JOB DESCRIPTION
I. IDENTIFICATION
A. Title: Compliance Network Administrator
B. Department: Network Engineering
C. Reports To: Manager of Network Engineering
II. OBJECTIVES
This position will be responsible for providing the specialized technical skills and knowledge for the design, implementation, upgrade, configuration, and maintenance of the various enterprise hardware and software in VEA’s industrial control systems to ensure compliance with Critical Infrastructure Protection (CIP) standards and other technical compliance requirements of VEA.
This position participates in the technical research and development required for the continuing innovation of VEA’s network infrastructure and compliance program.
III. KEY RESPONSIBILITIES
a. Implement VEA’s CIP compliance program by completing and documenting VEA’s established cyber security processes, including patch management, configuration change management, vulnerability assessments, account management, and cyber security incident response.
b. Coordinate with other VEA employees in completing and documenting compliance tasks.
c. Ensure uptime, performance and security of mission-critical servers, applications, databases, storage systems, network switches, firewalls, and appliances by tracking completion of compliance activities and other best practices.
d. Document and manage processes for system patching, replacements, upgrades, improvements and additions.
e. Develop and maintain accurate drawings and documentation depicting current network
architecture.
f. Monitor cyber security systems, performance and resources. Secure and maintain network security to be proactive against malicious inside and outside threats.
g. Assist with defining and implementing VEA CIP compliance and IT protocols/policies,
procedures, and best practices.
h. Gather and submit data and evidence needed to demonstrate VEA compliance with CIP and other cyber security standards.
i. Assist with defining strategies to identify and improve information security implementations as it relates to the network, systems, devices, and access for regulatory and compliance requirements.
j. Assist and participate in audits, mock audits, and self-certifications for CIP compliance.
k. Attend NERC and Regional Entity regulator meetings related to CIP and disseminate reports to VEA departments.
l. Provide support in fulfilling VEA’s contracted compliance obligations, including preparing reports, documentation, and data related to CIP on behalf of other entities.
The duties and key responsibilities listed herein are not the only ones the employee can be required to perform. The employee is expected to perform other tasks, duties and training as instructed by the manager.
IV. AUTHORITIES AND ACCOUNTABILITY
a. The Compliance Network Administrator shall have full authority to carry out the responsibilities and duties of this position in conformity with established policies and procedures.
b. The Compliance Network Administrator is accountable to VEA management for the efficient performance of these responsibilities and that, although some of these responsibilities may be assigned to another person, the accountability for the successful completion of these responsibilities cannot be.
c. The Compliance Network Administrator is required to use initiative and judgment in making decisions, remembering that VEA’s best interest will be affected.
d. The Compliance Network Administrator will be expected to make suggestions for the
improvement of operations and efficiency.
e. The Compliance Network Administrator shall secure the approval of the Manager of Network Engineering or the Director of Network Engineering and Telecommunications in making decisions when policies are not clear or require interpretation.
V. RELATIONSHIPS
Employee will communicate, collaborate, and cooperate with colleagues, customers, and vendors.
Inside the Organization:
a. The position reports directly to the Manager of Network Engineering.
b. The position will work with the Compliance, Telecom, and SCADA departments for the
responsibilities described in Section III of this document.
c. There is no reporting responsibility to the CIP Network Administrator.
Outside the Organization:
a. Outside Consultants: Compliance and security consultants.
b. Other companies and organizations: GridLiance West TransCo, NERC, WECC, CAISO,
adjacent utilities such as NVE, WAPA, SCE, and NNSS, other reliability entities.
VI. SPECIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty
satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.
Education/Experience: A bachelor’s degree in Information Technology or related discipline with a minimum of 4 years’ experience, with 2 of those years of experience with networking architecture, server hardware and operating systems including, but not limited to: domain controllers, servers, security appliances, or a combination of education and experience that would satisfy the requirements of this position. Experience with SCADA systems preferred.
Job Knowledge: Must be proficient in the utilization of the following: Windows Server operating systems, Active Directory Administration, Microsoft SQL Server administration, , Fortinet firewalls and switches, TCP/IP Networking, Disaster Recovery planning and strategies, network security, simple and advanced routing including OSPF, Spanning Tree, VLANs, and ACLs. Must be willing to attend continuing education courses as required.
Risk Assessment: This position requires access to certain secure assets and information. As a result, individuals in this position must be able to successfully pass a Personnel Risk Assessment every seven years, as required by the North American Electric Reliability Corporation (NERC) CIP standards.
Abilities and Skills: Must be skilled in human relations to effectively carry out the responsibilities of the job. Must possess good oral and written communications skills to be able to effectively communicate with others. Must have the ability to handle a variety of diverse tasks and organize work to meet deadlines. Must be skilled at project management and team leadership. Must be proficient in the use of personal computers. Must have the ability to solve practical problems and deal with a variety of variables in situations where only limited standardization exists. Must possess advanced troubleshooting skills.
Working Conditions/Work Environment: Performing the duties of this job will require many hours of sedentary work. Work will be performed indoors in a climate controlled environment with minimal noise levels. Responsibilities sometimes require after-hours evenings and weekend work, sometimes with little or no advanced notice. Occasional travel may be required for the performance of normal daily duties or external training requirements.
Physical and Mental Requirements: While performing the duties of this job, the employee is regularly required and must have the ability to sit, handle, or feel objects, tools, or controls; reach with hands and arms; and talk and hear. The employee must have the ability to remain stationary and also physically move throughout the campus. Specific vision abilities required by this job include the ability to view items close and in the distance, peripheral vision, depth perception, and the ability to adjust focus. The employee must have the ability to exercise good judgment in tense situations, exercise flexibility to decision making, obey instructions promptly, maintain attention and concentration, interact effectively and appropriately with the member, employees and
management.
Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of this position.
#LI-RW1
#MAT