Job Details

Governance & Cybersecurity Compliance Specialist - Cyber Security (Multiple Locations)

Burns & McDonnell
Saint Louis, Missouri, United States
Burns & McDonnell assists electric power industry clients by providing comprehensive cyber security compliance program solutions. We are looking for governance & cybersecurity compliance consultants, with an emphasis on critical infrastructure regulatory standards and framework, that are forward thinking in our field, enjoy helping others succeed, and will be responsible for the design and implementation of compliance programs that provide protection of people, information, facilities, and other critical assets for our clients.
The position of Governance & Cybersecurity Compliance Specialist will have the responsibility for contributing to the strategy development, implementation, administration, and operation of governance strategies, cybersecurity frameworks, and perspective compliance programs at perspective client sites with a focus on regulatory and cybersecurity standards. This position will be an experienced industry professional in cybersecurity best practices, control systems, and NIST, ISA/IEC, NERC standard compliance controls including the self-auditing of regulatory standards. This position will be responsible for reinforcing all levels of system security/compliance program support by designing and enhancing ongoing compliance programs for perspective clients consistent with industry best practices to ensure compliance with governance & cybersecurity standards.
  • Develop, coordinate, and implement Bulk Electric System compliance programs (including policies, procedures, and documentation) to comply with the applicable mandatory and enforceable governance & cybersecurity Standards.
  • Coordinate reliability activities by participating in FERC, NERC or other Regional Entity regulatory forums; coordinating, evaluating and reviewing regulatory documents impacting client's assets and reliability activities; analyzing client's position, filings, and other documents; weighing the impact of certain actions by client; Preparing correspondence, opinions and presentations outlining client's position within area of responsibility.
  • Provide staff training on regulatory requirements, cybersecurity best practices and operational impacts of those requirements.
  • Participate comprehensive on-site and off-site audits of Registered Entities in compliance with industry compliance standards, with an emphasis on previous auditing experience.
  • Advise clients on best practices in managing compliance monitoring and enforcement activities relevant to the critical infrastructure sector
  • Evaluate client internal controls and processes to determine effectiveness and efficiency with respect to managing risk and compliance
  • Participate in investigations into potential violations and make determinations of alleged violations of regulatory standards.
  • Coordinate projects related to compliance activities ensuring that the scope, budget, schedule, and quality, etc. meets the client's needs.
  • Coordinate with client departments, staff, and members to achieve goals and provide direction on compliance activities while promoting a culture of compliance and security
  • Review energy market regulatory/security/compliance publications to keep apprised of new developments.
  • Travel to various client facilities as needed to review processes, records, participate in audits, consult with staff, etc.
  • Maintain job knowledge to ensure expertise on critical infrastructure sector standards and requirements
  • Develop and maintain effective relationships with existing and potential clients, customers, and contractors in order to develop business.
  • Ensure compliance with company and site safety policies.
  • All other duties as assigned.

  • Bachelor's degree from an accredited curriculum in engineering, cyber security, computer science or related field - cyber security degree preferred but is not required.
  • Minimum of 3 years related experience in the electric industry in the areas of cyber security, regulatory compliance, power plant operations, transmission operations, asset management, or risk management. Additional applicable years of experience may be considered in lieu of degree requirement.
  • Must have ability to deal effectively with a wide variety of industry, government, and public contracts on project-related matters.
  • Demonstrated knowledge and understanding of industry standards with an emphasis on cybersecurity standards.
  • Demonstrated knowledge and understanding of core cyber security principles and best practices
  • Proven understanding of power utility operations. Experience with either transmission facilities or power generation plant operations preferable.
  • Knowledge and experience in risk management and internal controls preferred.
  • Ability to read, analyze and interpret common engineering and technical journals, financial reports, and legal documents.
  • Proven knowledge of Microsoft SharePoint, Excel, Word, PowerPoint, Visio, and Project software and working knowledge of power plant control systems, SCADA systems.
  • Excellent written and verbal communication skills for presenting both technical and non-technical information are required.
  • Ability to effectively prioritize tasks in a fast-paced and high-pressure environment.
  • Proven self-starter with the ability to work effectively in a team environment as well as individually on complex work assignments
  • Experience with corporate policies and procedures and/or technical writing skills.
  • Strong analytical and problem-solving skills.
  • High attention to detail.
  • Travel for site work is estimated to average 25-50% yearly.

Send application

Mail this job to me so I can apply later

Apply With CV

You are not logged in. If you have an account, log in to your account. If you do not have an account, why not sign up? It only takes a minute!

latest videos

Upcoming Events