Skip to main content
Search

Expert Cybersecurity Risk Consultant

I'm Interested Date posted 09/19/2020

Requisition ID # 57981 

Job Category : Information Technology 

Job Level : Individual Contributor

Business Unit: Customer Care

Job Location : San Francisco

Department Overview

The PG&E Cybersecurity organization is a dynamic group of security professionals, working to protect our critical assets, highest risks, adapting and growing to meet the challenges from ever-evolving adversaries. The Cybersecurity Risk Management department within the boarder organization focuses on identifying risks, helping partners reduce or mitigate risks, developing initiatives to protect PG&E from cyber-attacks, and engaging with other stakeholders to continually improve PG&E’s security posture. The department provides governance and direction of initiatives to safeguard PG&E’s cyber-assets, working hand in hand with key partners, as well as technical and engineering experts in PG&E’s lines of business. The department performs projects, vendor, and production systems risk assessments to ensure PG&E deploys and manages technology platforms that meet our security standards and regulatory requirements.  

Position Summary 

The Cybersecurity Risk Consultant job family is responsible for overall relationship management and risk operating/analytics related to the cybersecurity risk management program for PG&E. This position will engage with the PG&E Enterprise Risk organization, and collaborate with other Cybersecurity teams, key stakeholders, and experts in the lines of business to identify threats, create strategies to better protect technology assets, and deploy technologies and processes to put those strategies into action. The position will contribute to the strategy to manage enterprise risk and proactively adapt to evolving threats and business needs. This position will perform risk aggregation, developing line of business risk bow ties, evaluating and assigning security risk levels, assisting with the development, design, and implementation of security mitigation, risk mitigation investment analysis, risk data request support, and communicating out to at all levels.

The work location is flexible and can located in Concord, Sacramento, or San Francisco.

Qualifications

Minimum:

  • Bachelor’s Degree in job-related discipline or equivalent experience
  • Minimum of 6 years of relevant technical experience

Desired:

  • Experience with enterprise security in a complex, multi-platform environment including SCADA, ICS, and other complex technology platforms
  • Experience with regulatory requirements (Nerc-CIP, SOX, FCC, SB 1386/1746, etc.)
  • Utility industry and/or operational technology experience strongly preferred
  • Cyber/information security management policies, procedures, regulations and governance processes, Information Systems/Network Security, System Security Analysis, Information Assurance Compliance
  • Risk management techniques, technological trends and developments in cyber/information security, systems/software development, engineering, integration, testing and evaluation and operating systems
  • Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or equivalent
  • Mastery of Cybersecurity best practices and standards (e.g. NIST, ISO, etc.)
  • Mastery of computer networking concepts and protocols, and network security methodologies
  • Mastery of cloud security concepts, including experience with public cloud (e.g. AWS, Microsoft Azure, etc.) and implementation experience

Knowledge, Skills, and Abilities:

  • Excellent planning, organizational and project management skills; detail and process-oriented; able to juggle multiple priorities in a fast-paced environment
  • Expert understanding of information security concepts and strategy
  • Understands information security holistically and how it relates to business goals
  • Understanding of risk assessment and risk analysis frameworks
  • Demonstrated strategic planning and road mapping ability
  • Outstanding problem-solving/decision making ability
  • Strong leadership skills; able to manage, mentor and motivate
  • Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms
  • First class documentation skills
  • Exceptional interpersonal skills, including teamwork, facilitation and negotiation
  • Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively
  • Resourceful and self-motivated, able to work independently when required
  • Credible and persuasive; able to present often complex information in an accessible fashion to a nontechnical audience

Job Responsibilities

  •  Will contribute to the security vision, strategy, planning and leadership for the design, development, implementation and support of technology risk management framework for a line of business to achieve its objectives
  • Ensures successful implementation of security into new/enhanced systems to meet scope, schedule, and budget
  • Develops risk-based prioritization for security within technology roadmaps
  • Scope the assessment of risks and the execution of plans to mitigate the risks
  • Proactively provides expert knowledge of industry trends and technologies as it relates to specific opportunities where security can enhance value to the business and/or addresses a specific business need
  • Establishes technology risk-based investment planning through risk-integration with BTLs
  • Identifies risk opportunities to make business processes more effective and efficient
  • Directs the implementation of improvement (mitigation) initiatives
  • Drive compliance to standards/regulations and governance processes as it relates to the line of business
  • Ensure availability to support the Cybersecurity organization and personnel for on-call duties and escalations


Core Responsibilities:

  • Responsible for overall business relationship
  • Overall translation of risk from lines of businesses, Enterprise Risk, and Cybersecurity teams into clear and concise format
  • Accountable for communication of risk posture to business units
  • Accountable for overall risk calculation reporting to CISO, CIO, and Board
  • Development of risk-based portfolio management
  • Establishes and updates risk inventory for LOB
  • Partners closely and aligns to Business Technology Leads (BTLs)
  • Evaluates portfolio risk as part of the annual IT planning process with BTLs and LOBs
  • Engages in risk governance and reviews
  • Be a cybersecurity representative at LOB’s Enterprise Risk Management Committee
  • Conducts Enterprise Risk Management (ERM) related activities across the PG&E
  • Prioritizes mitigation activities and workload
I'm Interested