Share this Job

Expert Cybersecurity Risk Consultant

San Francisco, CA, US, 94105

Requisition ID # 56921 

Job Category : Information Technology 

Job Level : Individual Contributor

Business Unit: Customer Care

Job Location : Concord; Sacramento; San Francisco


Department Overview

The PG&E Cybersecurity organization is a dynamic group of security professionals, working to protect our critical assets, highest risks, adapting and growing to meet the challenges from ever-evolving adversaries. The Cybersecurity Risk Management department within the boarder organization focuses on identifying risks, helping partners reduce or mitigate risks, developing initiatives to protect PG&E from cyber-attacks, and engaging with other stakeholders to continually improve PG&E’s security posture. The department provides governance and direction of initiatives to safeguard PG&E’s cyber-assets, working hand in hand with key partners, as well as technical and engineering experts in PG&E’s lines of business. The department performs projects, vendor, and production systems risk assessments to ensure PG&E deploys and manages technology platforms that meet our security standards and regulatory requirements.  


Position Summary 

The Cybersecurity Risk Consultant job family is responsible for overall relationship management and risk operating/analytics related to the cybersecurity risk management program for PG&E. This position will engage with the PG&E Enterprise Risk organization, and collaborate with other Cybersecurity teams, key stakeholders, and experts in the lines of business to identify threats, create strategies to better protect technology assets, and deploy technologies and processes to put those strategies into action. The position will contribute to the strategy to manage enterprise risk and proactively adapt to evolving threats and business needs. This position will perform risk aggregation, developing line of business risk bow ties, evaluating and assigning security risk levels, assisting with the development, design, and implementation of security mitigation, risk mitigation investment analysis, risk data request support, and communicating out to at all levels.


The work location is flexible and can located in Concord, Sacramento, or San Francisco.




  • Bachelor’s Degree in job-related discipline or equivalent experience
  • Minimum of 6 years of relevant technical experience



  • Experience with enterprise security in a complex, multi-platform environment including SCADA, ICS, and other complex technology platforms
  • Experience with regulatory requirements (Nerc-CIP, SOX, FCC, SB 1386/1746, etc.)
  • Utility industry and/or operational technology experience strongly preferred
  • Cyber/information security management policies, procedures, regulations and governance processes, Information Systems/Network Security, System Security Analysis, Information Assurance Compliance
  • Risk management techniques, technological trends and developments in cyber/information security, systems/software development, engineering, integration, testing and evaluation and operating systems
  • Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or equivalent
  • Mastery of Cybersecurity best practices and standards (e.g. NIST, ISO, etc.)
  • Mastery of computer networking concepts and protocols, and network security methodologies
  • Mastery of cloud security concepts, including experience with public cloud (e.g. AWS, Microsoft Azure, etc.) and implementation experience


Knowledge, Skills, and Abilities:

  • Excellent planning, organizational and project management skills; detail and process-oriented; able to juggle multiple priorities in a fast-paced environment
  • Expert understanding of information security concepts and strategy
  • Understands information security holistically and how it relates to business goals
  • Understanding of risk assessment and risk analysis frameworks
  • Demonstrated strategic planning and road mapping ability
  • Outstanding problem-solving/decision making ability
  • Strong leadership skills; able to manage, mentor and motivate
  • Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms
  • First class documentation skills
  • Exceptional interpersonal skills, including teamwork, facilitation and negotiation
  • Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively
  • Resourceful and self-motivated, able to work independently when required
  • Credible and persuasive; able to present often complex information in an accessible fashion to a nontechnical audience


Job Responsibilities

  •  Will contribute to the security vision, strategy, planning and leadership for the design, development, implementation and support of technology risk management framework for a line of business to achieve its objectives
  • Ensures successful implementation of security into new/enhanced systems to meet scope, schedule, and budget
  • Develops risk-based prioritization for security within technology roadmaps
  • Scope the assessment of risks and the execution of plans to mitigate the risks
  • Proactively provides expert knowledge of industry trends and technologies as it relates to specific opportunities where security can enhance value to the business and/or addresses a specific business need
  • Establishes technology risk-based investment planning through risk-integration with BTLs
  • Identifies risk opportunities to make business processes more effective and efficient
  • Directs the implementation of improvement (mitigation) initiatives
  • Drive compliance to standards/regulations and governance processes as it relates to the line of business
  • Ensure availability to support the Cybersecurity organization and personnel for on-call duties and escalations

Core Responsibilities:

  • Responsible for overall business relationship
  • Overall translation of risk from lines of businesses, Enterprise Risk, and Cybersecurity teams into clear and concise format
  • Accountable for communication of risk posture to business units
  • Accountable for overall risk calculation reporting to CISO, CIO, and Board
  • Development of risk-based portfolio management
  • Establishes and updates risk inventory for LOB
  • Partners closely and aligns to Business Technology Leads (BTLs)
  • Evaluates portfolio risk as part of the annual IT planning process with BTLs and LOBs
  • Engages in risk governance and reviews
  • Be a cybersecurity representative at LOB’s Enterprise Risk Management Committee
  • Conducts Enterprise Risk Management (ERM) related activities across the PG&E
  • Prioritizes mitigation activities and workload

Our Mission

To safely and reliably deliver affordable and clean energy to our customers and communities every single day, while building the energy network of tomorrow.

Our Vision

With a sustainable energy future as our North Star, we will meet the challenge of climate change while providing affordable energy for all customers.

Our Culture

We put safety first.
We are accountable. We act with integrity, transparency and humility.
We are here to serve our customers.
We embrace change, innovation and continuous improvement.
We value diversity and inclusion. We speak up, listen up and follow up.
We succeed through collaboration and partnership. We are one team.

Pacific Gas and Electric Company (PG&E), a subsidiary of PG&E Corporation (NYSE:PCG), is one of the largest combined natural gas and electric companies in the United States. Based in San Francisco, our 24,000 employees deliver safe, reliable, affordable and clean energy to nearly 16 million people throughout our Northern and Central California service area, stretching from Eureka to Bakersfield and from the Pacific Ocean to the Sierra Nevada.

More About Our Company

Pacific Gas and Electric Company is an Affirmative Action and Equal Employment Opportunity employer that actively pursues and hires a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, sex, age, religion, physical or mental disability status, medical condition, protected veteran status, marital status, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic information or any other factor that is not related to the job.

Employee Privacy Notice                                                                                                                                                                                                                                      The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020. CCPA grants new and far-reaching privacy rights to all California residents. The law also entitles  job applicants, employees and non-employee workers to be notified of what personal information PG&E collects and for what purpose. The Employee Privacy Notice can be accessed through the following link: Employee Privacy Notice

PG&E will consider qualified applicants with arrest and conviction records for employment in a manner consistent with all state and local laws.