Expert Power Generation Cybersecurity Risk & Compliance Consultant- Flexible Location

Jobs at Pacific Gas And Electric Company•Oakland, CA

4d•Hybrid

About The Position

The PGen Risk, Compliance & Quality team is a governance and compliance team that supports the organization’s collective pursuit of a defensible compliance management framework to provide a network of critical traceability into the business’s control environment. The result enables governance and oversight of the business to verify necessary controls are in place to ensure PGen understands and manages its risks and operates in compliance with applicable laws, regulations, company objectives and goals. The Power Generation Cybersecurity Risk & Compliance Consultant reports to the PGen Risk, Compliance & Quality Senior Manager and is a significant contributor to the security vision and strategy, supporting the design, development, and implementation of cybersecurity risk management for one or more lines of business. This PGen Cyber Security Compliance role conducts cybersecurity risk assessments of systems and services to identify and evaluate cyber-attack risks. This position builds relationships with PG&E’s lines of business to identify, assess, prioritize, and mitigate cybersecurity risks, and contributes to the development, implementation, and optimization and governance of the PGen Cyber Security Program. The role also supports processes to ensure visibility and management of the PGen Security Program regarding cybersecurity risk across the lines of business, measures and manages cybersecurity risks, develops and implements risk mitigation strategies and contributes to the evaluation of the PGen Security Program with lines of business.

Requirements

B.A. /B.S. degree or equivalent work experience in computer science, business administration or other relevant field.
Minimum of 6 years of relevant technical experience.
Experience in a highly regulated field, such as military/defense, financial services, health care, utilities, etc.
Excellent interpersonal skills, including teamwork, facilitation and negotiation.
Collaborative, able to work cross- functionally; possessing the ability to forge relationships and partner effectively.
Resourceful and self-motivated, able to work independently when required.
Ability to communicate and convey complex IT/OT technical security related concepts to business and technology teams.
Excellent planning, organizational and project management skills; detail and process- oriented; able to juggle multiple priorities in a fast- paced environment.
Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms.
Expert and holistic understanding of information security concepts and strategy, including the ability to relate cybersecurity to business goals.
Expert understanding of risk assessment and risk analysis frameworks.

Nice To Haves

PG&E experience within the related line of business; or utility or industrial control experience.
Demonstrated knowledge of o Technological trends and developments in cyber/information security and the ICS security and threat environment.
Cybersecurity products and technology.
Hardware, operating systems, software, networks and facilities that make up infrastructure.
Systems/software development, engineering, integration, testing and evaluation.
Experience with enterprise cybersecurity in a complex, multi- platform environment including SCADA and other operational technology platforms.
Experience with regulatory requirements- NERC-CIP (North American Electric Reliability Corporation Critical Infrastructure Protection), SOX, FCC, SB 1386/1746, etc.
Experience with SmartMeter and SmartGrid architectures, technologies and standards.
CISSP, CISM, and/or CISA certification, or ability to obtain via self-study within one year of date of hire, other relevant IT or security certifications.

Responsibilities

Responsible for PGen’s Cyber Security Compliance Program including the associated Security related regulatory submittals.
Ensures systems and processes meet regulatory requirements as well as excellence standards.
Interpretation and application of applicable codes and regulations and educates PG&E employees and/or industry personnel.
Identifies and implements opportunities to improve company performance (quality, performance, human factors, financial, regulatory).
Represents PG&E at industry association, trade committee and inter-utility work groups.
Acts as a company witness, liaison, and/or information provider to outside parties.
Develops technical policies, procedures, and contributes to the development of standards, specifications, construction documents, and guidelines.
Significant contributor to security vision and strategy, for the design, development, and implementation of cybersecurity risk management for one or more lines of business.
Conducts cybersecurity risk assessments of systems and services, enabling the identification and evaluation of cyber-attack risks to those systems and services.
Builds relationships with PG&E’s lines of business to identify, assess, prioritize and mitigate cybersecurity risks.
Major contributor to the development, implementation and optimization of cybersecurity risk mitigation plans, programs and governance.
Supports the development and implementation of processes to ensure visibility and management of a complete portfolio of cybersecurity risk across the LOB's.
Measures and manages cybersecurity risks across the lines of business.
Develop and implements cybersecurity risk mitigation strategies across the LOBs, in collaboration with Cybersecurity Architects and IT architects.
Contributes to the evaluation of portfolio risk as part of the annual IT planning process with LOBs