Expert Power Generation Cybersecurity Risk & Compliance Consultant- Flexible Location

Requisition ID # 171841 

Job Category: Information Technology 

Job Level: Individual Contributor

Business Unit: Energy Delivery

Work Type: Hybrid

Job Location: Auburn; Oakland

Department Overview

Power Generation (PGen) operates and maintains PG&E's hydroelectric, fossil, solar generation, and battery storage facilities, providing approximately 5,300 megawatts of generating capacity for our customers. Our nearly 900 coworkers are dedicated to delivering safe, reliable, and cost-effective generation to California in an environmentally responsible manner. Our hydro facilities include 62 conventional hydro powerhouses, a pumped-storage facility, 98 reservoirs, 168 dams and more than 200 miles of canals and flumes, among other water conveyances. Natural gas-fired plants in operation are Humboldt Bay Generating Station in Eureka; Colusa Generating Station in Colusa County and Gateway Generating Station in Antioch. Several utility-scale solar generation plants also are operated and maintained, as well as PG&E’s successful entry into battery energy storage, our Elkhorn Battery facility at Moss Landing in Monterey County.

Position Summary

The PGen Risk, Compliance & Quality team is a governance and compliance team that supports the organization’s collective pursuit of a defensible compliance management framework to provide a network of critical traceability into the business’s control environment. The result enables governance and oversight of the business to verify necessary controls are in place to ensure PGen understands and manages its risks and operates in compliance with applicable laws, regulations, company objectives and goals.

The Power Generation Cybersecurity Risk & Compliance Consultant reports to the PGen Risk, Compliance & Quality Senior Manager and is a significant contributor to the security vision and strategy, supporting the design, development, and implementation of cybersecurity risk management for one or more lines of business.

This PGen Cyber Security Compliance role conducts cybersecurity risk assessments of systems and services to identify and evaluate cyber-attack risks.  This position builds relationships with PG&E’s lines of business to identify, assess, prioritize, and mitigate cybersecurity risks, and contributes to the development, implementation, and optimization and governance of the PGen Cyber Security Program. The role also supports processes to ensure visibility and management of the PGen Security Program regarding cybersecurity risk across the lines of business, measures and manages cybersecurity risks, develops and implements risk mitigation strategies and contributes to the evaluation of the PGen Security Program with lines of business.

Position duties may include but are not limited to-

•    Responsible for PGen’s Cyber Security Compliance Program including the associated Security related regulatory submittals. 
•    Ensures systems and processes meet regulatory requirements as well as excellence standards. 
•    Interpretation and application of applicable codes and regulations and educates PG&E employees and/or industry personnel.
•    Identifies and implements opportunities to improve company performance (quality, performance, human factors, financial, regulatory).
•    Represents PG&E at industry association, trade committee and inter-utility work groups.
•    Acts as a company witness, liaison, and/or information provider to outside parties.
•    Develops technical policies, procedures, and contributes to the development of standards, specifications, construction documents, and guidelines.

Headquarter location is flexible between Oakland and Auburn offices, please note hiring leader will make final decision of what are appropriate headquarters for the role based on business need.

Position will require approximately 25% of travel time in work schedule.

This position is hybrid, working from your remote office and your assigned work location at OGO, in Oakland, California or Auburn Regional Office in Auburn California.

PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of the job posting. This compensation range is specific to the locality of the job.  The actual salary paid to an individual will be based on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience, market value, geographic location, and internal equity.  Although we estimate the successful candidate hired into this role will be placed towards the middle or entry point of the range, the decision will be made on a case-by-case basis related to these factors.
 
A reasonable salary range is:

Bay Area Minimum:$136,000
Bay Area Maximum: $232,000
 
OR
 
California Minimum:$129,000
California Maximum: $220,000
 

This job is also eligible to participate in PG&E’s discretionary incentive compensation programs.

Job Responsibilities:

•        Significant contributor to security vision and strategy, for the design, development, and implementation of cybersecurity risk management for one or more lines of business.
•        Conducts cybersecurity risk assessments of systems and services, enabling the identification and evaluation of cyber-attack risks to those systems and services.
•        Builds relationships with PG&E’s lines of business to identify, assess, prioritize and mitigate cybersecurity risks.
•        Major contributor to the development, implementation and optimization of cybersecurity risk mitigation plans, programs and governance.
•        Supports the development and implementation of processes to ensure visibility and management of a complete portfolio of cybersecurity risk across the LOB's.
•        Measures and manages cybersecurity risks across the lines of business.
•        Develop and implements cybersecurity risk mitigation strategies across the LOBs, in collaboration with Cybersecurity Architects and IT architects.
•        Contributes to the evaluation of portfolio risk as part of the annual IT planning process with LOBs

Qualifications -
Minimum Qualifications:    
•    B.A. /B.S. degree or equivalent work experience in computer science, business administration or other relevant field.

•    Minimum of 6 years of relevant technical experience.
•    Experience in a highly regulated field, such as military/defense, financial services, health care, utilities, etc.

Desired Qualifications:
•    PG&E experience within the related line of business; or utility or industrial control experience.
•    Demonstrated knowledge of
o    Technological trends and developments in cyber/information security and the ICS security and threat environment.
o    Cybersecurity products and technology.
o    Hardware, operating systems, software, networks and facilities that make up infrastructure.
o    Systems/software development, engineering, integration, testing and evaluation.
•    Experience with enterprise cybersecurity in a complex, multi- platform environment including SCADA and other operational technology platforms.
•    Experience with regulatory requirements-
•    NERC-CIP (North American Electric Reliability Corporation Critical Infrastructure Protection), SOX, FCC, SB 1386/1746, etc.
•    Experience with SmartMeter and SmartGrid architectures, technologies and standards.
•    CISSP, CISM, and/or CISA certification, or ability to obtain via self-study within one year of date of hire, other relevant IT or security certifications.

Knowledge, Skills, Abilities, Competencies:
•    Excellent interpersonal skills, including teamwork, facilitation and negotiation.
•    Collaborative, able to work cross- functionally; possessing the ability to forge relationships and partner effectively.
•    Resourceful and self-motivated, able to work independently when required.
•    Ability to communicate and convey complex IT/OT technical security related concepts to business and technology teams.
•    Excellent planning, organizational and project management skills; detail and process- oriented; able to juggle multiple priorities in a fast- paced environment.
•    Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms.
•    Expert and holistic understanding of information security concepts and strategy, including the ability to relate cybersecurity to business goals.
•    Expert understanding of risk assessment and risk analysis frameworks.