Principal Cybersecurity Compliance Analyst

Principal Cybersecurity Compliance Analyst What You Will Do GFT is looking for a Principal Cybersecurity Compliance Analyst to join our Security and Safety team in Northern California. This hybrid role requires regular attendance at our client’s office. Responsibilities Lead and support the development, implementation, and continuous improvement of governance, risk, and compliance (GRC) programs aligned with FERC ( D2SI SPHP Section 9 ) and NERC CIP standards for PG&E’s power generation assets.

Develop, maintain, and operationalize policies, procedures, standards, and guidelines to meet regulatory requirements and industry best practices. Conduct compliance gap assessments, risk analyses, and control testing for cybersecurity and OT systems. Prepare and maintain audit‑ready documentation, including compliance narratives, evidence repositories, and records retention practices.

Coordinate and support internal and external audits, including NERC Regional Entity audits, spot checks, and self-certifications. Collaborate with cybersecurity, IT, OT, engineering, legal, and enterprise risk teams to align compliance requirements with business operations. Serve as a liaison between technical teams and compliance leadership to translate regulatory requirements into actionable controls.

Track compliance metrics, risks, and issues; prepare reports and dashboards for leadership. Monitor regulatory developments, FERC and NERC standards changes, and enforcement trends. Support compliance training and awareness efforts for internal stakeholders.

Assist in the integration of compliance controls into operational and cybersecurity processes. Participate in mock audits, tabletop exercises, and incident response planning. Required Qualifications Bachelor’s degree in cybersecurity, information systems, engineering, business, or a related field.

Minimum of 10 years of relevant experience in the power utility industry, with a focus on governance, risk, and compliance (GRC), cybersecurity, or operational technology. Deep working knowledge of NERC CIP standards and the FERC regulatory environment. Direct experience supporting NERC CIP audits (self-certifications, spot checks, or enforcement actions).

Experience with compliance documentation, evidence collection, and audit support. Familiarity with electric utility operations, OT environments, or IC/SCADA systems. Strong analytical, organizational, and technical writing skills.

Excellent communication and interpersonal skills, with the ability to work independently and collaboratively. Certification from a recognized risk, governance, or cybersecurity organization (e.g., CISSP, CISM, RIMS-CRMP, or equivalent) required. Preferred Qualifications Experience in the energy sector, particularly power generation or utilities.

PMP certification. Familiarity with SCADA/ICS systems and processes. Knowledge of related frameworks (e.g., NIST CSF, NIST SP 800-53, ISO 27001).

Experience in project management, including scope, schedule, and budget tracking. Involvement in professional organizations or industry committees. Compensation The salary range for this role is $150,000 – $200,000.

Salary is dependent upon experience and geographic location. Benefits Hybrid (in-person and remote) work environment. Comprehensive benefits package including wellness programs, parental leave, pet insurance, medical, dental, vision, disability, and life insurance.

Tax‑deferred 401(k) savings plan. Competitive paid‑time‑off (PTO) accrual. Tuition reimbursement for continued education.

Commitment to professional development, access to internal and external training programs, and support of active participation in professional organizations. Incentive compensation for eligible positions. Location Sacramento, CA; Roseville, CA; Oakland, CA Equal Opportunity Employer All qualified candidates will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veterans’ status, or other characteristics protected by law.

Background Check All advertised positions will require the successful completion of a criminal background check. #J-18808-Ljbffr