Requisition ID# 157352

Job Category: Information Technology

Job Level: Manager/Principal

Business Unit: Information Technology

Work Type: Hybrid

Job Location: Oakland

Department Overview

The PG&E Cybersecurity organization is a dynamic group of security professionals, working to protect our critical assets, highest risks, adapting and growing to meet the challenges from ever-evolving adversaries. The organization's core function is to is to reduce the likelihood and consequence of PG&E from experiencing significant business and operational disruptions due to an adverse cybersecurity event (unintentional or malicious).

The Cybersecurity Risk department within the boarder organization takes a risk-based approach on identifying risks, helping business partners reduce or mitigate risks, developing initiatives to protect PG&E from cyber-attacks, and engaging with other stakeholders to continually improve PG&E's security posture. The department performs projects, vendor, and production systems risk assessments to ensure PG&E deploys and manages technology platforms that meet our security standards and regulatory requirements. The department lead key risk reduction initiatives through risk consultations, social engineering, training, awareness, and vulnerability management program to secure PG&E's cyber-assets and drive risk reduction.

Position Summary

The Manager will oversee the Cybersecurity Solutions team which perform cybersecurity risk assessments for all projects and production systems. In this role, you will partner closely with senior leadership to understand, assess, analyze, and advise our key stakeholders on how to manage their risks, and develop mitigation strategies that safeguards our company. You will be accountable for the development of the team's personnel & execution of overall Cybersecurity department strategic plans in alignment with company strategic vision & goals.

The role is hybrid working from your remote office and in-person based on business needs.

PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of thejob posting. This compensation range is specific to the locality of the job. The actual salary paid to an individual will bebased on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience,market value, geographic location, and internal equity.Although we estimatethe successful candidate hiredinto this rolewill beplaced between the entry point and the middle of the range, the decisionwill be made on a case-by-casebasis related tothese factors.This job is also eligible to participate inPG&E's discretionary incentive compensation programs.

A reasonable salary range is:

Bay Area Minimum: $151,000

Bay Area Maximum: $257,000

Job Responsibilities

• Sets department goals to achieve Cybersecurity organizational strategic plans and objectives
• Develops and implements work plans in support of department goals
• Develops metrics and benchmarks for department with a focus on continuous improvement
• Reports organizational activities and plans to senior leadership
• Manages department budget size, and scope of organization based on supply and demand of work and priorities
• Provides peer review and support for all inputs and outputs of the organizational deliverables
• Maintains expertise in the areas of cybersecurity, technology, regulations, and threats to ensure PG&E's direction is appropriately aligned to target risk thresholds
• Manages employees, contractors, and vendors for the efficient delivery of services
• Collaboratively forges cross-functional relationships and partners with peers and customers for effective outcomes
• Provides IT services that include planning, development, implementation, and support for systems solutions required for the PG&E lines of business
• Conducts analyses of asset deployment, use and acquisition, and disposes of nonperforming assets; evaluates and assess risks as part of the life cycle analysis of portfolio components
• Leads efforts in creative approaches to problem solving and quality deliverables supporting business needs
• Accountable for negotiating conflicts and ensuring identified issues are resolved
• Establishes comprehensive service level agreements
• Ensures staff has the resources and skills needed to support all related work
• Acts as a liaison and conduit for information flow between the department team and the rest of the IT and business community, as well as with appropriate external stakeholders
• Continuous monitoring of emerging tools and technologies to assure the most appropriate technology is being proposed, deployed, and used
• Establishes continuous improvement programs and demonstrates LEAN principals in daily operations
• Conducts continuous high levels of engagement with the business and the IT organization
• Ensures compliance with legal, Federal, and State regulations
• Perform mentoring, coaching, and support employee development
• Ensure availability to support the Cybersecurity organization and personnel for on-call duties and escalations

Qualifications

Minimum:

• Bachelor's Degree in job-related discipline or equivalent experience
• CISSP, CISM, or equivalent certification
• 6 years in security, IT, multi-platform, or other related work experience
• 3 years leadership experience

Desired Knowledge, Skills, and Abilities:

• Strong leadership skills; able to manage, mentor and motivate
• Excellent planning, organizational management skills, process-oriented, and be able to juggle multiple priorities in a fast-paced environment
• Expert understanding of information security concepts and strategy
• Strong understands information security holistically and how it relates to business goals
• Excellent understanding of risk assessment and risk analysis frameworks
• Demonstrated strategic planning and road mapping ability
• Exceptional interpersonal skills, including teamwork, facilitation and negotiation
• Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively
• Resourceful and self-motivated, able to work independently when required
• Credible and persuasive; able to present often complex information in an accessible fashion to a nontechnical audience
• Outstanding problem-solving/decision making ability
• Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms
• Experience with regulatory requirements (NERC-CIP, HIPPA, CCPA, CEUD, TSA SD, SOX, etc.)