Senior Manager, Cybersecurity
Requisition ID # 94920
Job Category : Information Technology
Job Level : Senior Manager
Business Unit: Information Technology
Job Location : San Francisco
The Cybersecurity team enables PG&E to achieve its mission by providing governance, oversight, and support of operational resiliency and asset safeguards in a relevant, timely and data-driven manner. The Cybersecurity team consists of security professionals in their chosen disciplines working together, to review the current cyber threat landscape and lend our expertise to help the company understand its security posture and act on the highest priority risks. The Cybersecurity team takes a proactive approach to security by focusing on the cyber risks PG&E faces. Our methodology and framework synthesize current legal, regulatory, and operating mandates with PG&E’s business goals and operations. By taking this information and focusing on the cyber risks unique to individual Lines of Business (LOB), Cybersecurity helps PG&E’s LOBs make informed decisions about where to invest their resources.
The Cloud Security Engineering Manager is responsible for ensuring the secure design and delivery of Cloud solutions to the Cloud COE. The Cloud Security Engineering manager will ensure requirements from Cyber Security Stakeholders such as the CSRS Architecture team, Cybersecurity Services team and SIOC are embedded into solutions delivery process. The Manager will be a specialist in all aspects of information security management and leveraging cloud services in large-scale computing environments.
Leads the development and deployment of secure standardized solutions for all Cloud Environments
- Guide the implementation of new cloud infrastructure methodologies, concepts and changes to security services in line with business requirements and security guidelines.
- Identity and Access Management (IAM), Identity Federation / SSO
- SIEM and Audit Logging (CloudTrail & Config, etc.)
- Threat and Vulnerability Detection and Remediation
- Micro-segmentation enforcement through CI/CD pipeline
- Cloud Native Perimeter security with WAF & Shield (DDOS)
- Data-in-transit / Certificate Management, Data-at-Rest / Key & Secret management
- Application security assessments
Evangelizes and educates the PG&E Cloud COE team
- Works with cloud security engineers to propagate secure coding and continuous security within their applications
- Provides technical coaching and mentoring to accelerate the cloud security learning process across the security and IT organizations
- Partners with the DevOps and Architecture teams to reduce dependence on the Cloud Security Engineers for all security actions and increase security compliance in the build and run of applications.
- Work with IT/OPS to ensure authorization/authentication structure meets security controls and compliance requirements
- Ensure Security controls are injected into the Software Development Lifecycle
- Operationalize Security Metrics for reporting and compliance
- Automate security incident reporting and alerting systems
- Ability to work in an Agile/Scrum environment, manage and deliver in sprints and work as a team
- Ability to operate in cross-functional and multidisciplinary teams
- Customer focused with an attitude to deliver excellent customer outcomes
- Ability to take ownership with a high sense of urgency and work like an entrepreneur
- Exceptional and effective verbal and written communication skills
- Demonstrated ability to effectively influence at the most senior levels (e.g. Sr Director, Vp, etc.)
- Acts as a role model and provides thought leadership
- Drives best practices, enforcing the highest standards
- Viewed as a trusted advisor and maintains a high level of credibility with the Senior Leadership team
- Works with Cybersecurity and Enterprise Architecture to understand current strategy, adhere to standards, and influence roadmaps.
- Bachelor’s Degree or equivalent work experience in cyber/information security, computer science, information systems, business administration, engineering or other related field
- Minimum of 8 years of combined experience in policy management, compliance management, risk management, business management, information security, and/or utility business/industry work experience including direct managing medium to large organizations required
- 5 years’ leadership experience
- Minimum of at least one relevant certification such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Professional in Critical Infrastructure Protection (PCIP), Certified Protection Professional (CPP), or equivalent required.
- CISSP, CISA, CISM, IS027001 LA/LI, SANS (or equivalent experience)
- Experience working in an Agile/Scrum Environment (tasking, etc. via Jira preferred)
- Specialist in Cloud computing technologies and workload transition challenges
- Extensive experience with industry compliance and security standards including PCI DSS, SOC1&2, ISO 27001, NIST/DoD, SAS70, FISMA, HIPAA, and NIST
- Experience with continuous security practices, including: threat modeling, threat and vulnerability management, secure coding practices, and automated penetration testing.
- Experience with security solutions such as WAF, IPS, and anti-DDOS systems
- Extensive experience with IT Compliance and risk management requirements (e.g. security, privacy, SOX, etc.)
- Experience with network / perimeter security platforms
- Extensive experience with infrastructure automation, infrastructure as code, automated application deployment, monitoring/telemetry, logging, reporting, and continuous delivery technologies
- Experience performing security assessments
- Extensive implementation experience with enterprise security solutions, privilege management, identity management and federation systems