Cyber Security Engineer - Compliance jobs in United States
cer-icon
Apply on Employer Site
company-logo

VELCO - Vermont Electric Power Company · 22 hours ago

Cyber Security Engineer - Compliance

positionRutland, VT
timeFull-time
remoteHybrid
seniorityMid Level
money$68K/yr - $95K/yr

VELCO is the nation’s first statewide, transmission-only company, managing the safe and reliable transmission of electric power throughout Vermont. The Cyber Security Engineer - Compliance will be responsible for ensuring compliance with NERC CIP standards and NIST frameworks, enhancing the organization’s cybersecurity posture and supporting the secure operation of critical infrastructure.

Electrical DistributionEnergy
check
Growth OpportunitiesbadNo H1Bnote

Responsibilities

Regulatory & Business Compliance: Track compliance with NERC CIP standards (e.g., CIP-002 through CIP-014) and NIST frameworks (e.g., NIST 800-53, NIST CSF) for the protection of infrastructure & data
Risk Assessments: Catalog and document risk assessment findings for substations, control centers, and OT systems that will automate remediation and/or creation of compliance artifacts
Policy Lifecycle and Management: Integrate compliance policy requirements, procedures, and controls into digital workflows supporting subject matter experts with business processes and compliance artifacts
Audits and Reporting: Prepare for and support NERC CIP audit subject matter experts, including evidence collection, documentation, and response to audit findings
Awareness: Collaborate with NERC Compliance and Information Security to ensure adherence to current and future NERC CIP and NIST regulation/requirements, fostering a culture resilient to regulatory change
Incident Response: Collaborate with Information Security to scribe, document, and track the lifecycle of cybersecurity incidents, ensuring compliance with incident reporting obligations
System Monitoring: Monitor & correct the operational health of compliance data acquisition systems to ensure data quality and time bound accuracy
Continuous Improvement: Stay updated on evolving NERC CIP and NIST standards, recommending improvements to enhance compliance and security posture
Other duties as assigned

Qualification

NERC CIP standardsNIST frameworksRisk assessment methodologiesSQL Query languagesInformation Security frameworksGovernance riskCompliance toolsAnalytical skillsProblem-solving skillsCommunication skillsProject management skills

Required

A Bachelor's degree in Computer Science, Cyber Security or related technical discipline
Equivalent work experience considered
Having relevant security certifications or the ability to obtain GIAC GCIP and/or GIAC GCCC is expected
A Master's degree may be substituted for some experience
Direct experience with NERC CIP standards and NIST frameworks
Strong understanding of Information Security frameworks
Proficiency with SQL Query languages
Demonstrated ability to securely create and manage scripts for data acquisition
Proficiency in risk assessment methodologies and cybersecurity tools
Excellent analytical, problem-solving, and documentation skills
Ability to communicate complex technical concepts to technical and semi-technical stakeholders
Ability to plan and complete multiple, diverse tasks and meet challenging deadlines
Able to clearly present complex technical information to committees, management, external regulators and industry associations

Preferred

Familiarity with OT systems (e.g., SCADA, PLCs) and utility operations
Familiarity with networking technologies, operating systems, regular expressions, and API/Script based data acquisition methods
Experience with Tripwire Enterprise, Sigma Flow Beacon, or governance risk and compliance (GRC) tools with workflow and ability to dynamically retrieve data
A functional understanding of API and scripted data retrieval across various technologies
Knowledge of OT networks, and traditional on-premises/utility infrastructure
Strong analytical, problem-solving skills, and project management skills
Superior verbal and written communication skills
Ability to interact effectively and professionally with a diverse group of employees throughout the organization
A desire to pursue training and certifications in information security & operational technologies as they evolve

Benefits

Comprehensive benefits
Generous paid time off
Incentive compensation (bonus) potential

Company

VELCO - Vermont Electric Power Company

twittertwittertwitter
company-logo
VELCO is Vermont’s statewide electric transmission provider whose sights are set on creating a sustainable Vermont through our people, assets, relationships and operating model.
dateFounded in 1956
location
Rutland, Vermont, USA
people-size51-200 employees
web-link
https://www.velco.com/

Funding

Current Stage
Growth Stage
Total Funding
$1.01M
Key Investors
U.S. Department of Energy Office of Electricity
2024-07-09Grant· $1.01M

Leadership Team

leader-logo
Thomas Dunn
President and Chief Executive Officer
linkedin
leader-logo
Kerrick Johnson
Chief Innovation and Communications Officer
linkedin

Recent News

vermontbiz.com
Governor appoints Colin Owyang as Superior Court Judge
2025-09-30
Business Insider
Utilities are tiptoeing into AI as climate change and data center growth add stress to the energy grid
2025-07-04
vermontbiz.com
UVM’s RISE Summit returns to spark university-community partnerships
2025-06-04
Company data provided by crunchbase