Principal Cybersecurity Compliance Analyst

What You Will Do:

GFT is seeking a Principal Cybersecurity Compliance Analyst to join our Security and Safety team in Northern Califonria! This role follows a hybrid work model, requiring regular attendance at our client's office.

What you’ll be challenged to do:
As a Principal Cybersecurity Compliance Analyst, you will support critical compliance initiatives across a client’s generation assets. This role will focus on ensuring adherence to regulatory requirements, internal cybersecurity standards, and industry best practices. The ideal candidate will have a proven track record of managing compliance projects within highly regulated environments, particularly in the energy or utilities sector.

In this capacity, the successful candidate will be responsible for the following:

• Lead and support the development, implementation, and continuous improvement of governance, risk, and compliance (GRC) programs aligned with FERC (D2SI SPHP Section 9) and NERC CIP standards for PG&E’s power generation assets.
• Develop, maintain, and operationalize policies, procedures, standards, and guidelines to meet regulatory requirements and industry best practices.
• Conduct compliance gap assessments, risk analyses, and control testing for cybersecurity and OT systems.
• Prepare and maintain audit-ready documentation, including compliance narratives, evidence repositories, and records retention practices.
• Coordinate and support internal and external audits, including NERC Regional Entity audits, spot checks, and self-certifications.
• Collaborate with cybersecurity, IT, OT, engineering, legal, and enterprise risk teams to align compliance requirements with business operations.
• Serve as a liaison between technical teams and compliance leadership to translate regulatory requirements into actionable controls.
• Track compliance metrics, risks, and issues; prepare reports and dashboards for leadership.
• Monitor regulatory developments, FERC and NERC standards changes, and enforcement trends.
• Support compliance training and awareness efforts for internal stakeholders.
• Assist in the integration of compliance controls into operational and cybersecurity processes.
• Participate in mock audits, tabletop exercises, and incident response planning.

Education | Experience: What you will bring to our firm:

• Bachelor’s degree in cybersecurity, information systems, engineering, business, or a related field.
• Minimum of 10 years of relevant experience in the power utility industry, with a focus on governance, risk, and compliance (GRC), cybersecurity, or operational technology.
• Deep working knowledge of NERC CIP standards and the FERC regulatory environment.
• Direct experience supporting NERC CIP audits (self-certifications, spot checks, or enforcement actions).
• Experience with compliance documentation, evidence collection, and audit support.
• Familiarity with electric utility operations, OT environments, or ICS/SCADA systems.
• Strong analytical, organizational, and technical writing skills.
• Excellent communication and interpersonal skills, with the ability to work independently and collaboratively.
• Certification from a recognized risk, governance, or cybersecurity organization (e.g., CISSP, CISM, RIMS-CRMP, or equivalent) required

What we prefer you bring:

• Experience in the energy sector, particularly power generation or utilities.
• PMP certification
• Familiarity with SCADA/ICS systems and processes.
• Knowledge of related frameworks (e.g., NIST CSF, NIST SP 800-53, ISO 27001).
• Experience in project management, including scope, schedule, and budget tracking.
• Involvement in professional organizations or industry committees.

Compensation: The salary range for this role is $150,000 - $200,000. Salary is dependent upon experience and geographic location. Featured Benefits: • Hybrid (in-person and remote) work environment. • Comprehensive benefits package including wellness programs, parental leave, and pet insurance, in addition to medical, dental, vision, disability, and life insurance. • Tax-deferred 401(k) savings plan. • Competitive paid-time-off (PTO) accrual. • Tuition reimbursement for continued education. • Commitment to professional development, access to internal and external training programs, and support of active participation in professional organizations • Incentive compensation for eligible positions. Company Overview:

At GFT, a privately held AEC firm, we innovate where transportation, water, power, and buildings converge. We call this the Infrastructure of Life. We measure our success by the strength of our relationships – that’s why we’re the employer of choice for 5,000+ of the industry’s brightest engineers, planners, architects, inspectors, designers, and more.

Our clients choose us for our expertise and prefer us for our nimble approach, creativity, and personal touch. Backed by over a century’s experience, together we’re building a lasting legacy for future generations: stronger communities, a healthier planet, and better lives.

GFT: Ingenuity That Shapes Lives™ is an Equal Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veterans’ status or other characteristics protected by law.

Unsolicited resumes from third party agencies will be considered the property GFT.

GFT does require the successful completion of a criminal background check for all advertised positions.

Location: Sacramento, CA; Roseville, CA; Oakland, CA
Core Business Hours: 8:00 AM – 5:00 PM
Employment Status: Full-Time

Applicants in the County of Los Angeles- Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

Applicants in the City of San Francisco- Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Applicants in the State of California -Qualified applications with arrest or conviction records will be considered for employment in accordance with the California Fair Chance Act.

#LI-hybrid

#LI-KV1