Director - Cybersecurity Policy & Project Implementation - Pacific Gas and Electric - San Francisco

Job description
Position Summary
The Director, Cybersecurity Policy & Project Implementation is accountable for the development, implementation, and management of company-wide policies, employee training and awareness, and direct oversight of the enterprise portfolio of security projects for PG&E's critical infrastructure and information assets. The Director is responsible for working directly with all lines of business to provide a strategy and produce supporting policies and standards, , raise employee security knowledge and awareness, and track status of security projects in the effort to reduce the risk and protect PG&E's critical infrastructure and information assets. The Director tracks and analyzes new and emerging regulation and legislation to determine the impact to PG&E and also focuses on continuous improvement to the security of company information and information assets. The Director leads a team of specialized and highly skilled professionals responsible for policy, compliance, and awareness management and oversees the project management and project delivery for over $50m in projects. The Director provides expert guidance and expertise to PG&E's senior executives and management on all matters related to policies, training and awareness, and enterprise portfolio of security projects.


Qualifications
Minimum Qualifications
• B.S. degree or equivalent work experience in risk management, business management, information systems or other relevant field.
• Twelve (12) years or more of combined policy management, compliance management, communications, risk management, business management, information security, and utility business/industry work experience including directly managing large organizations.
Desired Qualifications:
• Expert knowledge of risk management policies, procedures, regulations and governance processes required.
• Strong understanding of regulatory requirements impacting utilities (e.g. NERC CIP, NRC Title 10, HIPPA, SOX, FCC, etc).
• Strong knowledge of technological trends and developments in the area of information security and risk management.
• Strong ability to analyze business processes and drive change.
• Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Professional in Critical Infrastructure Protection (PCIP), Certified Protection Professional (CPP), or equivalent.

Responsibilities

• Establishes the long-term vision, strategy, and direction of the policy, training and awareness program, and enterprise portfolio of security projects and establishes goals, objectives and metrics consistent with the business strategic plan.
• Develops policies that aligns with and integrates all current (e.g. HIPPA, SOX, NERC CIP, NRC Title 10, FCC) and future regulatory requirements.
• Manages the collaboration with LOB's management, architects, engineers, business developer, legal, regulatory affairs, communications, and product/program managers to develop policies and awareness solutions to improve PG&E's security posture.
• Manages the development, implementation and on-going monitoring of security solutions to address areas that are above acceptable levels of risks for the business.
• Manages the development of risk and strategy policies, standards, procedures and governance processes for PG&E's critical infrastructure and information systems.
• Manages development and implementation of education programs for awareness and governance processes.
• Manages the enterprise portfolio of security projects from concept to implementation.
• Assists in risk analysis development and review. Assists PG&E business partners to determine critical business processes and systems, identifies acceptable level of risk and establishes resources required to maintain an acceptable level of risk.
• Works with business partners to understand the risk to the protection of critical infrastructure and information systems/processes.
• Provides expertise and guidance to business partners and IT leaders for all areas of policy, training and awareness management, and enterprise portfolio of security projects.
• Develops strategy and plans for PG&E's policy, training and awareness, and enterprise portfolio of security projects efforts.
• Maintains expert level of expertise in the areas of technology, regulations and treats to ensure PG&E's direction is appropriately aligned.

Enter your email address:

Refer This Job To Your Friends And Help Them To Find Jobs!