Calpine Corporation is America's largest generator of electricity from natural gas and geothermal resources with operations in competitive power markets. Its fleet of 76 power plants in operation and one under construction represents nearly 26,000 megawatts of generation capacity. Through wholesale power operations and its retail businesses, Calpine serves customers in 22 states, Canada and Mexico. Its clean, efficient, modern and flexible fleet uses advanced technologies to generate power in a low-carbon and environmentally responsible manner.

The company was established on the premise that a strong commitment to the environment is inextricably linked to excellence in power generation and corporate responsibility. Since its founding in 1984, Calpine has led the power industry in its unwavering commitment to environmental stewardship. In addition, its renewable geothermal plants use steam generated deep below the earth's surface to produce clean, renewable electricity.

Job Summary (includes but is not limited to the following, other duties may be assigned)

The Information Technology/Operational Technology Advisor (IT/OT Advisor) will join the Governance, Risk and Compliance (GRC) Team to support and enhance Calpine's Information Security and Regulatory Compliance Programs. This will include but is not limited to; administration of regulatory compliance programs, ensuring adherence to policies, standards and procedures, control framework, and supporting cybersecurity and supply chain risk management efforts.

Job Responsibilities

• Administer IT/OT Compliance Programs including Transportation Security Administration (TSA) Guidelines & Directives, North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC-CIP), Sarbanes Oxley Act (SOX), Payment Card Industry - Data Security Standard (PCI-DSS), Data Security Agreement (DSA)
• Develop and update IT/OT policies and standards (as needed) to align with industry best practices and working knowledge of the following frameworks: NIST 800-53, NIST 800-171, NIST 800-82, ISO 27001, ISA 62443, COBIT, and PCI-DSS
• Ensure compliance with IT/OT policies, standards, and procedures by actively participating in both ongoing and ad-hoc initiatives
• Work with multiple business units, diverse workforce, company cultures, and external parties to accomplish department's mission
• Execute GRC controls with high-quality deliverables in both content and presentation
• Independently prioritize and manage responsibilities across multiple projects and work streams
• Use independent judgment, analytical procedures, in-depth evaluation techniques to resolve complex issues, and escalate unresolved issues in a timely manner
• Perform risk assessments to evaluate the implementation of new technologies or significant changes to existing technologies and architecture designs
• Assess cybersecurity risks of IT/OT infrastructure, technologies, and operational processes
• Maintain security awareness and knowledge of current changes within legal, regulatory, and technology environments, which may affect operations
• Establish and maintain professional relationship with peers and leaders within the Company
• Ensure senior management and staff are informed of any issues, changes, and updates in a timely manner
• Maintain membership in appropriate professional organizations and publications
• Attend meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable

Job Requirements

• Must have legal authorization to work in the US on a full-time basis for anyone other than current employer
• Minimum of Ten (10) years of hands-on technical experience in IT/OT GRC related positions
• Bachelor's Degree or equivalent
• Strong verbal and written communication skills and the ability to interact professionally with diverse groups, executives, managers, and subject matter experts
• Experience with administering IT/OT compliance programs for TSA Security Directives, NERC-CIP, SOX, PCI, and DSA
• Experience with GRC systems and issues/risks tracker
• Ability to research, analyze, and resolve complex problems with minimal supervision
• Ability to balance project work with day-to-day administrative tasks in a highly dynamic business environment
• Knowledge of IT/OT control frameworks (NIST 800-53, NIST 800-171, NIST 800-82, ISO 27001, ISA 62443, PCI-DSS, COBIT), along with security principles and tactics
• Applicable Certifications: All preferred but not required depending on experience/background
• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Systems Auditor)
• CISM (Certified Information Security Manager)

Additional Calpine Information

• Vaccination Information: Calpine requires an individual who is newly hired into this position to be vaccinated for COVID-19 within the first 28 days of employment - if not already vaccinated prior to starting employment. If you have any concerns regarding compliance with this requirement, you will need to discuss your concerns with Calpine's HR department after a decision has been made about whether or not to make you a conditional offer of employment. Calpine does not require applicants to discuss vaccination status prior to receipt of a conditional offer of employment and complies with all applicable laws requiring reasonable accommodation.
• Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.
• Calpine is committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment and need special assistance or an accommodation to use our website or to apply for a position, please send an e-mail with your request to . Determination on requests for reasonable accommodation are made on case-by-case basis.

Please view Equal Employment Opportunity Posters provided by OFCCP here