux and Windows operating systems.
Experience implementing and adhering to NERC-CIP regulatory standards of compliance and documentation.
Note: All official drafts, documents and recommendations, as listed below, must be reviewed, finalized and approved / accepted by appropriate BPA manager or other federal personnel with the authority to do so.
Reliability Compliance
Provide monitoring, review, analysis and support for the Security Management Program verifying compliance evidence is collected in a timely manner and that information is reliable, consistent, and useful, providing recommendations for improvement as necessary.
Serve as a process point of contact for the organization
Provide recommendations to management to mitigate, comment on, or provide further review for NERC and WECC proposed rulemaking and policies.
Utilize TT's library publishing process to verify documentation is up-to-date and of adequate quality; performs data tracking. Makes recommendations for changing/enhancing organization and information navigation in TT's library structure.
Identify and engage subject matter experts regarding programmatic cybersecurity, compliance, and conclusion of assessments for completion set by current timetables for regulatory compliance.
At the direction of BPA Management, draft and recommend processes and procedures to support NERC Mandatory Reliability standards and DOE NIST/FISMA security requirements for review and approval by BPA management. Final documents will be reviewed and approved by BPA staff.
Assist in development of training materials and job aids to support above
Support the development of documentation necessary for reporting and audit requirements.
With oversight of the BPA manager/BPA staff, provide quality assurance support to verify that vetted and established compliance standards and guidelines are followed, alert BPA manager of any noted concerns or potential issues.
Provide support to NERC annual certification process and any other spot audit or compliance requests.
Support the development of documentation necessary for reporting and audit requirements.
Draft and recommend procedures to accomplish reliability compliance tasks for review and approval by BPA management. Assist BPA managers with the promotion and implementation of approved recommendations and/or adopted procedures.
Provide support to BPA management / BPA staff in audits by providing technical expertise, data call response coordination and data gathering. All materials related to audit responses must be reviewed by BPA management / BPA staff.
Participate as a technical member of the team performing cyber security reviews and analysis. With oversight of the BPA manager/BPA staff, work with the team to develop and recommend cyber strategies and action plans to improve the team's cyber security maturity.
Provide expert-level insight on cyber security best practices and architecture for data center operations. Review process and procedure documentation to identify gaps and potential improvement areas. Develop reports, graphs and other informational materials to present and support improvement recommendations for management review and approval.
Provide program support to the Performance Analysis manager, including:
Technical writing and coordination: Draft initial System Security Plans (SSP)s and work with BPA resource managers to finalize SSP for Authorization to Operate (ATO) certification. Validate that Plan(s) of Action and Milestones are linked to asset strategies. All drafted materials must be reviewed and finalized by BPA management / BPA staff.
Time management: Provide primary monitoring of key POAM milestone efforts and mitigation efforts dealing with compliance. Verify that these efforts contribute to the asset strategies.
Reporting on performance and accomplishments: Monitor Technical Feasibility Exceptions (TFE) and verify TFEs are updated and retired in a timely manner.
Data Call and Survey Coordination
Provide direct support for data calls and industry surveys. This may entail review and analysis of existing documentation and any new/changing requirements, enlistment of appropriate subject matter expert input, and drafting of responses. All drafted materials related to responses must be reviewed and edited by BPA management / BPA staff.
Organize, monitor, review, and report on performance / metrics pertaining to data call artifacts collection and processes.
Maintain and update process artifacts, verifying they are up-to-date and of adequate quality (reliable, consistent, and useful).
Security Management Program Support
Provide visibility to managers of security related matters, their status and any potential issues or threats. Communicate concerns and recommendations regarding the assessment results and attempts to provide a consistent framework and architecture for security decision making
Provides expertise and recommendations to guide the implementation of security best practices.
Review current and/or develop new processes and procedures needed to reduce cyber security flaws and compliance violation.
Review and interpret respective DOE orders, manuals, policies, and standards and evaluate their inclusion and impact in the respective Transmission Technology (TT) environment
Develop and maintain a baseline of implemented BPA security policies for all components of the Transmission Technology (TT) infrastructure.
Review, interpret, maintain Interconnect Security Agreements (ISA's) with BPA's partners.
Oversight/monitoring/verification of ports and services, security patch management, malicious code prevention, security event monitoring, and system access control.
Interpret and recommend aligning of FISMA policy and standards to NERC-CIP policy and procedures.
Review and interpret various NIST standards to help modernize current process, procedures, and configurations to meet the ever-changing cyber security demands.
Review and interpret various governmental policies, such as DOE Directives, CISA Directives, etc, to determine the potential impact to TT systems and assist in the development of a solution to meet these demands.
REQUIREMENTS
Education & Corresponding Experience (required on matrix)
A degree in Business Administration, Management, Organizational Development, Accounting, Engineering, Computer Science or a directly-related discipline is preferred.
With an applicable Associate's degree, 10 years of experience is required.
With an applicable Bachelor's degree, 8 years of experience is required.
Without an applicable degree, 12 years of experience is required.
Experience should be consistent with the specific requirements of operations analysis and progressively more technical in nature.
Required Technical Skills & Experience (required on matrix)
Experience evaluating the adequacy and existence of IT security controls
Experience implementing and adhering to cyber security standards, knowledge of the application of Cyber Security practices such as NIST
Preferred Skills & Experience (optional on matrix)
Experience with the following:
IT Monitoring/Reporting tools (i.e. SNMP, Tripwire, Nessus, NMAP, Splunk, SolarWinds, etc.).
Trouble ticket/change request tools and processes, IT asset, and/or configuration management suites.
Intermediate level proficiency in MS Excel 2016 sufficient to provide dashboard metrics in a variety of formats including charts and graphs using macros and pivot tables.
Proficiency in automated data systems to include SharePoint and Visio and a high degree of efficiency in technical dynamics of software output (e.g. use of advanced printing such as to plotters, capabilities of cross-software embedding for purposes of presentations, technical webinars, etc.).
Experience devising methods to automate testing activities and streamline testing processes.
Experience with Linux and Windows operating systems.
Experience implementing and adhering to NERC-CIP regulatory standards of compliance and documentation.
Share this job
Useful Links