GFT is seeking a Principal Cybersecurity Compliance Analyst to join our Security and Safety team in Northern Califonria! This role follows a hybrid work model, requiring regular attendance at our client's office.
What you’ll be challenged to do:As a Principal Cybersecurity Compliance Analyst, you will support critical compliance initiatives across a client’s generation assets. This role will focus on ensuring adherence to regulatory requirements, internal cybersecurity standards, and industry best practices. The ideal candidate will have a proven track record of managing compliance projects within highly regulated environments, particularly in the energy or utilities sector.
In this capacity, the successful candidate will be responsible for the following:
- Lead and support the development, implementation, and continuous improvement of governance, risk, and compliance (GRC) programs aligned with FERC (D2SI SPHP Section 9) and NERC CIP standards for PG&E’s power generation assets.
- Develop, maintain, and operationalize policies, procedures, standards, and guidelines to meet regulatory requirements and industry best practices.
- Conduct compliance gap assessments, risk analyses, and control testing for cybersecurity and OT systems.
- Prepare and maintain audit-ready documentation, including compliance narratives, evidence repositories, and records retention practices.
- Coordinate and support internal and external audits, including NERC Regional Entity audits, spot checks, and self-certifications.
- Collaborate with cybersecurity, IT, OT, engineering, legal, and enterprise risk teams to align compliance requirements with business operations.
- Serve as a liaison between technical teams and compliance leadership to translate regulatory requirements into actionable controls.
- Track compliance metrics, risks, and issues; prepare reports and dashboards for leadership.
- Monitor regulatory developments, FERC and NERC standards changes, and enforcement trends.
- Support compliance training and awareness efforts for internal stakeholders.
- Assist in the integration of compliance controls into operational and cybersecurity processes.
- Participate in mock audits, tabletop exercises, and incident response planning.
What you will bring to our firm:
- Bachelor’s degree in cybersecurity, information systems, engineering, business, or a related field.
- Minimum of 10 years of relevant experience in the power utility industry, with a focus on governance, risk, and compliance (GRC), cybersecurity, or operational technology.
- Deep working knowledge of NERC CIP standards and the FERC regulatory environment.
- Direct experience supporting NERC CIP audits (self-certifications, spot checks, or enforcement actions).
- Experience with compliance documentation, evidence collection, and audit support.
- Familiarity with electric utility operations, OT environments, or ICS/SCADA systems.
- Strong analytical, organizational, and technical writing skills.
- Excellent communication and interpersonal skills, with the ability to work independently and collaboratively.
- Certification from a recognized risk, governance, or cybersecurity organization (e.g., CISSP, CISM, RIMS-CRMP, or equivalent) required
What we prefer you bring:
- Experience in the energy sector, particularly power generation or utilities.
- PMP certification
- Familiarity with SCADA/ICS systems and processes.
- Knowledge of related frameworks (e.g., NIST CSF, NIST SP 800-53, ISO 27001).
- Experience in project management, including scope, schedule, and budget tracking.
- Involvement in professional organizations or industry committees.
Compensation:The salary range for this role is $150,000 - $200,000. Salary is dependent upon experience and geographic location.
Featured Benefits: • Hybrid (in-person and remote) work environment.• Comprehensive benefits package including wellness programs, parental leave, and pet insurance, in addition to medical, dental, vision, disability, and life insurance.• Tax-deferred 401(k) savings plan.• Competitive paid-time-off (PTO) accrual.• Tuition reimbursement for continued education.• Commitment to professional development, access to internal and external training programs, and support of active participation in professional organizations• Incentive compensation for eligible positions.
Location: Sacramento, CA; Roseville, CA; Oakland, CACore Business Hours: 8:00 AM – 5:00 PMEmployment Status: Full-Time
#LI-hybrid
#LI-KV1
