Job Description
About the position Maintain extensive knowledge of NRC regulation 10CFR73.54 and associated documents. Develop, implement and maintain program procedures, processes and tools. Lead the development of interpretations of Standards and guidance documents to produce unambiguous descriptions of compliance obligations for internal stakeholders and summarize impact for company executives. Ensure required documentation to evidence compliance is accurate and effective. Facilitate internal and external audit activities.
Investigate variances and escalate when needed. Perform root cause analysis in instances of non-compliance. Design and manage corrective action plans. Exercise critical thinking and problem solving to research and document processes supporting applicable regulations. Responsibilities • Perform assigned duties with high degree of accuracy and consistency. • Accurately interpret regulations and design processes that inherently result in compliance behavior and evidence without adding undue administrative burden to plant staff.
• Monitor stakeholder control performance and provide guidance as needed to ensure adequate evidence of compliance. • Identify opportunities for efficiency and automation that contemplate the unique challenges associated with ICS and prioritize system reliability. • Facilitate efforts to prepare, coordinate and submit materials responsive to regulatory reporting requirements, internal and external audits and other Requests For Information. • Maintain compliance tool health and effectiveness. Requirements • 5-7 years experience in cyber security, cyber security compliance or nuclear power plant operations • Requires a strong understanding and working knowledge of the following: 10CFR73.54, 10CFR73.77, NEI 08-09, NEI 13-10, NEI 15-09, NIST 800-53 • Exceptional reading comprehension and written communication skills • Demonstrated experience working across multiple organizations (IT, Engineering, I&C Maintenance, Regulatory Affairs, Operations, Security, etc.) • Capabilities and/or knowledge of cyber security controls relating to operating systems, firewalls, IDS, hardening, access control, authentication, anti-virus, patching, change management, virtualization, backups, storage and disaster recovery Nice-to-haves • Hands-on experience managing infrastructure for generating plants preferred • Digital Design Qualification • Incident Response Training (e.g., SANS, InfoSec Institute) • Professional certification (e.g., CISSP, CISM, CISA) Apply tot his job