Principal Cybersecurity Compliance Analyst

				Responsibilities:

GFT is seeking a Principal Cybersecurity Compliance Analyst to join our Security and Safety team in Northern Califonria! This role follows a hybrid work model, requiring regular attendance at our client's office.

What you'll be challenged to do:
As a Principal Cybersecurity Compliance Analyst, you will support critical compliance initiatives across a client's generation assets. This role will focus on ensuring adherence to regulatory requirements, internal cybersecurity standards, and industry best practices. The ideal candidate will have a proven track record of managing compliance projects within highly regulated environments, particularly in the energy or utilities sector.

In this capacity, the successful candidate will be responsible for the following: 

* Lead and support the development, implementation, and continuous improvement of governance, risk, and compliance (GRC) programs aligned with FERC (D2SI SPHP Section 9) and NERC CIP standards for PG&E's power generation assets.
* Develop, maintain, and operationalize policies, procedures, standards, and guidelines to meet regulatory requirements and industry best practices.
* Conduct compliance gap assessments, risk analyses, and control testing for cybersecurity and OT systems.
* Prepare and maintain audit-ready documentation, including compliance narratives, evidence repositories, and records retention practices.
* Coordinate and support internal and external audits, including NERC Regional Entity audits, spot checks, and self-certifications.
* Collaborate with cybersecurity, IT, OT, engineering, legal, and enterprise risk teams to align compliance requirements with business operations.
* Serve as a liaison between technical teams and compliance leadership to translate regulatory requirements into actionable controls.
* Track compliance metrics, risks, and issues; prepare reports and dashboards for leadership.
* Monitor regulatory developments, FERC and NERC standards changes, and enforcement trends.
* Support compliance training and awareness efforts for internal stakeholders.
* Assist in the integration of compliance controls into operational and cybersecurity processes.
* Participate in mock audits, tabletop exercises, and incident response planning.

Qualifications:

What you will bring to our firm: 

* Bachelor's degree in cybersecurity, information systems, engineering, business, or a related field.
* Minimum of 10 years of relevant experience in the power utility industry, with a focus on governance, risk, and compliance (GRC), cybersecurity, or operational technology.
* Deep working knowledge of NERC CIP standards and the FERC regulatory environment.
* Direct experience supporting NERC CIP audits (self-certifications, spot checks, or enforcement actions).
* Experience with compliance documentation, evidence collection, and audit support.
* Familiarity with electric utility operations, OT environments, or ICS/SCADA systems.
* Strong analytical, organizational, and technical writing skills.
* Excellent communication and interpersonal skills, with the ability to work independently and collaboratively.
* Certification from a recognized risk, governance, or cybersecurity organization (e.g., CISSP, CISM, RIMS-CRMP, or equivalent) required

What we prefer you bring: 

* Experience in the energy sector, particularly power generation or utilities.
* PMP certification
* Familiarity with SCADA/ICS systems and processes.
* Knowledge of related frameworks (e.g., NIST CSF, NIST SP 800-53, ISO 27001).
* Experience in project management, including scope, schedule, and budget tracking.
* Involvement in professional organizations or industry committees.

Compensation:
The salary range for this role is $150,000 - $200,000. Salary is dependent upon experience and geographic location.
 
Featured Benefits: 

*  Hybrid (in-person and remote) work environment.

*  Comprehensive benefits package including wellness programs, parental leave, and pet insurance, in addition to medical, dental, vision, disability, and life insurance.

*  Tax-deferred 401(k) savings plan.

*  Competitive paid-time-off (PTO) accrual.

*  Tuition reimbursement for continued education.

*  Commitment to professional development, access to internal and external training programs, and support of active participation in professional organizations

*  Incentive compensation for eligible positions.
			

Apply

Share this job:

Share this Job

View company profile

GFT

Connect To Our Company