Requisition ID # 130081
Job Category: Project / Program Management
Job Level: Individual Contributor
Business Unit: Information Technology
Job Location: Sacramento; Auburn; Concord; Fresno; Oakland; San Carlos; San Francisco; San Francisco; San Ramon; Vacaville
The Corporate Security Department is part of the enterprise protection organization within PG&E. Our mission is to protect the people, assets, and facilities of PG&E. The department includes regional physical security, security asset and technology management, security operations center, compliance, investigations, emergency response, training and awareness and executive protection teams. Given the criticality of the infrastructure and the facilities it is housed within, PG&E has several compliance obligations at both the federal and state level. We work together internally and in concert with lines of business and supporting partners to provide security based on identified risks.
The Senior Corporate Security Critical Infrastructure Protection Program Manager is a key role which will create and lead Corporate Security Critical Infrastructure Protection and Compliance (CIPC) programs. The Program Manager will work with Critical Infrastructure Protection Specialists, Technology Teams and Compliance SMEs to ensure NERC CIP compliance. This position requires broad expertise and advanced knowledge of wide ranging issues related to the implementation of operational technology. Specific experience with CIP-004, CIP-005, CIP-007 and CIP-010. Demonstrated experience implementing these requirements with Physical Access Control System (PACS) infrastructure is preferred. The successful candidate will be expected to develop policy, process, procedures, and internal controls to ensure operations technology systems are sustainably compliant. Candidate will be required to develop department standards consistent with guidance document library formatting and success measures. Appropriate SMEs must be kept informed of new or evolving compliance obligations and necessary documentation captured to demonstrate the successful implementation of security standards and best practices. Should possess excellent writing skills and the ability to create professional and compelling presentation material. As issues arise, the successful candidate will lead and document apparent cause, root cause, fact finding, remediation, mitigation strategies and assist with the development and tracking of mitigation activities as needed.
The successful candidate will ensure consistent use of compliance related data systems, measure results, monitor controls and keep records of all regulatory compliance filings. This position will also act as a liaison for Corporate Security with Lines of Business (LOBs) and with staff at regulatory bodies assigned to investigate specific aspects of PG&E’s compliance practices.
The headquarter location will be based on the successful candidate’s residence and must be within the PF&E service territory. Estimated travel within PG&E service territory up to 15%.
- Solves complex problems and takes broad perspective to identify innovative solutions.
- May manage cross functional projects, programs, or initiatives.
- Coordinating audits, preparing reports, developing, and maintaining performance metrics, conducting self-certifications, spot checks, and investigations, issue handling, facilitating reporting and violation mitigation.
- Assist with the development, implementation, and maintenance of a cybersecurity compliance framework with an emphasis on physical security elements and program documentation in support one or more of FERC Dam Sector, NERC CIP Physical Security Requirements, CPUC, TSA Gas Pipeline and other regulations as assigned.
- Ensures that all documentation is current, complete, accurate and in compliance with applicable regulatory standards.
- May lead cross functional teams and engage in activities such as clarifying responsibilities and commitments, hand-offs, training, and communication.
- Applies subject matter expertise (SME) in physical security and regulatory knowledge to evaluate current practices, gap analysis and risk reduction initiatives.
- Expected to remain current with evolving regulatory requirements and ensure completeness of requirement inventory and compliance artifacts.
- Respond to ad hoc requests from other lines of business and compliance oversight organizations to ensure timely oral and written communication.
- Support Corporate Security requirement owners in the development, implementation, and maintenance of effective controls.
- May lead written responses to regulatory data requests, investigations, compliance and regulatory audits and customer inquiries.
- Conduct quality reviews on programmatic compliance activities.
- Develop documentation related to audit findings, self-reports, root cause analysis, mitigation plans and evidence of completion.
- May monitor developing or evolving compliance obligations to ensure compliance with national, regional, and local regulations. Developing new metrics as needed.
- Participate, monitor, and track LOB-owned compliance issues in Corrective Action Plans (CAP), initiation through closure.
- Implement commitment tracking activities associated with regulatory requirements
- Monitor compliance-related metrics, Implement WECC / NERC / FERC self-reporting process, including making non-compliance (PNC) determinations and preparing self-reports to the regulator.
- Validating, through Gap Analysis and Self-Certification, that complete and accurate evidence of compliance exists.
- Support requests from Electric Operations and NERC Compliance Teams
- Preparing presentations on compliance topics for Corporate Security, as needed.
- Develop and enhance compliance-related training.
- Bachelor’s degree or equivalent work experience
- Six (6) years of relevant work experience or in IT/OT technology, NERC compliance including some experience in physical security or in program management leading multiple complex projects
- Ten (10) years of experience in IT/OT technology, NERC compliance including some experience in physical security or in program management leading multiple complex programs.
- Master’s degree in job-related discipline or equivalent experience
- PMI-Project Management Institute PMP-Project Management Professional certification
- CISSP, CISA Certification
- ASIS Certified Protection Professional (CPP) or Physical Security Professional (PSP)
- Salary Offer $95K/yr - $188K/yr
- Address San Francisco, CA, USA
- Experience Level Senior
- Total Years Experience 10-20