Energy Threat and Analysis Center (ETAC) Security Advisor

Energy Threat and Analysis Center (ETAC) Security Advisor,
Electricity Information Sharing and Analysis Center (E-ISAC)

Our Company
The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC develops and enforces Reliability Standards; annually assesses seasonal and long-term reliability; monitors the bulk power system through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United States,
Canada, and the northern portion of Baja California, Mexico. NERC is the Electric Reliability Organization
(ERO) for North America, subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada. NERC's jurisdiction includes users, owners, and operators of the bulk power system, which serves nearly 400 million people.

Our Mission
The vision for the Electric Reliability Organization Enterprise, which is comprised of NERC and the six
Regional Entities, is a highly reliable and secure North American bulk power system. Our mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. The mission of the E-ISAC is to reduce cyber and physical security risk to the North American electricity industry by providing unique insights, leadership, and collaboration.

Your Impact
The ETAC Security Advisor is a member of the E-ISAC Intelligence Group and will serve as the primary liaison supporting the Department of Energy’s (DOE) Energy Threat and Analysis Center (ETAC) and the
Department of Homeland Security Cybersecurity Infrastructure Security Agency (DHS CISA) Joint Cyber
Defense Collaborative (JCDC). This position will support a critical national security public-private partnership, coordinate intelligence and operational issues, and provide expertise and context for electricity production, delivery, and monitoring and control. The successful security advisor will be a strong cross-functional collaborator and self-starter that will collaborate with industry and government partners. This role reports to the E-ISAC Director, Intelligence and will be based in Denver, CO.

Your Responsibilities & Qualifications

Responsibilities

• Identify, analyze, and coordinate information sharing and analysis activities by ensuring timely and actionable collaboration between the E-ISAC and strategic partners in support of the energy threat analysis center inside the planned JCDC.
• Serve as the E-ISAC’s primary liaison within the ETAC and facilitate the stand up of the center, including contributions to the development of policies and procedures.

• Support US Government agencies and assist management of cyber and physical risk to the nation's critical infrastructure.
• Coordinate and collaborate cross-functionally on Information Technology (IT) and Operational

Technology (OT) classified and unclassified physical and cyber threat reporting with ETAC partners.(This duty does not require a complete understanding of industry security practices, but an ability to understand and apply security concepts to potentially impacted systems.)

• Produce regular, topical information security intelligence and mitigation information in an actionable format. Familiarity with modern Threat Intelligence Platforms (TIP), Security Incident and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR) concepts and software is desired.
• Maintain an ability to quickly gain an understanding of electronic security perimeters to ensure adequate defense in depth design across enterprise systems. Maintain a basic understanding of common industrial control system (ICS) technologies, relationship between IT/OT, and related security controls and issues.
• Identify intelligence-driven research opportunities based on threats to the energy sector, and coordinate with ETAC partners and national laboratories on their development and execution.
• Coordinate closely with the E-ISAC cyber threat intelligence team, physical security team, watch operations – as well as other members of the watch staff.
• Support the development of methods to programmatically measure systemic and residual electric sector security risk.
• All other duties as assigned.

Qualifications

• A bachelor’s degree in one or more related technical fields (e.g., power engineering or computer science); additional graduate and postgraduate work in business or law is desired.
• A minimum of 10 years directly related full-time industry technical experience in operations or cybersecurity is required; experience with both fields, and experience gained working for transmission and distribution utilities, are strongly desired.
• Eligibility for Top Secret security clearance, and Q and SCI access is required; an active TS/SCI clearance with CI Polygraph is strongly desired.
• Proficiency in the principles and practical applications of cybersecurity in both information technology and industrial control systems environments, incident handling and response, crisis management, and law enforcement operations and investigations.
• Exceptional verbal and written communications skills, with experience clearly explaining complex issues to audiences ranging from senior executive to hands-on technicians.
• Advanced proficiency in the organizational structures and operations of the U.S. Intelligence Community and international equivalents.

• Demonstrated leadership, project management, and consensus building skills.

Other

• Background check will be conducted prior to employment.
• In compliance with federal law, all persons hired are required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
• The position is based in Denver, CO and is classified as a virtual employee. While a virtual classification, a job requirement is CO residency. Relocation assistance is available. The ETAC

Security Advisor must be able to travel to NERC and E-ISAC offices, and member organizations as required. Reimbursement of travel expenses will be in accordance with the company’s travel and expense reimbursement policies.

• Travel (25%) necessary: passport required for travel, primarily throughout North America.

Our Culture Declarations

• Everyone at NERC is a leader.
• We are accountable personally and organizationally to deliver on commitments.
• We develop ourselves and people in the organization to ensure that NERC realizes its strategic objectives.
• We are resilient and adaptable to the challenges and needs of the business/people.
• We exude a growth mindset and empower teams to take risks.
• Build collaborative relationships within NERC, the ERO, and the stakeholders of NERC.
• We exemplify NERC cultural behaviors:
• Reward, high-quality, creative, and innovative work;
• Attract, engage, and retain top talent;
• Value and respect diverse perspectives;
• Provide a safe, inclusive, and collaborative work environment; and
• Form strong relationships within the company, and with the ERO Enterprise.
• We demonstrate curiosity in a wide variety of areas and are open to exploring new situations, knowledge and opportunities for growth and development.
• We demonstrate an anticipatory mindset; preventing problems, and building contingencies where appropriate.
• We are champions for diversity and inclusion. Seeks out and values diverse perspectives.

Job Type: Full-time

Pay: $140,000.00 - $150,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Flexible schedule
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Relocation assistance
• Tuition reimbursement
• Vision insurance

Schedule:

• Monday to Friday

Supplemental Pay:

• Bonus pay

COVID-19 considerations:
All employees of NERC, regardless of role classification, are required to either be fully vaccinated or provide results from weekly testing as per the NERC COVID-19 Vaccination, Testing, and Face Covering Policy.

Ability to commute/relocate:

• Denver, CO: Reliably commute or willing to relocate with an employer-provided relocation package (Required)

Work Location: One location