Compliance & Risk Consultant, Principal

Requisition ID # 157234 

Job Category: Compliance / Risk / Quality Assurance 

Job Level: Manager/Principal

Business Unit: Customer & Enterprise Solutions

Work Type: Hybrid

Job Location: Oakland

Department Overview

The Digital Strategy team at PG&E sits in the Customer Care organization and oversees customer facing digital properties such as pge.com, the PG&E Report It mobile app, and PG&E’s online Outage Center. The team also oversees the notifications platforms that send text, email and phone calls to customers during regular operations and emergencies.  

The Digital Strategy team is comprised of five core functions:

• Digital Strategy sets the vision for customer facing digital properties, providing governance and oversight for company-wide customer facing initiatives. 
• Web Operations is comprised of the creative services team which handles a wide range of requests from copywriting and design projects, to content publishing and optimization.
• Digital Analytics collects and analyzes both quantitative and qualitative metrics for our online properties, providing real-time customer insights that inform everything we do. 
• Web Product Management oversees all transactional, self-service functions to help ensure that customers can get outage information, pay their bill, request a service appointment or manage their energy use.
• Compliance is responsible for ensuring that the company’s digital assets meet all applicable internal and external compliance standards including WCAG 2.1aa for accessibility and CCPA and CPRA for privacy. The team also governs TCPA policy for the company and is responsible for managing any CPUC regulations assigned to the team.

The team is friendly, collaborative, nimble and creative and embodies an unwavering focus on the customer and dedication to the team’s success. The team functions like a startup but within the context of a larger, mature organization. The team’s methodologies are firmly rooted in e-commerce best practices, with access to the same tools and approaches used at many of the top e-retailers in the US.

Position Summary

The Digital Compliance Manager is the lead position in a two-person compliance team inside the Digital Strategy organization. The compliance lead will own the strategy for the compliance and risk management framework to ensure we are meeting applicable standards, laws & regulations. They will also oversee the work of a compliance team member who is responsible for managing testing and records.

This position is hybrid, working from your remote office and your assigned work location approximately 2 to 3 times per month or more, based on business need. The assigned work location will be within the PG&E Service Territory. 

PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of the job posting. This compensation range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience, market value, geographic location, and internal equity. This job is also eligible to participate in PG&E’s discretionary incentive compensation programs. Although we estimate the successful candidate hired into this role will be placed towards the middle or entry point of the range, the decision will be made on a case-by-case basis related to these factors.

A reasonable salary range is:

Bay Area Minimum: $132,000.00
Bay Area Maximum: $226,000.00

OR

California Minimum: $125,000.00
California Maximum: $215,000.00
 

Job Responsibilities

• Own the governance for microsites, telephone campaigns, ADA, CCPA and CPRA as well as any CPUC rulings
• Drafting and maintaining the Digital Strategy team’s standards around work processes as needed based on changes to applicable laws, regulations, and standards.
• Develop and maintain a risk register, coordinating with various risk owners to track and mitigate risks, and ensuring the effectiveness of mitigation activities.
• Lead change management, training, and communication of digital compliance standards, processes & results and/or risk management standards and risk analyses & assessments.
• Oversee and maintain proper records and oversee the work of another compliance team member
• Audit established procedures and work product to validate that records are accurate and compliance is maintained
• Partner with Subject Matter Experts (SME), Requirement/Risk Owners, and business SMEs to develop controls, and metrics to hold the assigned owners accountable for compliance and/or risk management performance
• Act as a liaison with regulatory agencies and respond to data/reporting inquiries.

Qualifications

Minimum:

• Bachelors Degree or equivalent experience
• Job-related experience, 10 years

Desired:

• 8 years work experience with privacy, compliance, risk, audits, customer service, governance or utility operations
• 2 years experience working with the OneTrust tool
• 2 years experience working with CCPA, CPRA, TCPA and WCAG 2.1aa standards
• Certified Compliance and Ethics Professional (CCEP), or
• Leading Professional in Ethics and Compliance (LPEC), or
• Certified Internal Auditor (CIA), or
• Certified Risk Management Professional (RIMS-CRMP)

Desired skills

• Anticipates issues and develops innovative solutions to enhance controls and mitigate risks.
• Anticipates changes in the regulatory environment or other developments which may impact compliance or risk management and takes action to prepare the organization.
• Acts as consultant to internal and/or external groups in order to benchmark company performance and promote knowledge of compliance and risk management best practices.
• Challenges business decisions and presents risk mitigation alternatives, as appropriate.
• Updates senior leadership on status of compliance / risk management programs and partners with leaders across the organization to strengthen organization-wide effectiveness.
• Reviews and/or creates internal and external procedures and controls for access to enterprise customer data to ensure compliance with all relevant privacy and data protection laws and contractual commitments.
• Identifies and analyzes relevant privacy and data protection issues including required privacy notices, regulatory filings, relevant process and infrastructure requirements, and industry trends and best