Local candidates only. Industrial control system/operational technology experience, security risk consulting experience, and electric operations or NERC CIP experience. Sacramento, San Ramon, Concord, or San Francisco.
REQUIRED: Excellent planning, organizational and project management skills; detail and process-oriented; able to juggle multiple priorities in a fast-paced environment Understanding of information security concepts and strategy Understands information security holistically and how it relates to business goals Understanding of risk assessment and risk analysis frameworks Outstanding problem-solving/decision making ability Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms First class documentation skills Exceptional interpersonal skills, including teamwork, facilitation and negotiation Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively DESIRED: • Experience with enterprise security in a complex, multi-platform environment including SCADA, ICS, and other complex technology platforms • Experience with regulatory requirements (Nerc-CIP, SOX, FCC, SB 1386/1746, etc.) • Utility industry and/or operational technology experience strongly preferred • Cyber/information security management policies, procedures, regulations and governance processes, Information Systems/Network Security, System Security Analysis, Information Assurance Compliance • Risk management techniques, technological trends and developments in cyber/information security, systems/software development, engineering, integration, testing and evaluation and operating systems • Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or equivalent • Mastery of Cybersecurity best practices and standards (e.g. NIST, ISO, etc.) • Mastery of computer networking concepts and protocols, and network security methodologies • Mastery of cloud security concepts, including experience with public cloud (e.g. AWS, Microsoft Azure, etc.) and implementation experience REQUIRED: Minimum of 4 years of relevant technical experience Utility Experience DESIRED: CLIENT experience within the related line of business. Minimum of 2 years of leading a team in an IT/OT function CISSP certification, or ability to obtain via self-study within one year of date of hire, other relevant IT or security certifications.
Significant contributor to security vision, strategy, planning and leadership for the design, development, implementation and support of technology risk management framework for the Electric line of business to achieve its objectives. Contributes to successful implementation of security into new/enhanced systems to meet scope, schedule, and budget. Recommends risk-based prioritization for security within technology roadmaps. Scope the assessment of risks and the execution of plans to mitigate the risks. Proactively provides expert knowledge of industry trends and technologies as it relates to specific opportunities where security can enhance value to the business and/or addresses a specific business need. Contributes to technology risk-based investment planning through risk-integration with BTLs. Identifies risk opportunities to make IT and business processes more effective and efficient. May direct the implementation of improvement (mitigation) initiatives. Drive compliance to standards/regulations and governance processes as it relates to the line of business. Core Responsibilities: Overall "operations” arm of the risk management function. Develops and operates enterprise technology risk dashboard. Analyzes supply & demand and for all risk assessment activities to develop schedule with A&V team. Accountable for development of security business (quality) requirements. Acts as a liaison to operations and CTO to drive improvement based on patterns. Drafts risk exception reporting, where applicable. Works with Risk Advisory team to develop mitigation plans. Establishes and maintains security metrics. Manages and accountable for the development of the risk scenario library. Key Outputs: Supply and demand forecast. Security requirements Overall risk assessment master schedule. Reporting standards and templates. Risk mitigation plans and Security metrics.