The Risk Assessment and Mitigation Engineer is a highly regarded subject matter expert on control systems that are used to operate and monitor the Bulk Power System (BPS) and will use that knowledge to technically apply the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) security standards. The Risk Assessment and Mitigation Engineer analyzes the technical facts and circumstances associated with potential noncompliances to determine the risk they present to the reliability and security of the BPS, and works with Registered Entities (electric utilities) to implement mitigation plans. The Risk Assessment and Mitigation Engineer also reviews Bulk Power System (BPS) Events, such as Energy Management System (EMS) failures, loss of Inter-Control Center Protocol (ICCP) links, and non-convergence of State Estimator (SE) and Real-Time Contingency Analysis (RTCA) models.
The Risk Assessment and Mitigation Engineer serves as a technical Subject Matter Expert (SME) for MRO, providing control system expertise to other departments as well as Registered Entities regarding specific system configurations and evidence adequacy for compliance with the CIP standards. The Risk Assessment and Mitigation Engineer participates in North American-wide discussions with colleagues from NERC and other Regional Entities regarding the technical application of the CIP Standards, and delivers presentations at workshops, webinars, and conferences regarding the application of the CIP Standards to control systems, generation facilities, and substations.
The Risk Assessment and Mitigation Engineer must be able to lead a wide variety of analytical evaluations of technical difficulty and critical importance, and to exhibit independent expertise.
Decisions include independent and authoritative evaluation of: (a) compliance discovery records of entities with reliability standards; (b) entity mitigation plans to correct noncompliances; (c) acceptable entity settlements for correction of violations; (d) investigations of system events; and, (e) comprehensive tracking of process steps, evidence, reports, and activities. The Risk Assessment and Mitigation Engineer works directly with registrants in order to obtain additional information pertaining to a noncompliance, as well as additional information requested by NERC staff, NERC Board of Trustees, and regulators.
Bachelors/Master's Degree in Electrical Engineering. Extensive directly related experience may be considered in lieu of engineering degree. Emphasis in analyzing and understanding system risk such as power systems operations, substation environments, communication systems, and SCADA systems.
Knowledge and Abilities/Skills: