My core work as an O&P auditor is reviewing registered entity documentation for compliance with NERC reliability standards. I sometimes tour registered entity control centers, substations, and transmission lines with a team of auditors and the registered entity. In addition to compliance, the audit team looks at registered entity processes and tries to provide recommendations for best practices for operations, planning, protection systems and associated maintenance activities. I love to participate on cross-functional teams within RF, which allows continual learning as well as contributions to process improvements. Auditors also have opportunities to work on cross-functional teams with NERC and other Regional Entities.
One of the things I love most about my job as an O&P auditor is the variation in the day-to-day activities, as well as the company's role in helping to ensure the continued reliability of the Bulk Electric System.
There is never a dull moment working as a Critical Infrastructure Protection (CIP) Auditor at ReliabilityFirst (RF)! Some people would probably assume that auditing would just be repetitive and tedious tasks, but what makes my job different is the “why" and ever-changing threat landscape that cybersecurity brings with it. Cybersecurity auditing is constantly adapting to an ever-changing and ever-present threat landscape that is a real risk to the wellbeing and way of life of Americans who depend on electricity and other forms of critical infrastructure to maintain their current lifestyles. That “why" is what really keeps me motivated to do my very best on each engagement and helps keep my days exciting and fun.
Thanks to the flexibility offered at RF, my average day starts with a cup of coffee working from the comfort of my home office most days of the week. The day can consist of anything from reviewing firewall configuration files to physical security plans at a control center to ensure that an entity is meeting their compliance objectives. The team may also be reviewing other aspects of cybersecurity such as vendor access, incident response, patch management, remote access, or various other standard-related requirements to ensure they are maintaining compliance. Working with the companies we regulate to help them reach their highest potential when it comes to keeping the grid secure is one of the best parts of working at RF. It can be challenging at times, but helping them see we are all on the same team and all working toward the same objective helps to build trust and reach our mutual goals. I am also a member of the Diversity, Equity and Inclusion Committee and the lead for the Staff Advisory Committee here at RF, so those are a few other meetings I may be attending. And one of the best parts of my workday is simply working with my CIP Compliance teammates. We spend a lot of time at work and it is so important to me to have such a healthy and positive work culture – it really is one of the best aspects of the job!
I have been with ReliabilityFirst for eight years. Overall, my days usually include a nice mixture of meetings, research, entity outreach, internal discussions and drafting. Generally, my day breaks down into three categories of work. The biggest category is working on resolving violations of NERC Reliability Standards, which includes reviewing and building case files, sending requests for information and evidence, reviewing documents submitted by Registered Entities, meeting with Subject Matter Experts to help assess the risk of violations and drafting all necessary legal documents. The second category includes meetings and communications with Registered Entities (compliance contacts, in-house attorneys, outside attorneys, etc.) to discuss the status of their violations. The third category includes performing a variety of general legal tasks including contract review, support of compliance staff in reviews/audits/investigations where legal consult or intervention may be appropriate, interacting with NERC and FERC enforcement and legal staff, and other research and writing responsibilities.
I am fortunate to work on a small, strong, adaptable and collaborative team. We are always looking out for each other and working together to make sure we achieve our goals. Overall, ReliabilityFirst has a family-focused culture that you would be hard-pressed to find elsewhere. Work-life balance is preached and practiced here, and it is truly a friendly culture.