Compliance & Risk Consultant

Requisition ID # 172120 

Job Category: Compliance / Risk / Quality Assurance 

Job Level: Individual Contributor

Business Unit: Information Technology

Work Type: Hybrid

Job Location: Oakland

Department Overview

Technology & Security (T&S) Governance, Risk and Compliance (GR&C) is responsible for managing risk and compliance governance and oversight activities for the T&S organization. The team reports directly to the SVP, CSO/CDAO with functional responsibility aligned to support the broader CIO organization. 

Position Summary

The T&S Compliance & Risk Consultant will support privacy‑related Areas of Compliance (AOC), including CCPA/CPRA, HIPAA, and CEUD, and play a key role in implementing and supporting the PG&E Compliance Maturity Model (CMM) across T&S. This role focuses on governance, oversight, and assurance, not operational ownership, by partnering with requirement owners, business stakeholders, and subject matter experts to ensure privacy and compliance requirements are identified, documented, monitored, and tested in alignment with internal standards and external regulatory obligations.

The position reports to the Manager, T&S Compliance & Risk, who is responsible for the enterprise‑wide T&S compliance program that enables adherence to applicable laws, regulations, and standards; identification and mitigation of risk; and continuous improvement of the compliance framework in response to regulatory change.

This position is hybrid, working from your remote office and Oakland, CA approximately 1 - 3 days per month, or more, based on business needs.

PG&E is providing the full salary/pay range for this position. The actual amount paid to an individual will be based on multiple factors, including, but not limited to, internal equity, specific skills, education, licenses or certifications, experience, market value, and geographic location. The range to reasonably expect will be around the minimum and the midpoint $90,000 - $113,000. The final decision will be made on a case-by-case basis related to the factors above. This job is also eligible to participate in PG&E’s discretionary incentive compensation programs. 

Bay Area Min: $ 90,000

Bay Area Max: $ 136,000

Job Responsibilities

Privacy & Compliance Oversight

• Support governance and oversight for privacy AOCs (e.g., CCPA/CPRA, HIPAA, CEUD) within the T&S Compliance Program
• Assist with identifying, documenting, and maintaining privacy requirements, ownership, and risk prioritization in alignment with CMM Elements
• Partner with Legal, Privacy, Cybersecurity, IT, and business stakeholders to ensure privacy requirements are appropriately translated into controls and business processes

Compliance Maturity Model (CMM) Execution

• Support implementation and maturation of CMM elements across assigned AOCs, including Guidance Documents, Controls, Monitoring, and Issue Response
• Assist requirement owners with compliance artifacts, control documentation, and evidence strategies to support internal and external audits

Monitoring, Testing & Issue Management

• Perform or support compliance and control testing, monitoring activities, and assessments for privacy‑related requirements
• Participate in Potential Non‑Compliance (PNC) activities, root cause analyses, mitigation tracking, and corrective action monitoring, as applicable
• Track and analyze privacy compliance metrics, trends, and remediation status for reporting and governance forums

Regulatory & Audit Support

• Support responses to regulatory data requests, audits, investigations, and inquiries related to privacy compliance
• Stay informed of evolving privacy regulations and guidance, particularly in California, and assist with impact assessments and compliance alignment activities

Advisory & Collaboration

• Serve as a compliance advisor to T&S stakeholders, under the direction of the Team Lead, by offering guidance on privacy compliance standards, control design, and proper documentation procedures
• Contribute to cross‑functional working groups, internal forums, and continuous improvement initiatives related to privacy, risk, and compliance

Qualifications

Minimum:

• Bachelor’s degree, or equivalent experience
• 2 years of job-related experience

Desired:

• Basic knowledge of regulatory policy and compliance concepts, and/or risk management
• Knowledge of assigned area of business including processes and procedures
• Analytical and problem-solving skills
• Written and verbal communication skills and ability to communicate effectively to a variety of audiences
• Proficient in MS Office including Excel and PowerPoint