Skip Ribbon Commands
Skip to main content

Position Title

Risk Assessment and Mitigation Engineer (NERC CIP)

Reports To

VP of Risk Assessment, Mitigation, and Standards


St Paul, MN

Posted Date


Position Summary

​The Risk Assessment and Mitigation Engineer is a highly regarded subject matter expert on control systems that are used to operate and monitor the Bulk Power System (BPS) and will use that knowledge to technically apply the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) security standards. The Risk Assessment and Mitigation Engineer analyzes the technical facts and circumstances associated with potential noncompliances to determine the risk they present to the reliability and security of the BPS, and works with Registered Entities (electric utilities) to implement mitigation plans.  The Risk Assessment and Mitigation Engineer also reviews Bulk Power System (BPS) Events, such as Energy Management System (EMS) failures, loss of Inter-Control Center Protocol (ICCP) links, and non-convergence of State Estimator (SE) and Real-Time Contingency Analysis (RTCA) models.

The Risk Assessment and Mitigation Engineer serves as a technical Subject Matter Expert (SME) for MRO, providing control system expertise to other departments as well as Registered Entities regarding specific system configurations and evidence adequacy for compliance with the CIP standards.  The Risk Assessment and Mitigation Engineer participates in North American-wide discussions with colleagues from NERC and other Regional Entities regarding the technical application of the CIP Standards, and delivers presentations at workshops, webinars, and conferences regarding the application of the CIP Standards to control systems, generation facilities, and substations.

The Risk Assessment and Mitigation Engineer must be able to lead a wide variety of analytical evaluations of technical difficulty and critical importance, and to exhibit independent expertise.  

Primary Responsibilities

Decisions include independent and authoritative evaluation of:  (a) compliance discovery records of entities with reliability standards; (b) entity mitigation plans to correct noncompliances; (c) acceptable entity settlements for correction of violations; (d) investigations of system events; and, (e) comprehensive tracking of process steps, evidence, reports, and activities.  The Risk Assessment and Mitigation Engineer works directly with registrants in order to obtain additional information pertaining to a noncompliance, as well as additional information requested by NERC staff, NERC Board of Trustees, and regulators.

Key responsibilities:

  1. Technically evaluate the facts and circumstances for possible noncompliances to determine the risk presented to the reliability and security of the BPS.
  2. Work directly with Registered Entities to obtain necessary information to support analyses, and to develop mitigation plans.
  3. Review and validate completion of mitigation plans as submitted by registrants.
  4. Reviews BPS Events from a compliance perspective.
  5. Assists with Inherent Risk Assessments (IRAs)of entities used to develop risk-based compliance monitoring plans, particularly in the area of transmission and generation control systems, and substation networks.
  6. Assists with the development of outreach materials to assist Registered Entities in the implementation of CIP requirements.
  7. Coordinate and assure records are in order for enforcement activities.
  8. May perform other duties related to the CMEP, as assigned or required.
  9. Coordinate with Standards drafting teams on improvements to standards.



Bachelors/Master's Degree in Electrical Engineering.  Extensive directly related experience may be considered in lieu of engineering degree. Emphasis in analyzing and understanding system risk such as power systems operations, substation environments, communication systems, and SCADA systems.


  • Knowledge of cybersecurity frameworks such as NIST and NERC CIP Standards is highly desirable
  • Experience managing complex projects is helpful
  • Negotiation skills
  • Consensus-building facilitation skills are essential
  • Relevant technical industry experience in at least one, and preferably multiple, of the following areas:
    1. EMS design, administration, and configuration,
    2. DCS (Distributed Control System) design, administration, and configuration in a power system generation environment,
    3. Network design, administration, and configuration,
    4. Real-time power system operations,
    5. Configuration of Intelligent Electronic Devices (IEDs) such as protective relays, Remote Terminal Units (RTUs), and Programmable Logic Controllers (PLCs) in a substation environment.

Knowledge and Abilities/Skills:

  1. Technical knowledge of factors involved in protection and control of the BPS, and the networks that support those systems.  Must possess a high degree of professional competence and skill; a working knowledge of power system operation and security principles.  Must demonstrate knowledge of the electric industry, electric power generation, transmission, and power system reliability.
  2. Ability to execute a wide range of complex analyses, reports, and investigations concerning the configuration and security of control systems used in power system control centers, substations, and generation facilities.
  3. Ability to conduct extensive investigations or reviews of events and complaints, determination of noncompliance with reliability standards, evaluation of mitigation plans.
  4. Ability to effectively present research, findings, and recommendations; both orally and in writing, to a diverse audience of technical and non-technical professionals.
  5. Ability to provide clear, comprehensive reports and present findings and recommendations to a diverse audience of professionals and non-professionals.
  6. Ability to work effectively in teams and to facilitate consensus-building among participants in the region.

Downloadable Job Posting

Risk Assessment and Mitigation Engineer (NERC CIP)