Apply on Employer Site

Guidehouse · 2 days ago

Cybersecurity Associate Director-Energy Providers

US - TX, San Antonio

Full-time

Onsite

Lead/Staff, Director/Executive

$135K/yr - $225K/yr

5+ years exp

Guidehouse is a consulting firm specializing in Cyber Consulting, and they are seeking a Cybersecurity Associate Director to design and implement secure architectures for enterprise and operational environments for commercial energy providers. The role requires expertise in regulatory frameworks and cybersecurity best practices, focusing on the Power/Electric Utilities industry.

AdviceConsultingManagement Consulting

No H1B

U.S. Citizen Only

Responsibilities

Design enterprise data models, data lakes, warehouses, and integration frameworks for structured and unstructured data

Architect secure systems aligned with NIST, ISO 27001, and CIS controls to ensure compliance

Implement NERC CIP standards (002–013), including audit preparation, evidence gathering, and mitigation planning

Secure data flows across AWS, Azure, and on-prem environments using encryption, IAM, and network segmentation

Develop and enforce RBAC, ABAC, MFA, and privileged access management in compliance with technical CIP standards or similar regulations

Create secure architectures that anticipate attack vectors, supported by playbooks and detection strategies

Protect OT environments such as EMS, SCADA, DCS, and other industrial control systems within the Bulk Electric System

Maintain data integrity, availability, and confidentiality through metadata standards, classification, retention, and purging policies

Collaborate with compliance, operations, IT, and engineering teams to align technical architecture with regulatory and business needs

Qualification

NERC CIP standardsCybersecurity architectureData architectureRegulatory complianceAWS securityAzure securityRBACABACOT environment securityWriting skillsCollaboration skills

Required

Due to nature of client engagements must be a US Permanent Resident or US Citizen

Associate Director -Bachelor's degree in a business, cybersecurity, security management, homeland security, information security, or related discipline AND Seven (7+) plus years post-graduation working experience within the electric utility industry or a NERC related regulator; Or Master's degree in a business, cybersecurity, security management, homeland security, information security, or related discipline AND Five (5+) plus years post-graduation work experience within the electric utility industry or a NERC related regulator

Work experience for all levels must be an emphasis on North American NERC Reliability Standards (USA and/or Canada) supporting regulatory framework and processes around NERC Critical Infrastructure Protection (CIP) and Regional Entities

In-depth knowledge of implementing NERC CIP standards (002–013), audit preparation, evidence gathering, and mitigation planning

Designs and implements RBAC, ABAC, MFA, and privileged access management aligned with CIP-007 and CIP-005 requirements

Familiar with securing OT environment such EMS, SCADA, DCS, and other industrial control systems within the Bulk Electric System

Strong writing skills for creating security architecture diagrams, CIP evidence packages, procedures, and training materials

Works effectively with compliance, operations, IT, and engineering teams to align technical architecture with regulatory and business needs

Ability to travel to include potential international as needed

Ability to work onsite in a Guidehouse Office or Client Office location

Currently reside in the contiguous United States

Preferred

Preference will be given to candidates within reasonable driving distance of listed core Guidehouse Office or Client Office Location

Ensures integrity, availability, and confidentiality of data through metadata standards, classification, retention, and purging policies

Ability to design secure architectures that anticipate attack vectors, supported by playbooks and detection strategies

Experience in designing enterprise data models, data lakes, warehouses, and integration frameworks using structured and unstructured data

Deep understanding of NIST, ISO 27001, and CIS controls to architect secure systems and enforce security compliance

Proficient in securing data flows across AWS, Azure, and on-prem environments with encryption, IAM, and network segmentation

Specific working experience related to any of the following: Bulk Electric System (BES) and power systems, Electrical Reliability, NERC/FERC Enforcement or Auditing