It/ot Advisor

Calpine Corporation is America's largest generator of electricity from natural gas and geothermal resources with operations in competitive power markets. Its fleet of 76 power plants in operation and one under construction represents nearly 26,000 megawatts of generation capacity. Through wholesale power operations and its retail businesses, Calpine serves customers in 22 states, Canada and Mexico. Its clean, efficient, modern and flexible fleet uses advanced technologies to generate power in a low-carbon and environmentally responsible manner.

The company was established on the premise that a strong commitment to the environment is inextricably linked to excellence in power generation and corporate responsibility. Since its founding in 1984, Calpine has led the power industry in its unwavering commitment to environmental stewardship. In addition, its renewable geothermal plants use steam generated deep below the earth's surface to produce clean, renewable electricity.

**Job Summary (includes but is not limited to the following, other duties may be assigned)**

The Information Technology/Operational Technology Advisor (IT/OT Advisor) will join the Governance, Risk and Compliance (GRC) Team to support and enhance Calpine’s Information Security and Regulatory Compliance Programs. This will include but is not limited to; administration of regulatory compliance programs, ensuring adherence to policies, standards and procedures, control framework, and supporting cybersecurity and supply chain risk management efforts.

**Responsibilities**:

- Administer IT/OT Compliance Programs including Transportation Security Administration (TSA) Guidelines & Directives, North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC-CIP), Sarbanes Oxley Act (SOX), Payment Card Industry - Data Security Standard (PCI-DSS), Data Security Agreement (DSA)
- Develop and update IT/OT policies and standards (as needed) to align with industry best practices and working knowledge of the following frameworks: NIST 800-53, NIST 800-171, NIST 800-82, ISO 27001, ISA 62443, COBIT, and PCI-DSS
- Ensure compliance with IT/OT policies, standards, and procedures by actively participating in both ongoing and ad-hoc initiatives
- Work with multiple business units, diverse workforce, company cultures, and external parties to accomplish department’s mission
- Execute GRC controls with high-quality deliverables in both content and presentation
- Independently prioritize and manage responsibilities across multiple projects and work streams
- Use independent judgment, analytical procedures, in-depth evaluation techniques to resolve complex issues, and escalate unresolved issues in a timely manner
- Perform risk assessments to evaluate the implementation of new technologies or significant changes to existing technologies and architecture designs
- Assess cybersecurity risks of IT/OT infrastructure, technologies, and operational processes
- Maintain security awareness and knowledge of current changes within legal, regulatory, and technology environments, which may affect operations
- Establish and maintain professional relationship with peers and leaders within the Company
- Ensure senior management and staff are informed of any issues, changes, and updates in a timely manner
- Maintain membership in appropriate professional organizations and publications
- Attend meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable

**Job Requirements**
- Must have legal authorization to work in the US on a full-time basis for anyone other than current employer
- Minimum of Ten (10) years of hands-on technical experience in IT/OT GRC related positions
- Bachelor’s Degree or equivalent
- Experience with administering IT/OT compliance programs for TSA Security Directives, NERC-CIP, SOX, PCI, and DSA
- Experience with GRC systems and issues/risks tracker
- Ability to research, analyze, and resolve complex problems with mínimal supervision
- Ability to balance project work with day-to-day administrative tasks in a highly dynamic business environment
- Knowledge of IT/OT control frameworks (NIST 800-53, NIST 800-171, NIST 800-82, ISO 27001, ISA 62443, PCI-DSS, COBIT), along with security principles and tactics
- Applicable Certifications: All preferred but not required depending on experience/background
- CISSP (Certified Information Systems Security Professional)
- CISA (Certified Information Systems Auditor)
- CISM (Certified Information Security Manager)

**Additional Calpine Information**
- **Vaccination Information**: Calpine requires an individual who is newly hired into this position to be vaccinated for COVID-19 within the first 28 days of employment - if not already vaccinated prior to starting employment. If you have any concerns regarding compliance with this requirement, you will need to discuss your concerns with Calpine’s HR department after a decision has