Skip to main content

Principal Compliance & Risk Consultant

Location: Oakland, California

Requisition ID # 158553-en_US

Our IT professionals are at the enterprise's core, leveraging modern technology to deliver safe and reliable energy to our customers. We use AI, the cloud, data science, and the latest tools and programming languages to solve hard, interesting problems and tackle challenges like the ever-growing threat of climate change, wildfires, and breaches of cyber security. Join us and experience the satisfaction of being a technology enabler for a company that leads the industry in innovation.

  • Entry, Mid, Senior, Executive
  • Full-Time
  • Glassdoor Reviews and Company Rating

Success Profile

What makes a successful Team Member at PG&E? Check out the top traits we’re looking for and see if you have the right mix.

  • Adaptable
  • Collaborative
  • Creative
  • Curious
  • Results-driven
  • Thoughtful


PG&E is proud to provide a comprehensive benefits program to help you take care of your physical, emotional and financial health. In addition to the offerings below, you can expect inclusive programs in areas such as performance recognition, training and employee development, mentoring and more.

  • Paid Time Off

    Vacation, Sick Hours, Holidays, Family Leave

  • Employee Resource Groups

    16 ERGs at the core of our DEIB culture that support employee development and foster business relationships

  • Professional Development

    Leadership and Employee Development Courses, LinkedIn Learning, Mentoring Program and up to $8,000 for Tuition Reimbursement

  • Healthcare

    Low-Cost Medical, Dental, Life/Accident/Disability Insurance and Free Vision

  • Healthcare & Dependent Care FSA

    Pre-tax employee-funded accounts that cover certain out-of-pocket medical and dependent care expenses

  • Retirement Plans

    401(k) Matching up to 8% AND Cash Balance Pension (no Cost to you)

Job Details

Requisition ID # 158553 

Job Category: Compliance / Risk / Quality Assurance 

Job Level: Manager/Principal

Business Unit: Information Technology

Work Type: Hybrid

Job Location: Oakland

Department Overview

Enterprise Protection-Information Technology (EP-IT) Governance, Risk and Compliance (GR&C) is responsible for managing risk and compliance governance and oversight activities for the Information Technology and Enterprise Protection organization. The team reports directly to the SVP, CSO/CDAO with functional responsibility aligned to support the broader CIO organization. In a rapidly changing environment, this team provides guidance, consultation, and support to the IT Architecture, IT Operations, Cybersecurity and Corporate Security organizations to ensure risk and compliance are well-managed today and prepared for emerging requirements and opportunities in the future.

Position Summary

The Compliance and Risk Consultant, Principal will lead and oversee the implementation of all key components of the EP-IT Risk Management Program for PG&E’s Corporate Security Department (CSD).  This will include the ability to apply risk analysis and modeling techniques, risk mitigation strategies, and author risk management products and deliverables.  The ideal candidate would have prior utility experience utilizing quantitative risk modeling techniques.  The risk management program spans IT Operations, Physical Security and Cybersecurity functions, and provides state regulatory risk assessment and mitigation input, testimony support and deliverables.  In addition, the IT Risk Management Program aligns to the Enterprise Operational Risk Management (EORM) Program and provides input and/or deliverables to board level committees.  The EP-IT Risk Management Program is focused on cybersecurity risk, physical attack risk and IT asset failure risk, requiring a cross-functional approach to risk management. The Compliance and Risk Consultant, Principal position is responsible for the oversight, implementation support and maturation of EP-IT Enterprise Risk Management Program for PG&E’s Corporate Security Department (CSD) focused on Physical Attack risks and mitigations.  

This position is hybrid, working from your remote office and your assigned work location approximately 2 - 4 times per month or more, based on business need. The assigned work location will be within the PG&E Service Territory. 

PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of the job posting. This compensation range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience, market value, geographic location, and internal equity. This job is also eligible to participate in PG&E’s discretionary incentive compensation programs. Although we estimate the successful candidate hired into this role will be placed towards the middle or entry point of the range, the decision will be made on a case-by-case basis related to these factors.

A reasonable salary range is:

Bay Area Minimum: $132,000.00 

Bay Area Maximum: $226,000.00

Job Responsibilities

  • Plan and manage an annual Tactical Implementation Plan (TIP) for risk management activities outlined under the program standard.
  • Act as a Subject Matter Expert for CPUC Risk Assessment & Mitigation Phase (RAMP) deliverables and responses.
  • Participate and contribute to industry forums and working groups.
  • Collaborate with cross-functional teams to integrate risk assessment and management processes into operational programs.
  • Provide guidance and training to employees on risk management matters, fostering a culture of awareness and accountability.
  • Communicate program KRIs and bowties to directors, officers and governance committees in a clear and concise manner.
  • Develop effective key performance and key risk indicators (KPI/KRI) to track, report, and improve overall performance and maturity of the risk management program. 
  • Drive evolution/iteration of IT risk models in consultation with the Enterprise and Operational Risk Management (EORM) counterpart to align risk modeling with IT Business Plan Deployment processes and Utility regulatory requirements.
  • Implement Regulatory Decisions related to quantitative risk modeling.
  • Identify relevant available IT risk data that support IT risk modeling; build and maintain data pipelines from these datasets to ensure risk data is accurate and model quality is appropriately controlled.
  • Develop analysis and provide visualizations that clearly communicate risk trends, risk management progress and areas for improvement
  • Implement “areas for improvement” relative to data use and collection, improving transparency related to the use of subject-matter-expertise in risk assessments and mitigation planning.



  • Bachelor’s degree in information systems, mathematics, statistics, engineering or other related discipline
  • 10 years of experience working in risk and/or compliance management at an enterprise or operations level.


  • Master’s degree in related discipline
  • Certified Compliance and Ethics Professional (CCEP), or
  • Certified Internal Auditor (CIA), or
  • Certified Risk Management Professional (RIMS-CRMP), or
  • Other compliance or risk related certification, as applicable
  • Knowledge of California and Federal laws and regulatory programs
  • Knowledge of the Utility industry and operations
  • Knowledge of Physical Security risks and controls
  • Strong program management, internal consulting, and process improvement skills
  • Ability to clearly convey information and ideas through verbal and written communication to stakeholders at all levels in the organization.
  • Highly flexible, self-directed, and able to adapt well to a rapidly changing environment
  • Able to think strategically, systematically and analytically, while working tactically to meet milestones
  • The ability to build and maintain relationships with subject matter experts, data owners and leaders across functional areas
  • Ability to positively influence without positional authority
  • Expertise in probability, statistics and commonly used quantitative risk modeling techniques.
I'm Interested


PG&E combines an established company’s stability with the autonomy of a startup. I enjoy high levels of trust and openness among my coworkers in a dynamic environment where I’m included in important decision-making discussions. As our company evolves, I look forward to career growth opportunities ahead.

Jonathan A. Solutions Architect, Expert
Products & Enterprise Platforms

  • Patti Poppe Becomes the First PG&E CEO to Sign the Disability: IN CEO

    In signing the CEO Letter on Disability Inclusion, Poppe commits to benchmark the company’s inclusion efforts and encourages other leaders to join IN.

    Learn More
  • Life at PG&E

    Learn More

Sign Up for Job Alerts

Note that all fields are mandatory. Please set your category and location selections prior to submitting.
By submitting your information, you acknowledge that you have read our privacy policy and consent to receive email communications from PG&E.

Interested InSelect a job category from the list of options. Search for a location and select one from the list of suggestions. Finally, click “Add” to create your job alert.

  • Compliance / Risk / Quality Assurance, Oakland, California, United StatesRemove
  • Information Technology, Oakland, California, United StatesRemove