Compliance & Risk Consultant, Senior

Requisition ID # 167592 

Job Category: Compliance / Risk / Quality Assurance 

Job Level: Individual Contributor

Business Unit: Information Technology

Work Type: Hybrid

Job Location: Rocklin

Department Overview

Enterprise Protection-Information Technology (EP-IT) Governance, Risk and Compliance (GR&C) is responsible for managing risk and compliance governance and oversight activities for the Information Technology and Enterprise Protection organization. The team reports directly to the SVP, CSO/CDAO with functional responsibility aligned to support the broader CIO organization. In a rapidly changing environment, this team provides guidance, consultation, and support to the IT Architecture, IT Operations, Cybersecurity and Corporate Security organizations to ensure risk and compliance are well-managed today and prepared for emerging requirements and opportunities in the future.

Position Summary

The Compliance and Risk Consultant (CRC), Senior in EP-IT GR&C, will play a pivotal role in implementing the PG&E Compliance Maturity Model (CMM) as the foundation for the IT Compliance Program key elements of performance and oversight.  The Compliance and Risk Consultant, Senior will be part of larger compliance team, but will focus on IT project compliance support, potential non-compliance (PNC) investigation, PNC cause evaluation, PNC corrective action determination, control design consultation, and mitigation plan tracking.  The PG&E IT Compliance Program serves as the primary mechanism for oversight and monitoring of both internal standards and regulatory requirements.  The Compliance and Risk Consultant, Senior will work closely with the Projects and PNC Process Lead to support IT Project teams with understanding applicable areas of compliance, governing standards and then execute the PNC process when potential compliance issues are identified.  This role will have an opportunity to work on a wide variety of IT Projects and areas of compliance while also providing insights to improvement opportunities across the program.

PG&E is providing the salary range that can reasonably be expected for this position at the time of the job posting. This salary range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, internal equity, specific skills, education, licenses or certifications, experience, market value, and geographic location. The decision will be made on a case-by-case basis related to these factors. This job is also eligible to participate in PG&E’s discretionary incentive compensation programs.  

Pay range is:​ $100,000.00 - $143,000.00

This position is hybrid, remote and in-person at the Rocklin office based on business needs.

Job Responsibilities

• Assist with planning and preparing material for monthly committees.
• Supports issue owners and subject matter experts with developing controls and mitigation plans.
• Performs compliance and control testing, audits, or other validation processes and analyzes risk or compliance metrics.
• May respond to regulatory data requests, investigations, audits, and other inquiries.
• Identifies new/changing requirements or standards and participates in Management of Chain (MOC) process if necessary. 
• Verifies reports, audits documentation, and validates content in database / risk register.
• Participates in or may lead root cause analysis exercises.
• Develop, evaluate and improve visual management and communication mediums, platforms and processes.
• Participate and contribute to internal forums and working groups. 

Qualifications

Minimum:

• Bachelors Degree or equivalent experience
• Job-related experience, 5 years

Desired:

• 2+ years of experience in risk, compliance or program management.
• Strong analytical and problem-solving skills to assess and address compliance challenges.
• Excellent communication and interpersonal skills to work collaboratively across departments.
• Demonstrates advanced knowledge of regulatory policy and compliance concepts, and/or risk management.
• Advanced knowledge of IT business processes and procedures.
• Understanding of and ability to apply internal control concepts and/or risk analysis.
• Strong analytical and problem solving skills.
• Strong written and verbal communication skills and ability to communicate complex data effectively to a variety of audiences including directors.
• 1 or more of the following job-related certifications:
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified Information Systems Auditor (CISA)
  • Certified Risk Management Professional (CRMP)
  • Certification in Risk Management Assurance (CRMA)
  • GRC Professional (GRCP)