Section Manager, OR ECC Critical Infrastructure Protection (CIP)

Job Info

Jul 1, 2018

100564

Posting Expiration Date: Aug 30, 2018

Schedule Type: Full-Time

Department: OR ECC

Section: CTRL CTR OPS Crit InfraProtect

Location: NY-Spring Valley-Spring Valley Operations Ctr

Job Description

Mission Statement

  • Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) employees are required to follow health, safety, and environmental policies, EEO, Standards of Business Conduct, and all other applicable company policy and procedures. We all share a responsibility to advance the company’s mission by excelling at our three corporate priorities – safety of our people and the public, operational excellence in all that we do, and ensuring the best possible customer experience.

Core Responsibilities

  • Responsible for direct supervision of O&Rs Critical Infrastructure Protection Program including evaluating the performance of direct reports and taking action to develop individual and group performance indicators.
  • Ensure that all the CIP requirements are met, as and when mandated, through the continuing development, revision, recommendation and implementation of operational strategies, budgets, technologies and required policies and procedures to meet NERC CIP requirements applicable to O&R assets and respond to real-time, specific, actionable threat information.
  • Responsible for sustaining compliance with new and developing versions of CIP Standards through review, analysis and/or providing appropriate recommendations in the NERC standards development stakeholder process.
  • Provide ongoing technical entity-specific risk analysis as well as assessment and recommendation for mitigation for the protection of applicable infrastructure. Risk analysis must provide the ability to identify, assess, monitor and respond to cyber security-related risks and provide the organization with the information needed to make risk-based decisions. Approach must consider safety and reliability, privacy and data integrity, business continuity and reputation management.
  • Responsible for direct supervision and administrative support of the O&R ECC and ACC High Value Networks software and hardware utilized in support of the CIP Standards. Responsibilities include, but are not limited to, patching, antivirus, domain administration, networking, and hardware support, and including ensuring compliance with the BPU cyber security order and similar cyber security regulatory and/or corporate requirements.
  • Interface with designated organizations and departments at O&R and CECONY, with service vendors and contractors, and with appropriate regulatory bodies to achieve sustainable compliance with all CIP Standards requirements to secure the identified cyber assets and systems from threats that could attack, damage, or gain unauthorized access to networks, facilities, data or programs.
  • Interface with and participates in various working groups and committees as necessary. (e.g. Corporate cyber security team, DOE, NERC, NPCC, RF, PJM and NYISO sub-committees).
  • Conduct reviews, audits, tests and drills, as appropriate, of CIP compliance activities, processes and documented guidance in order to monitor and report on status of compliance.
  • In accordance with O&Rs established policies as well as the applicable CIP requirements, grant, change or revoke physical and/or electronic access to the Control Centers and BES Cyber Systems and critical cyber assets.
  • Maintains expert knowledge of new and emerging cyber security technology and plan for related technology implementations several years in the future. Acquire in-depth knowledge of new and emerging cyber security technologies and plan for technology implementation into the future.
  • Perform other related assignments, as required.

Required Education/Experience

  • Bachelor's Degree with 8 years of related work experience Or
  • Master's Degree with 6 years of related work experience.

Preferred Education/Experience

  • Degree in Electrical Engineering, Information Technology Systems, Computer Science, or Information Technology System Security

Required Work Experience

  • Related work experience includes any of the following areas: electric power system operations, IT and/or energy management systems. Required
  • Excellent oral and written communications skills are required. Required
  • Minimum of 3 years of prior supervisory and/or project management experience Preferred
  • Prior experience working with audits of utility operations and/or IT systems is a plus. Preferred
  • Thorough understanding of the regulatory structure of FERC, NERC, NPCC, RF Preferred
  • Demonstrated ability to lead initiatives across various organizations and in cross-functional teams, and communicate effectively with executives, peers and subordinates strongly preferred. Preferred
  • Fundamental knowledge of data networking is required. Familiarity with common client/server and typical Energy Management System applications a plus. A working knowledge of AIX/LINUX operating systems, security and system logging, Microsoft Active Directory as well as MS Office Suite products (Outlook, Word, Excel, Access, PowerPoint and Project) is strongly preferred. Preferred
  • Demonstrated leadership ability and proven track record of achieving sustainable results in managing IT projects and/or technology system implementation strongly preferred. Preferred
  • Experience, with increasing levels of responsibility, in electric operations, engineering, or Information Technology and Security is highly preferred. Preferred
  • Maintain a complete understanding of present NERC CIP standard requirements, measures and compliance reporting, quickly develop working knowledge of future revisions, and be the SME on these standards for O&R.
  • Should have knowledge of cyber security protections including security patching, antivirus, account management, firewall protections, and intrusion systems (IDS/IPS).
  • The ideal candidate for this position will have basic knowledge and understanding of power transmission, distribution and generation principles.

Licenses & Certifications

  • Driver's License Required
  • Other: Professional certification in Cyber Security Preferred

Other Physical Demands

  • Must be able to participate in the Companys emergency management processes and storm plans as required.
  • Candidate must be able to pass a Personnel Risk Assessment which includes training and a seven-year criminal background check prior to hiring.
  • Must be willing and available to be on call, work off-shifts, weekends, holidays and overtime, as operating and system conditions required.
  • Must have means, and ability to travel to various Company locations and to other companies, if required. Must be available to travel out-of-town for regulatory meetings and conferences within the US and Ca

Technical Difficulty Statement

Equal Opportunity Employer

  • Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) are equal opportunity employers. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of the individual’s actual or perceived disability, protected veteran status, race, color, creed, religion, sex, age, national origin, gender, gender identity, gender expression, genetic information, marital status, sexual orientation, citizenship, domestic violence victim status, or any other actual or perceived status protected by law.

SHARE: