Corporate Security Risk Consultant, Principal

Requisition ID # 156008 

Job Category: Information Technology 

Job Level: Manager/Principal

Business Unit: Information Technology

Work Type: Hybrid

Job Location: Oakland; San Ramon

Department Overview

The Corporate Security Department (CSD) is part of the Enterprise Protection Organization within PG&E. Our mission is to protect the people, assets and facilities of PG&E. The department includes physical security, security asset and technology management, risk and strategy, security operations center, critical infrastructure protection and compliance, investigations, emergency response and executive protection teams. Given the criticality of the infrastructure and facilities, PG&E has several compliance obligations at the federal, regional, and state level. We work together internally and in concert with each functional area and supporting partners to provide security, based on identified risks and compliance requirements. The Risk and Strategy team aligns current and future risks within the Enterprise Risk Register to build and maintain our risk profile and align to financial strategy.

Position Summary

The Risk and Strategy team is looking for Risk Consultant. This position will ensure CSD has a fully Integrated risk model with a standalone risk that aligns with the Enterprise risk program. The successful candidate will hold primary responsibility and accountability to build, maintain and test CSD’s risk model.

This role works in partnership with stakeholders such Enterprise Risk experts and leaders, compliance experts, portfolio managers, and other associated operations, and functional areas. The risk consultant ensures the corporate security risk is represented at the correct level.  

Risk Consultants have accountability and responsibility for focus areas that are of complex scope and with significant risk and high impact across multiple functions. They work autonomously and collaboratively as needed. They address complex problems that span functions and may manage projects or initiatives that are high complexity and risk. This position will work collaboratively with both technical and non-technical staff to understand driver and consequences of risk, collect modeling data, and provide guidance, coaching and mentoring to increase understanding of the risk model and how it can be used. They generally work with Senior Management to influence strategies and decisions.

Estimated travel within PG&E service territory up to 25%. 

This position is hybrid, working from your remote office and your assigned work location based on business need. The assigned work location will be within the PG&E Service Territory. 

PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of the job posting. This compensation range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience, market value, geographic location, and internal equity. This job is also eligible to participate in PG&E’s discretionary incentive compensation programs. Although we estimate the successful candidate hired into this role will be placed towards the middle or entry point of the range, the decision will be made on a case-by-case basis related to these factors.

A reasonable salary range is:

Bay Area Minimum: $136,000.00
Bay Area Maximum: $232,000.00
 

Job Responsibilities

• Builds and maintaining CSD risk models.
• Performs analysis using the risk model to support planning and other decision-making.
• Builds relationships with PG&E’s lines of business to identify, assess, prioritize, and mitigate security risks.
• Utilizes internal PG&E Risk methodologies to build corporate security risk framework.
• Own the development, implementation and optimization of security risk mitigation plans, programs, and governance.
• Supports the development and implementation of processes to ensure visibility and management of a complete portfolio of security risk across the functional areas.

Qualifications

Minimum:

• Bachelors Degree in Computer Science or job-related discipline or equivalent experience
• Job-related technical experience, 8yrs

Desired:

• Experience in a highly regulated field, such as military/defense, financial services, health care, utilities, etc.
• Masters Degree in Computer Science or job-related discipline or equivalent experience
• Utility industry experience
• Experience in regulatory requirements, job-related
• Job-related technical experience, 9 years
• Experience in Cybersecurity, multi-platform, or related
• CISSP-Certified Information Systems Security Professional certification
• CISA-Certified Information Systems Auditor certification
• CISM-Certified Information Security Manager certification