IT Compliance Specialist, Expert

Requisition ID # 156709 

Job Category: Compliance / Risk / Quality Assurance 

Job Level: Individual Contributor

Business Unit: Information Technology

Work Type: Hybrid

Job Location: Oakland

Department Overview

Information Systems Technology Services is a unified organization comprised of various departments which collaborate effectively in order to deliver high quality technology solutions.

Position Summary

Provides governance and communication products / services that support identification and implementation of security controls performed within business systems and processes. Utilizes a control framework / methodology to review, evaluate, and translate legal regulatory, and industry standards into control objectives that are focused on IT security risks. Transforms control objectives into policy, standards, and procedures that govern consistent system and business processes. Utilizes a variety of tools and methodologies to communicate and educate the Lines of Business on IT Security.

This position is hybrid, working from your remote office and Oakland, CA approximately once per week or more, based on business needs.

PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of the job posting. This compensation range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience, market value, geographic location, and internal equity. This job is also eligible to participate in PG&E’s discretionary incentive compensation programs. Although we estimate the successful candidate hired into this role will be placed towards the middle or entry point of the range, the decision will be made on a case-by-case basis related to these factors.

A reasonable salary range is:

Bay Area Minimum: $109,000.00
Bay Area Maximum: $175,000.00

Job Responsibilities

• Coach individuals in lower job levels
• Collaborate with peers to define Industry best practices and trends
• Conducts/Leads sessions and develops cost estimates to mitigate open compliance findings
• Conducts/Leads sessions and develops the costs associated with risk avoidance
• Conducts/Leads sessions to determine the likelihood of risk occurrence for open compliance findings. Rate the occurrence by High, Medium or Low.
• Develop and manage the Enterprise Security Awareness and Training program.
• Facilitate / coordinate activities associated with 3rd party work efforts
• Facilitates/Leads Root Cause Analysis
• Independently sets priorities and work schedule with input on complex projects.
• Lead a team of matrix team members to perform specific assignments or tasks
• Lead Cross Functional Teams that are established to review Authority Documents, control objectives, control activities, policies, standards, mitigation plans, or any aspect of the PG&E Control Framework
• Perform any and all responsibilities associated with the Career level position
• Perform any or all job responsibilities associated with the Senior Level position
• Perform enterprise security awareness assessments and recommend training solutions
• Prepares operating metrics reports
• Review Policy Exceptions

Qualifications

Minimum:

• Bachelors Degree in Computer Science or job-related discipline or equivalent experience
• Job-related experience, 5 years

Desired:

• 3-5 years SAP Security Experience.
• Experience delivering multiple SAP security solutions.
• Working  knowledge of SAP Security configuration in the following areas: S/4 HANA, ECC, EWM, BW/BOBJ, BODS, Solution Manager, Fiori, HANA Database, and SAP JAVA Systems (Portal and ADS).
• 8-10 years SAP GRC Administration and Configuration
• Ability to maintain rule set and add new as appropriate.
• Build, review, testing, troubleshooting, and documentation of Cross System configuration and custom risk analysis objects.
• Ability to onboarding of additional SAP systems into the GRC toolset.
• Build, review, testing, troubleshooting user password reset.
• Build, review, testing, troubleshooting user creation automation in development and quality systems.
• Build, review, testing, troubleshooting user access validation process.
• Able to create and maintain custom approval workflow for non-SAP processes.
• Expert understanding of SAP Firefighter process, administration and maintenance.
• Expert knowledge of industry trends in SAP GRC technology.
• Lead 2-3 SAP GRC upgrade or implementation projects.
• Excellent written and verbal communication skills.
• Strong understanding of audit and documentation requirements.
• Strong conceptual, analytical, problem-solving, troubleshooting and resolution skills.
• Presentation skills catered to a diverse technical and business audience.
• Proven ability to transfer knowledge and stay aware of current trends and technical advancements.
• Scheduling flexibility to meet the needs of the business including afterhours support, weekends, and holidays.