Senior Cyber Security Analyst at NORTHEAST POWER COORDINATING – New York

Under the direction of the Manager, Security Outreach, the Senior Cybersecurity Analyst – Infrastructure Security & Outreach is responsible for advancing cybersecurity initiatives that protect critical energy infrastructure from evolving threats, while fostering collaboration and information sharing among member organizations, industry partners, and government stakeholders.

This role supports the protection of the international, interconnected bulk power system in Northeastern North America by providing leadership, technical expertise, and program management in cyber security with a focus on Operational Technology (OT), Information Technology (IT), and Critical Infrastructure Protection (CIP).

The position works closely with NPCC members, NPCC registered entities, the ERO Enterprise, and external partners, including governmental agencies, local, state, federal and provincial law enforcement, and industry stakeholders to enhance information sharing, threat awareness, and security posture across North America.

Key Responsibilities

· Develop and drive the adoption of cybersecurity best practices and standards to mature and sustain IT/OT security risk management capabilities across member organizations.

· Lead and provide technical and analytical support and coordination of the NPCC Task Force on Infrastructure Security and Technology and its associated working groups activities.

· Promote collaboration between NPCC, its members/registered entities and industry partners through organizing workshops, briefings, and training programs to enhance cybersecurity awareness, readiness and response capabilities.

· Lead and support cybersecurity outreach and risk assessment initiatives, including entity assist visits, by researching relevant threats, developing awareness and risk mitigation materials, and engaging stakeholders to enhance overall security awareness and preparedness.

· Conducting regional risk assessments, analyzing emerging threats and vulnerabilities, supporting incident response coordination, and contributing to the development of security guidelines and frameworks.

· Strengthen proactive outreach, communications, relationships, and intelligence sharing with key regulatory, law enforcement, and government agencies across Northeastern North America.

· Monitor and support the NERC Reliability and Security Technical Committee and its subgroups’ cybersecurity-related activities, as required.

· Collaborate with the ERO Enterprise, NERC, E-ISAC, and other partners to promote information sharing and risk mitigation.

· Represent NPCC in the ERO Enterprise, regional and industry security initiatives and engagements, including Grid Security Conference, GridEx and other exercises.

· Monitor and analyze cyber threat intelligence from sources such as E-ISAC, DHS Cybersecurity and Infrastructure Security Agency (CISA), InfraGard, and other local, state, federal, provincial law enforcement and governmental agencies.

· Monitor and coordinate communication on relevant critical infrastructure protection industry activities, including CISA, FERC Rulings and Notice of Proposed Rulemakings, to provide prompt notification to NPCC members of emerging issues.

· Participate on applicable ERO Enterprise collaboration groups and work closely with various program areas within NPCC and with external stakeholders (NERC, FERC, etc.) to support NPCC, ERO Enterprise and industry studies, efforts, and activities.

· Perform other duties as assigned in support of the Reliability Services Program Areas in accordance with the NPCC Long-term strategy.

Required Qualifications

· Bachelor’s degree in Cybersecurity, Information Technology, Information Systems, Operational Technology, or a related field (or equivalent experience)

· 5-10 years of experience in cybersecurity, infrastructure security, or critical infrastructure environments (electric utility preferred)

· Experience with IT/OT security, risk management, and/or CIP related activities

· Strong understanding of cybersecurity principles, threat landscapes, and risk management strategies

· Excellent communication, analytical, and problem-solving skills

· Proven ability to develop and deliver training and outreach programs

Preferred Qualifications

· Strong knowledge of NERC CIP standards and regulatory frameworks

· Experience in OT/Industrial Control Systems (ICS) environments

· Familiarity with cybersecurity frameworks (e.g. NIST, CIS)

· Experience with cloud environments and secure communications architecture

· Knowledge of substation networks and protocols (e.g. IEC 61850/GOOSE)

· Familiarity with Artificial Intelligence Risk Management Framework (NIST AI RMF 1.0) or equivalent

· Professional certifications such as CISSP, CISM, CISA, or SANS certifications

· Government or industry security clearance (e.g. DHS or equivalent)

Skills and Abilities

· Excellent verbal and written communication skills

· Excellent interpersonal and conflict resolution skills

· Excellent organizational skills and attention to detail

· Strong analytical and problem-solving skills

· Strong supervisory and leadership skills

· Ability to work independently and collaboratively in a team environment

· Self-starter with the ability to manage multiple priorities, multitask effectively, and prioritize work in a fast-paced environment

· Proficient with Microsoft Office Suite or related software

Physical Demands

· Ability to sit for long periods of time, ability to communicate verbally, and in writing, and ability to handle long periods of screen time.

· Ability to work and travel within the U.S. and Canada

EEOC and Disclaimer

NPCC is an Equal Opportunity Employer. Employment, including the decision to hire, promote, discipline or discharge, will be solely based on competence, performance, and business needs. We prohibit discrimination on the basis of the individual’s actual or perceived disability, protected veteran status, race, color, sex, age, national origin, religion, sexual orientation, gender, gender identity, gender expression, genetic information, marital status, citizenship, domestic violence victim status, or any other status protected under federal, state or local law.

This job description is not intended to be all–inclusive, and the employee will also perform other reasonably related business duties as assigned by immediate supervisor and other management as required. This job description does not constitute a written or implied contract of employment.