Role Description NERC seeks a mission-focused individual who wants to make a difference by supporting the reliability of the North American electric grid. The Senior CIP Assurance Advisor is primarily responsible for providing oversight, guidance, and coordination in managing programs and processes to monitor, review, and evaluate program effectiveness of the ERO Enterprise implementation of risk-based compliance monitoring and adherence to the NERC Rules of Procedure, Compliance Monitoring and Enforcement Program, Certification Program, and approved delegation agreements. The Senior CIP Assurance Advisor may also support development, implementation, and oversight of the Certification Program for Reliability Coordinators, Balancing Authorities, and Transmission Operators. In addition, the Senior CIP Assurance Advisor also develops and delivers outreach and training related to risk-based compliance monitoring, certification, as well as compliance guidance implementation. This position reports to the Manager, Compliance Assurance and Certification. - Provide cyber subject matter expertise related to virtualization, cloud-based technologies, risk management, and internal controls. - Evaluate cloud architectures to ensure alignment with security, performance, scalability, and regulatory requirements. - Identify and recommend remediation of cloud‑related risks through control assessments and continuous monitoring activities. - Support compliance monitoring engagements of virtualized environments against security and regulatory requirements (NERC CIP Standards). - Plan, develop, and manage audit‑based compliance assurance activities and audit plans to support a risk‑based compliance monitoring and certification program. - Execute regulatory audit oversight processes to evaluate Regional Entity compliance with NERC Rules of Procedure and delegation agreements. - Identify, develop, and effectively deliver cyber security training and outreach. - Provide leadership with recommendations to improve the regional compliance oversight program. - Identify opportunities and assist in the ongoing development and improvement of NERC compliance monitoring and enforcement program. - Drive successful project execution by proactively managing schedules, identifying and mitigating risks, and overseeing effective change management. - Conduct Compliance Assurance activities in adherence to NERC Rules of Procedure. - Collect and analyze data to detect deficient controls and noncompliance with NERC rules and agreements. - Other duties as assigned. Qualifications - A Bachelor’s Degree from an accredited four-year college or university, or equivalent experience. - At least five years of progressive and successful experience leading cyber security projects, teams, and/or initiatives in a technically and operationally complex business/organization. - At least three years’ experience in virtualization and cloud-based technologies. - Experience in auditing, internal controls, enterprise risk management, and related governance, risk and control (GRC) frameworks and standards. - Project management and analytical experience. - Ability to work independently in a fast-paced environment with minimal direct supervision. - Competence in interpersonal communications, with the ability to interact diplomatically with people from many levels of industry and government. - Excellent oral and written communication skills, including editing and proofreading skills. - Proficiency in using Microsoft Office tools including Word, Outlook, Excel, and PowerPoint. - Demonstrated group facilitation skills. - Ability and willingness to travel regularly. Requirements - Knowledge of the NERC Rules of Procedure, NERC Compliance Monitoring and Enforcement Program, and NERC Reliability Standards. - Prior experience in regulatory compliance oversight and enforcement within a recognized industry, government, or government-authorized agency, especially in conducting performance audits or analysis of program effectiveness of government agency operations (e.g., GAO or other federal or state-level equivalent experience). - One or more of the following, or related, professional certifications: Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Cloud Security Professional (CCSP). - A master’s degree in a related field. - At least five years of technical cybersecurity experience, preferably around virtualization and cloud-based technologies, and in the electricity sector, utility industry, or industrial control system environment. - Working knowledge in the critical infrastructure protection of the Bulk Electric System and supporting technologies. - Advanced knowledge and application of professional auditing standards and principles, such as COSO, GAGAS, and IIA. - Program design or procedure writing skills. Other - A background check will be conducted prior to employment. - In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire. - This position has been classified as exempt. - The position may be based remotely but must be able to travel to NERC offices or meeting locations if needed. Reimbursement of travel expenses will be in accordance with the company’s travel and expense reimbursement policies. Our Culture Declarations - Everyone at NERC is a leader. - We are accountable personally and organizationally to deliver on commitments. - We develop ourselves and people in the organization to ensure that NERC realizes its strategic objectives. - We are resilient and adaptable to the challenges and needs of the business and our team. - We exude a growth mindset and empower teams to take risks. - We build collaborative relationships within NERC, the ERO, and the stakeholders of NERC. - We exemplify NERC cultural behaviors: - Reward high-quality, creative, and innovative work. - Attract, engage, and retain top talent. - Value and respect diverse perspectives. - Provide a safe, inclusive, and collaborative work environment. - Form strong relationships within the company, and with the ERO Enterprise. - We demonstrate curiosity in a wide variety of areas and are open to exploring new situations, knowledge, and opportunities for growth and development. - We demonstrate an anticipatory mindset, preventing problems and building contingencies where appropriate. - We are champions for diversity and inclusion, seeking out and valuing diverse perspectives. - We value well-being, prioritizing collaboration, engagement, and connection among our team.

• Plan, test, and write reports for cyber security training labs • Review iterative content development plans • Analyse industry trends and standards regarding tooling and techniques and incorporate that as quality improvement • Interact with content developers to improve the quality of labs being released • Support and interact with the community on content releases

• Perform manual testing on web and mobile applications to ensure a seamless user experience. • Perform API tests and automation using Postman. • Creating and maintaining Postman documentation. • Create and execute automated regression, functional, performance, and API tests. • Develop and execute detailed test plans, test cases, and test scripts. • Document and report bugs, working closely with developers to resolve issues. • Ensure feature compliance by validating product requirements against test results. • Identify edge cases, inconsistencies, and performance issues. • Work with cross-functional teams to improve software quality throughout the development lifecycle. • Provide clear and structured feedback to enhance product functionality and user experience. • Maintain test documentation and contribute to quality assurance best practices.

• Design and execute comprehensive test plans for new features, covering functional, regression, edge case, and end-to-end scenarios. • Perform exploratory testing to uncover issues that scripted tests miss. • Participate in release cycles, validating builds before they go live and coordinating sign-off with engineers and PMs. • Build and maintain automated end-to-end test suites using Playwright and TypeScript. • Integrate automated tests into CI/CD pipelines to enforce quality gates on every merge. • Validate backend APIs using Postman or equivalent tools. • Use SQL queries to verify data correctness and integrity at the database level. • Test payment flows, subscription state transitions, and billing logic end-to-end. • Document bugs with precise, clear reproduction steps, environment details, logs, and screenshots. • Prioritize issues by severity and impact, communicating urgently when critical paths are affected. • Contribute to defining and evolving QA processes, standards, and tooling across the team. • Maintain living test documentation that stays in sync with the product.