Job description

Requisition ID # 145298

Job Category: Information Technology
Job Level: Individual Contributor
Business Unit: Information Technology
Work Type: Hybrid
Job Location: Oakland; Alameda; Alta; Angels C& Antioch; Auberry; Auburn; Avenal; Avila Beach; Bakersfield; Balch C& Bear Valley; Belden; Bellota; Belmont; Benicia; Berkeley; Brentwood; Brisbane; Buellton; Burney; Buttonwillow; Calistoga; Campbell; Canyon Dam; Canyondam; Capitola; Caruthers; Chico; Clearlake; Clovis; Coalinga; Colusa; Concord; Concord; Corcoran; Cottonwood; Cupertino; Daly City; Danville; Davis; Dinuba; Downieville; Dublin; Emeryville; Eureka; Fairfield; Folsom; Fort Bragg; Fortuna; Fremont; French C& Fresno; Fresno; Fulton; Garberville; Geyserville; Gilroy; Goodyear; Grass Valley; Guerneville; Half Moon Bay; Hayward; Hinkley; Hollister; Holt; Houston; Huron; Jackson; Kerman; King City; Lakeport; Lemoore; Lincoln; Linden; Livermore; Lodi; Loomis; Los Banos; Lower Lake; Madera; Magalia; Manteca; Manton; Mariposa; Martell; Marysville; Maxwell; Menlo Park; Merced; Meridian; Millbrae; Milpitas; Modesto; Monterey; Montgomery Creek; Morgan Hill; Morro Bay; Moss Landing; Mountain View; Napa; Needles; Newark; Newman; Novato; Oakdale; Oakhurst; Oakley; Olema; Orinda; Orland; Oroville; Palo Alto; Palo Cedro; Paradise; Parkwood; Paso Robles; Petaluma; Pioneer; Pismo Beach; Pittsburg; Placerville; Pleasant Hill; Point Arena; Potter Valley; Quincy; Rancho Cordova; Red Bluff; Redding; Richmond; Ridgecrest; Rio Vista; Rocklin; Roseville; Round Mountain; Sacramento; Salinas; San Bruno; San Carlos; San Francisco; San Francisco; San Jose; San Luis Obispo; San Mateo; San Rafael; San Ramon; San Ramon; Sanger; Santa Cruz; Santa Maria; Santa Nella; Santa Rosa; Selma; Shaver Lake; Sonoma; Sonora; South San Francisco; Springville; Stockton; Storrie; Taft; Tracy; Turlock; Twain; Ukiah; Vacaville; Vallejo; Walnut Creek; Wasco; Washington; Watsonville; West Sacramento; Wheatland; Whitmore; Willits; Willow Creek; Willows; Windsor; Winters; Woodland; Yuba City

Department Overview

The PG&E Cybersecurity organization is a dynamic group of security professionals, working to protect our critical assets, highest risks, adapting and growing to meet the challenges from ever-evolving adversaries. The Cybersecurity Risk Management department within the boarder organization focuses on identifying risks, helping partners reduce or mitigate risks, developing initiatives to protect PG&E from cyber-attacks, and engaging with other stakeholders to continually improve PG&E’s security posture. The department provides governance and direction of initiatives to safeguard PG&E’s cyber-assets, working hand in hand with key partners, as well as technical and engineering experts in PG&E’s lines of business. The department performs projects, vendor, and production systems risk assessments to ensure PG&E deploys and manages technology platforms that meet our security standards and regulatory requirements.

Position Summary

The Expert Risk Consultant will oversee the Cybersecurity Business Risk Management program as a strategic partner for the OT Critical Infrastructure. This position will engage with the PG&E Enterprise Risk organization, and collaborate with other Cybersecurity teams, key stakeholders, and experts in the lines of business to identify threats, create strategies to better protect technology assets, and deploy technologies and processes to put those strategies into action. Acts as an advisor/facilitator providing a single point of contact that connects each OT Critical Infrastructure lines of business and its cybersecurity partners to evaluate and mitigate risks.

This role will provide recommendations on strategic decision making during the planning stages in supporting both the core security functions and business initiatives. As a result, influencing the LOBs on improving the cybersecurity program’s maturity by encouraging collaboration, ensuring relevant requirements, and delivering strategic improvements to manage LOB-specific security risks.

The position is hybrid, working from your remote office in CA and your assigned work location based on business need. The assigned work location will be within the PG&E Service Territory.

PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of the job posting. This compensation range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience, market value, geographic location, and internal equity. This job is also eligible to participate in PG&E’s discretionary incentive compensation programs.

A reasonable salary range is: ​

California Minimum: $​123,000
California Maximum: $​197,000

Core Responsibilities

Strategy Program Engagement:
Contribute to the security vision and strategy, for the design, development, and implementation of cybersecurity risk management for one or more lines of business.
Participate in planning discussions with the business to contribute and advise the evaluation of portfolio risks to frontload security activities and provide guidance early in the SDLC to help meet security, privacy, and regulatory requirements as a byproduct of system design.
Influence cybersecurity as an essential business requirement and align with business initiatives to cyber-attack prevention and mitigation strategies to minimize cybersecurity risks.

Risk Management:
Contribute to the management of cybersecurity risks across the OT critical infrastructure LOB.
Conduct risk evaluations, enabling the identification and evaluation of cyber-attack risks to systems and services.
Support the development and implementation of processes to ensure visibility and management of a complete portfolio to cybersecurity risk.
Facilitate and consult in the risk mitigation strategies with the business to support compliancy of findings.

Collaboration:
Engaging as strategic partners to build trust and relationships with PG&E’s lines of business to identify, assess, prioritize, and mitigate cybersecurity risks.
Partners with privacy, compliance, and cybersecurity to ensure synergy and that processes are standardized, and best practices are established and maintained consistently across the organization.
Collaborate on key security tasks, incident management, threat modeling, vulnerability management, third party assessments, and facilitate transparency on upcoming cybersecurity initiatives.

Security Awareness:
Focus on driving behavior changes by influencing the business and functional leaders on operationalization of security policies, security standards, configuration baselines and information sharing of threat intelligence.

Security Posture Reporting :
Provides awareness of the security posture of the business and influence strategic decisions to address high risk areas and exception practice reduction.
Advises on opportunities for enhancements and ensuring risks are defined and monitored to improve the security posture.
Shifting the behavior and mindset to adopt and exercise a more secure practice within operations, decision making and vendor engagement.
Discuss cybersecurity deficiency and advise in remediation efforts and alignment with standards.

Qualifications

Minimum :
B.A. /B.S. degree or equivalent work experience in computer science, business management, Information Technology or related field or equivalent education/experience
6 years of relevant technical experience

Desired:
Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA)
Experience with enterprise security in a complex, multi-platform environment including SCADA, ICS, and other complex technology platforms
Experience with regulatory requirements (NERC-CIP, SOX, FCC, SB 1386/1746, etc.)
Utility industry and/or operational technology experience strongly preferred
Cyber/information security management policies, procedures, regulations and governance processes, Information Systems/Network Security, System Security Analysis, Information Assurance Compliance
Risk management techniques and methodology, technological trends and developments in cyber/information security, systems/software development, engineering, integration, testing and evaluation and operating systems
Mastery of Cybersecurity best practices and standards (e.g., NIST, ISO, etc.)
Mastery of computer networking concepts and protocols, and network security methodologies
Mastery of cloud security concepts, including experience with public cloud (e.g., AWS, Microsoft Azure, etc.) and implementation experience

Knowledge, Skill, Abilities, Competencies:
Excellent interpersonal skills, including teamwork, facilitation, and negotiation
Collaborative, able to work cross- functionally; possessing the ability to forge relationships and partner effectively
Resourceful and self-motivated, able to work independently when required
Ability to communicate and convey complex IT/OT technical security related concepts to business and technology teams
Excellent planning, organizational and project management skills; detail and process-oriented; able to juggle multiple priorities in a fast- paced environment
Ability to influence both cyber and business organizations effectively without formal authority, along with establishing and maintaining an elevated level of customer trust and confidence
Excellent written and verbal communication skills, including the ability to give presentations and translate complex technical issues and/or concepts in business relatable language
Ability to think strategically to unite security strategy with business objectives to continuously improve the security posture rather than chase a singular objective
Understanding of the business impact of security tools, technologies, and policies
Excellent communication with executives rising above the technical implications and be able to speak in the context of business objectives and risks that are impacted
Expert and broad knowledge of information security concepts and strategy, including the ability to relate cybersecurity to business goals
Excellent problem solving and analytical skills
Proficiency in the technical aspects of cyber security that spans a wide breadth of experience across various domains
High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
Expert understanding of security risk assessment methodology and risk analysis frameworks

gatheringourvoice.org is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, gatheringourvoice.org provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, gatheringourvoice.org is the ideal place to find your next job.