[Remote] NERC CIP Virtualization Consultant
Note: The job is a remote job and is open to candidates in USA. Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. They are seeking an experienced NERC CIP Virtualization Consultant to support a large commercial enterprise in the energy sector on a critical compliance initiative, focusing on aligning virtualized Bulk Electric System Cyber Systems with NERC CIP standards. The role involves developing and updating policies, conducting awareness sessions, and serving as a subject matter expert on NERC CIP standards.
Responsibilities
- Review and update existing NERC CIP policies and procedures to reflect virtualization requirements under NERC Project 2016-02
- Develop new documentation for in-scope BES Cyber Systems across all project phases including design, build, and delivery
- Document technical and procedural requirements for virtualized environments supporting critical infrastructure
- Develop testing and evidence collection strategies to support CIP compliance audits
- Update Management Model documentation to reflect changes in processes and procedures
- Conduct awareness and education sessions to drive organizational understanding of CIP virtualization changes
- Leverage assessment tools such as Tripwire or AssurX to support gap analysis and ongoing compliance monitoring
- Collaborate with internal stakeholders across IT, OT, and compliance functions to socialize policy changes
- Serve as a subject matter expert on NERC CIP standards, providing technical and regulatory guidance to project teams
- Support engagement planning, analysis, and stakeholder coordination throughout all project phases
Skills
- 5+ years of experience with NERC Critical Infrastructure Protection (CIP) standards in an energy, utilities, or electric reliability context
- Demonstrated experience with virtualization technologies (e.g., VMware, Hyper-V, or equivalent) as applied to OT/ICS or BES Cyber Systems
- Experience developing, updating, and implementing cybersecurity policies and procedures in a regulated utility or energy environment
- Familiarity with NERC Project 2016-02 (Modifications to CIP Standards) and the regulatory context for CIP virtualization
- Ability to communicate complex technical and regulatory concepts to non-technical stakeholders
- Experience conducting or supporting NERC CIP compliance assessments, audits, or gap analyses
- Proficiency producing professional deliverables in Microsoft Word, PowerPoint, and Excel
- U.S. Citizenship or Permanent Residency (required per contract)
- Ability to work within the continental United States for the duration of the engagement
- Experience with Tripwire Enterprise or AssurX Quality Management/Regulatory Compliance software in a NERC CIP context
- Prior consulting or subcontracting experience in a multi-stakeholder energy sector engagement
- NERC CIP certification or formal NERC compliance training (e.g., through SERC, WECC, or NERC University)
- Familiarity with the BES Cyber System categorization process and associated protection requirements
- Experience with evidence collection and audit readiness for NERC CIP regional entity reviews
- Working knowledge of OT/SCADA environments and their intersection with CIP virtualization standards
- Prior experience transitioning from short-term compliance engagements to long-term regulatory support roles
Benefits
- Medical — Multiple POS health plan options including an HSA-compatible plan
- Dental — PPO coverage for preventive, basic, and major services
- Vision — Annual exam, frames, lenses, and contact lens allowance
- 401(k) — Employer match up to 5% of eligible compensation
- PTO — 15–25 days annually based on tenure, plus 16 hours of Floating PTO from day one
- Paid Federal Holidays — All 11 federal holidays observed
Company Overview