Chief, IT and Cyber Risk Validation

Requisition ID # 167963 

Job Category: Compliance / Risk / Quality Assurance 

Job Level: Director/Chief

Business Unit: Gen Counsel, Ethics, Risk & Compliance

Work Type: Hybrid

Job Location: San Ramon

Department Overview

The Operational Risk Validation team is focused on assessing and validating risk mitigations and controls to determine the effectiveness of PG&E’s programs to address the highest risks for the enterprise. The goal is to confirm the right work is being done in a way that truly reduces risk, and to strengthen how we collectively quantify actual risk reduction based on units of work completed. This team will partner closely with the existing risk, compliance, and operational groups, digging a few levels deeper beyond compliance. This will include observations in the field and dialogue with front-line employees to better understand operational risks, inform future risk reduction programs, and advocate for needed resources or support. Assessments and validations of risk-reducing work will be done for the top-tier enterprise risks, while responding to industry disruptors and emerging risk factors that may not fit neatly into existing risk frameworks. These assessments and resulting recommendations will evaluate whether operations are meeting legal, regulatory, and other commitments – and beyond this, determine whether we’re truly reducing risk to an appropriate level.

Position Summary

Chief, IT and Cyber Risk Validation is an individual contributor who is responsible for ensuring that the risks associated with Cyber Security, Physical Security and Technology Improvements are effectively managed across the enterprise. This role will validate that the controls and mitigations are monitored, and all the stakeholders are engaged in data driven decision making. This individual will provide expertise on the key areas of risk for IT and Physical Security across the enterprise to build risk management capabilities. The knowledge expected from this role are AI, Cloud, Data management, Cyber and Physical security, Asset management, Networking, IT infrastructure etc.

This is a high-level position focused on strengthening and building relationships across the organization in an area of risk that is continuously growing across all Functional Areas (FA). This position is hybrid, working from your remote office and your assigned work location based on business need. The assigned work location will be within the PG&E Service Territory.

Reporting

This role reports to the Director, Operational Risk Validation Generation/ IT.  This is an individual contributor role.

Job Responsibilities 

• Partners with Cybersecurity teams such as Asset Management, Strategy, Risk Assessment, Vulnerability Management, Security Intelligence and Operations Center etc. Validates the risk and ensures effectiveness on existing controls and mitigations on an ongoing basis.
• Partners with all asset owners and leaders across the enterprise to raise awareness, build support and partnership in the improvement of cyber asset data management across all technologies.
• Partners as the single point of contact within the Enterprise Risk and Compliance (ERC) team to ensure that technology and systems supporting cyber asset management are implemented and configured to ensure Cybersecurity of all assets across the Enterprise.
• Supports Cyber Security Asset Management strategy development and implementation to ensure external obligations are met across all regulators present and future.
• Partners with Enterprise Data Management, Physical Security and IT Infrastructure teams to set priorities and drive all risk- related activities managing the risks proactively.
• Primary thought leader for Enterprise Risk for development of the roadmap to Propel migration and mitigation strategies that support operational and strategic objectives of the ERC organization.
• Works directly with and coaches senior leadership in key operational areas to identify, address and communicate risk management issues, primarily focused on Cyber, Physical and IT risks.
• Recognizes and communicates internal and external developments that may impact risks based on in-depth knowledge of operational risks across all FAs to improve risk management practices across the enterprise.
• Provides subject-matter expertise and challenges business decisions and decision-making processes to ensure all aspects of risks are appropriately considered and effective controls and mitigations are implemented.
• Leads strategy development and implementation of risk education and training materials for use enterprise-wide and at all levels.

Background Qualifications

Minimum

• Bachelor’s degree or equivalent experience.
• 12 years of job-related experience

Desired 

• Advanced degree in a relevant field such as data management, computer science, information technology, systems engineering, operational governance, or other applicable discipline
• Experience with Operational Technology, and Regulatory compliance
• IT and Security experience 
• Engineering, Architecture, and Risk experience 
• Experience with ISO 31000 and 55001
• Experience with NERC CIP, TSA and FERC utility industry regulations
• Utility industry experience, electric or gas, or other job-related, 10 years

Leadership Qualities

PG&E expects its leaders to conduct themselves with the highest ethics and integrity and to embody specific leadership qualities.

Strategic Mindset

• Sees ahead to future possibilities and translates them into breakthrough strategies.
• Operates effectively, even when things are not certain, or the way forward is not clear.

A Leader in the Community and Industry

• Effectively builds formal and informal relationship networks inside and outside the organization.
• Anticipates and balances the needs of multiple stakeholders.

Demonstrates Safety Leadership

• A safety champion in words and deeds with respect to both employee and public safety.
• Creating and maintaining a speak up culture free of retaliation.

Influences and Inspires

• Using various- communications that convey a clear understanding of the needs of different audiences.
• Maneuvering comfortably through complex policy, process, and people-related dynamics.

Optimizes Team Performance

• Building teams with a strong identity that apply their diverse skills and perspectives to achieve common goals.
• Creating a climate where people are developed and motivated to do their best to help the organization.

Values Inclusion and Respects Individual Differences

• Recognizing the value that different perspectives and cultures bring to an organization.

Fiscally Responsible

• Interpreting and applying understanding of key financial indicators to make better business decisions.
• Planning and prioritizing work to meet commitments aligned with organizational goals.

Leads Ethically and in a Compliant Manner

• Sponsoring and sustaining a high integrity speak-up corporate culture which prioritizes safety, compliance, and ethics.
• Building on necessary level of industry, company, and subject-matter expertise, including laws and regulations.

Provides a High Level of Customer Service

• Building strong customer relationships and delivering hometown, customer-centric solutions.

Compensation

PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of the job posting. This compensation range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience, market value, geographic location, and internal equity. 

We estimate the successful candidate hired into this role will be placed within the reasonable compensation range of $168,000-$241,500.  The decision will be made on a case-by-case basis.  This leadership role is also eligible for an annual Short Term Incentive Plan (STIP) award, as well as the Long Term Incentive Plan (LTIP) grant.