Share this Job

Manager, Cybersecurity

San Francisco, CA, US, 94105

Requisition ID # 26678 

Job Category : Information Technology 

Job Level : Manager/Principal

Business Unit: Information Technology and Supply Chain

Job Location : San Francisco

Department Overview

In Customer Care we are focused on delivering the desired customer experience for each of our customers. Everything we do starts with the customer and our information about the customer. That information is collected and managed by our Customer Experience Strategy group. Each of our organizations, though completely dependent upon each other, are the experts in their area and will further drive PG&Es alignment around the customer.


Position Summary

The IT Compliance Manager will lead a team responsible for assessing design and effectiveness of controls for compliance with internal PG&E policies and standards, as well as external regulatory requirements.  Additionally, the manager will be responsible for the identification of risks, evaluation and reporting of control deficiencies and recommendation on remediation efforts.


The IT Compliance Manager is responsible for supporting the continuous improvement of the IT Compliance Program and for maintaining documentation to demonstrate compliance maturity.


Job Responsibilities

Specific Responsibilities:

  • Leads and oversees the IT Compliance Assessment team that is responsible for assessing and reporting on the design and effectiveness of PG&E’s controls
  • Oversees processes to maintain the population of applicable regulatory requirements (NERC, FERC, SOX, HIPAA, CPUC, FCC) and to keep it current
  • Coordinates the execution of control assessments, reviews assessment results and performs risk rating of control deficiencies
  • Advise in control design and applicable documentation
  • Monitors control effectiveness and health
  • Develops and maintains corporate guidance materials
  • Defines processes for monitoring, tracking, and spot checks of control effectiveness
  • Identifies accountabilities and facilitates compliance processes
  • Develops and maintains processes and systems necessary to evidence compliance
  • Creates, schedules, executes annual testing and spot check programs
  • Prepares routine reporting to management and escalates concerns in a timely fashion
  • Advises on control development, narratives, test plans, and mitigation initiative tracking
  • Manages a full-time staff and monitors assessment and quality throughout
  • Interfaces with Internal Audit, Corporate Compliance, and Financial Control functions as needed
  • Liaises with Directors, Managers, and Individual Contributors on Compliance Assessment topics
  • Supports Sr. Manager on the preparation of materials for monthly, quarterly, and annual Compliance Committee reviews
  • Supports creation of materials for the integrated planning process including annual risk assessment and planning activities


Core Responsibilities:

  • Establishes clear plans for engagement and is accountable for multiple levels of partnership across lines of business
  • Translates functional goals of department into assessment programs and projects with significant impact on the company strategic vision and plans, objectives and goals
  • Oversees the development of metrics for the department and benchmarking with a key on continuous improvement of the IT Compliance Assessment Program
  • Provides peer review and support for all inputs and outputs of the organizational deliverables
  • Maintains senior level of expertise in the areas of technology, regulations and threats to ensure PG&E’s direction is appropriately aligned to target risk thresholds
  • Develops operating policies and procedures supporting the IT Compliance group
  • Interprets and advises groups on compliance with IT Policies



  • Provides direct supervision, staffing, training, coaching and mentoring to risk and compliance employees in the department
  • Assigns, prioritizes, and reviews output, project initiatives, and special assignments


Knowledge, Skills, and Abilities

  • Demonstrated problem analysis and decision-making skills
  • Management and planning skills
  • Ability to communicate and convey complex IT technical security related concepts to teams
  • Ability to influence and work with and across all levels within the business to develop the best solution to issue/business needs
  • Strong oral and written communication skills
  • Strong analytical skills
  • Solid understanding of network and systems security, system and network configuration, and application security
  • Solid understanding of general computing controls (GCCs)
  • Able to identify complex control gaps
  • Solid understanding of generally applicable and accepted auditing standards and framework (e.g. COBIT) and best practices for IT services management (e.g., ITIL), government guidelines and laws (e.g. Sarbanes Oxley Act, NERC/CIP)
  • Able to multi-task projects or assessments
  • Ability to work with minimal supervision in a fast-paced environment
  • Detail oriented





  • Bachelors Degree in Computer Science or job-related discipline or equivalent experience
  • 6 years of general IT experience, including 5+ years of IT security or IT risk management experience
  • 3 years of supervisory experience
  • Experience using Excel worksheets, workbooks, and formulas

  • Experience managing multiple projects with conflicting priorities

  • At least one existing certification from the following list, which must be currently maintained and valid: certification:

    •Certified Information Systems Auditor (CISA);

    •Certified in Risk and Information System Control (CRISC);

    •Certified Information Systems Security Professional (CISSP);

    •Certified Internal Auditor (CIA);

    •Cisco Certified Networking Associate (CCNA)




  • Utility Industry Experience
  • Big 4 experience
  • Demonstrated experience with Sarbanes Oxley or North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) v5
  • Desired License / Certification:

    One or more current and valid certifications directly applicable or complementary to the role and area of expertise, including those listed above, as well as:

    •Certified Ethical Hacker (CEH)

    •Information Technology Infrastructure Library (ITIL)

    •Microsoft Certified Professional/Security Engineer (MCP, MCSE)

    •Cisco Certified Network Associate/Professional (CCNA, CCNP)

    •Certified Information Security Manager (CISM)

    •Project Management Professional (PMP).




Our Mission

To safely and reliably deliver affordable and clean energy to our customers and communities every single day, while building the energy network of tomorrow.

Our Vision

With a sustainable energy future as our North Star, we will meet the challenge of climage change while providing affordable energy for all customers.

Our Culture

We put safety first.
We are accountable. We act with integrity, transparency and humility.
We are here to serve our customers.
We embrace change, innovation and continuous improvement.
We value diversity and inclusion. We speak up, listen up and follow up.
We succeed through collaboration and partnership. We are one team.

Pacific Gas and Electric Company (PG&E), a subsidiary of PG&E Corporation (NYSE:PCG), is one of the largest combined natural gas and electric companies in the United States. Based in San Francisco, our 24,000 employees deliver safe, reliable, affordable and clean energy to nearly 16 million people throughout our Northern and Central California service area, stretching from Eureka to Bakersfield and from the Pacific Ocean to the Sierra Nevada.

More About Our Company

Pacific Gas and Electric Company is an Affirmative Action and Equal Employment Opportunity employer that actively pursues and hires a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, sex, age, religion, physical or mental disability status, medical condition, protected veteran status, marital status, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic information or any other factor that is not related to the job.

Nearest Major Market: San Francisco
Nearest Secondary Market: Oakland