Cybersecurity Solution Analyst, Senior

Requisition ID # 169082 

Job Category: Information Technology 

Job Level: Individual Contributor

Business Unit: Information Technology

Work Type: Hybrid

Job Location: Oakland

Department Overview

Our Cybersecurity department is committed to protecting critical assets and adapting to the ever-evolving threat landscape. We partner with IT, business, and engineering teams to assess, monitor, and enhance our security posture, with a strong emphasis on supply chain risk. Our team includes experts in risk strategy, project management, compliance, incident response, and control assessment.

Position Summary

Are you passionate about protecting critical infrastructure and ensuring the resilience of complex supply chains against sophisticated cyber threats? Join our Cybersecurity team, where you’ll help safeguard the digital backbone that supports essential services for millions. We’re a collaborative, innovative group dedicated to securing our supply chain ecosystem and enabling business continuity.

The Senior Cybersecurity Solution Analyst – Strategic Supply Chain Risk Management is responsible for evaluating, verifying, and continuously improving the security and resilience of our supply chain. This role leads risk assessments and control audits for suppliers, vendors, and third-party partners, ensuring alignment with organizational standards, best practices, and regulatory requirements. The analyst collaborates closely with business units and external partners throughout the supply chain risk assessment lifecycle from initial evaluation through remediation and ongoing monitoring. Building strong relationships with stakeholders is essential to understand business needs, resolve issues, and drive a culture of supply chain security.

This position is hybrid, working from your remote office and Oakland, CA approximately once per week, or more, based on business needs.

PG&E is providing the salary range that can reasonably be expected for this position at the time of the job posting. This salary range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, internal equity, specific skills, education, licenses or certifications, experience, market value, and geographic location. The decision will be made on a case-by-case basis related to these factors.​ This job is also eligible to participate in PG&E’s discretionary incentive compensation programs.  

Bay Area: $114,000 - 162,800

Job Responsibilities

• Lead and execute strategic supply chain cybersecurity risk assessments, audits, and verification activities for third-party vendors and partners.
• Evaluate supply chain risk and collaborate with business units and third parties throughout the assessment lifecycle, ensuring comprehensive risk identification, documentation, and mitigation.
• Develop and maintain supply chain security metrics, documentation, and reporting for leadership and operational teams.
• Validate that security controls are operating effectively across the supply chain, interpreting evidence and test results to inform risk decisions.
• Develop and refine control test procedures, analytical tools, and vulnerability testing methods tailored to supply chain environments.
• Partner with procurement, legal, and compliance teams to integrate cybersecurity requirements into supplier contracts and onboarding processes.
• Support the review and modification of supply chain security controls as business needs and threats evolve.
• Maintain situational awareness of emerging supply chain threats, vulnerabilities, and industry best practices.
• Foster partnerships with business owners and operational stakeholders to address control deficiencies and enhance supply chain security posture.
• Perform other tasks as needed to ensure the effectiveness of the supply chain risk management program.

Qualifications

Minimum:

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field or equivalent experience
• Utility industry experience
• Experience in IT-Information Technology, 3 years
• IT-Information Technology Security certification

Desired:

• Masters Degree in Computer Science or equivalent experience
• Utility industry experience
• 5+ years of experience in IT security, risk management, or supply chain cybersecurity.
• Strong knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO, etc.).
• Excellent analytical, communication, and stakeholder engagement skills.
• Relevant certifications (e.g., CISSP, CISM, CRISC, CCSK) are highly desirable.
• Ability to travel up to 10%.
• Experience in utility, critical infrastructure, or large enterprise supply chain environments.
• Technical documentation and project management skills.
• Ability to lead cross-functional teams and drive initiatives to completion.
• Extensive IT, security, and privacy skills with versatile experience.
• Offers technical leadership and acts as a senior-level subject matter expert within their area(s) of expertise.