Sunday , January 29 2023

PG&E Applications – Principal Cybersecurity Controls Assessor

Website PG&E

Job Description:

The Cybersecurity Controls Assessment family is responsible for the assessment, verification, review, and audit of General Computer Controls and/or business process controls across the enterprise. The Principal Cybersecurity Controls Assessor (“Assessor”) will be responsible for leading assessments which will require review and evaluation of IT and/or business systems and processes for compliance with defined regulatory standards, internal processes, and procedures. The Assessor will be responsible for the identification of risks, evaluation of control deficiencies, and recommendation on remediation efforts consistent with IT organizational policies, standards, procedures, and regulatory requirements.

Job Responsibilities:

  • Work closely with business partners to align overlapping compliance efforts and eliminate redundant work
  • Direct team members in the successful fulfillment IT compliance commitments. Provide consultative direction to and review the quality of deliverables prepared by less experienced team members
  • Execute and support assessments, audits, tests, and verification activities for the NERC CIP and other regulatory compliance requirements
  • Responsible for working with senior leadership to mature the NERC CIP and other regulatory assessment processes and integrating into the business culture
  • Directly accountable for providing vision, strategy, planning, and leadership for the design, development, implementation and support of IT compliance NERC CIP and other regulatory assessment functions
  • Review test results and control deficiencies with stakeholders; work with stakeholders to establish plans for sustainable resolution
  • Ensure staff has the resources and skills needed to support all work initiatives
  • Validate controls are operating effectively as a team member or in an oversight role
  • Serve as the point of contact for compliance for areas of responsibility
  • Develop, align and manage the IT compliance NERC CIP and other regulatory assessment roadmaps, planning, and execution
  • Capture and report metrics for services and activities delivered to customers and/or as part of internal initiatives
  • Oversee testing of controls for compliance to standards/regulation and governance processes as it relates to the line of business
  • Manage the establishment of individual and organizational objectives that are aligned with organizational goals
  • Prepare, plan, conduct, and report IT Compliance assessments in accordance with industry best practices and established regulatory standards (e.g. NIST SP800-53). Develop test procedures and/or document recommendations for test plan modifications that improve validation of control objectives
  • Develop and maintain partnerships with business owners and internal stakeholders, and industry alliances
  • Optimize IT investment which may include reducing and containing IT costs and enhancing business capabilities to increase customer satisfaction

Job Requirements:

  • Experience with Sarbanes-Oxley (SOX), or National Institute of Standards and Technology (NIST) SP800-53 security controls catalog.
  • Bachelors Degree in Computer Science, Business, or job-related discipline or equivalent experience
  • Resourceful and self-motivated
  • Excellent problem-solving and decision-making ability
  • Utility Industry Experience
  • Able to lead assessment teams as well as cross-functional team interdisciplinary activities
  • Broad breadth of technical skills and experience in IT, security, and privacy; able to “wear multiple hats” even within the boundaries of the IT compliance assessment function
  • Team leadership experience
  • PG&E experience within a direct or related area of expertise within IT, IT audit, or IT risk management
  • Team player, highly collaborative, able to work cross-functionally
  • Excellent written and verbal communication skills
  • 2 years of utility industry experience
  • Demonstrated ability to manage individuals
  • Big 4 experience
  • Master’s degree in Computer Science or related field, or equivalent work experience
  • Professional demeanor, exceptional interpersonal skills, including teamwork, facilitation and negotiation
  • Strong analytical skills
  • Excellent technical documentation skills
  • IT audit or IT risk management project management experience
  • 10 years of IT audit or IT risk management experience, or related
  • At least one year supervisory or leadership experience over an IT function
  • Experience with organizational-level or enterprise-level programs dealing with IT security or IT risk management

Job Details:

Company: PG&E

Vacancy Type:  Full Time

Job Location: San Francisco, California, USA

Application Deadline: N/A

Apply Here