Chief, IT and Cyber Risk Validation

Job Description

Requisition ID # 167963

Job Category : Compliance / Risk / Quality Assurance

Job Level : Director / Chief

Business Unit : Gen Counsel, Ethics, Risk & Compliance

Work Type : Hybrid

Job Location : San Ramon

Department Overview

The Operational Risk Validation team is focused on assessing and validating risk mitigations and controls to determine the effectiveness of PG&E’s programs to address the highest risks for the enterprise. The goal is to confirm the right work is being done in a way that truly reduces risk, and to strengthen how we collectively quantify actual risk reduction based on units of work completed. This team will partner closely with the existing risk, compliance, and operational groups, digging a few levels deeper beyond compliance. This will include observations in the field and dialogue with front-line employees to better understand operational risks, inform future risk reduction programs, and advocate for needed resources or support. Assessments and validations of risk-reducing work will be done for the top-tier enterprise risks, while responding to industry disruptors and emerging risk factors that may not fit neatly into existing risk frameworks. These assessments and resulting recommendations will evaluate whether operations are meeting legal, regulatory, and other commitments – and beyond this, determine whether we’re truly reducing risk to an appropriate level.

Position Summary

Chief, IT and Cyber Risk Validation is an individual contributor who is responsible for ensuring that the risks associated with Cyber Security, Physical Security and Technology Improvements are effectively managed across the enterprise. This role will validate that the controls and mitigations are monitored, and all the stakeholders are engaged in data driven decision making. This individual will provide expertise on the key areas of risk for IT and Physical Security across the enterprise to build risk management capabilities. The knowledge expected from this role are AI, Cloud, Data management, Cyber and Physical security, Asset management, Networking, IT infrastructure etc.

This is a high-level position focused on strengthening and building relationships across the organization in an area of risk that is continuously growing across all Functional Areas (FA). This position is hybrid, working from your remote office and your assigned work location based on business need. The assigned work location will be within the PG&E Service Territory.

Reporting

This role reports to the Director, Operational Risk Validation Generation / IT.  This is an individual contributor role.

Job Responsibilities

• Partners with Cybersecurity teams such as Asset Management, Strategy, Risk Assessment, Vulnerability Management, Security Intelligence and Operations Center etc. Validates the risk and ensures effectiveness on existing controls and mitigations on an ongoing basis.
• Partners with all asset owners and leaders across the enterprise to raise awareness, build support and partnership in the improvement of cyber asset data management across all technologies.
• Partners as the single point of contact within the Enterprise Risk and Compliance (ERC) team to ensure that technology and systems supporting cyber asset management are implemented and configured to ensure Cybersecurity of all assets across the Enterprise.
• Supports Cyber Security Asset Management strategy development and implementation to ensure external obligations are met across all regulators present and future.
• Partners with Enterprise Data Management, Physical Security and IT Infrastructure teams to set priorities and drive all risk- related activities managing the risks proactively.
• Primary thought leader for Enterprise Risk for development of the roadmap to Propel migration and mitigation strategies that support operational and strategic objectives of the ERC organization.
• Works directly with and coaches senior leadership in key operational areas to identify, address and communicate risk management issues, primarily focused on Cyber, Physical and IT risks.
• Recognizes and communicates internal and external developments that may impact risks based on in-depth knowledge of operational risks across all FAs to improve risk management practices across the enterprise.
• Provides subject-matter expertise and challenges business decisions and decision-making processes to ensure all aspects of risks are appropriately considered and effective controls and mitigations are implemented.
• Leads strategy development and implementation of risk education and training materials for use enterprise-wide and at all levels.

Background Qualifications

Minimum

Desired

Leadership Qualities

PG&E expects its leaders to conduct themselves with the highest ethics and integrity and to embody specific leadership qualities.

Strategic Mindset

A Leader in the Community and Industry

Demonstrates Safety Leadership

Influences and Inspires

Optimizes Team Performance

Values Inclusion and Respects Individual Differences

Fiscally Responsible

Leads Ethically and in a Compliant Manner

Provides a High Level of Customer Service

Compensation

PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of the job posting. This compensation range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience, market value, geographic location, and internal equity.

We estimate the successful candidate hired into this role will be placed within the reasonable compensation range of $168,000-$241,500.   The decision will be made on a case-by-case basis.  This leadership role is also eligible for an annual Short Term Incentive Plan (STIP) award, as well as the Long Term Incentive Plan (LTIP) grant.