Job Description

Department Overview

Enterprise Protection-Information Technology (EP-IT) Governance, Risk and Compliance (GR&C) is responsible for managing risk and compliance governance and oversight activities for the Information Technology and Enterprise Protection organization. The team reports directly to the SVP, CSO/CDAO with functional responsibility aligned to support the broader CIO organization. In a rapidly changing environment, this team provides guidance, consultation, and support to the IT Architecture, IT Operations, Cybersecurity and Corporate Security organizations to ensure risk and compliance are well-managed today and prepared for emerging requirements and opportunities in the future.

Position Summary

The UDN Compliance & Risk Consultant, Expert in EP-IT GR&C, will play a pivotal role in implementing and supporting the implementation of the PG&E Compliance Maturity Model (CMM) for adherence with internal standards and external regulatory requirements. The UDN Compliance & Risk Consultant, Expert reports to the Manager, EP-IT UDN Compliance responsible for managing the EP-IT enterprise-wide compliance program. The EP-IT compliance program spans both financial and customer business functions. The UDN Compliance & Risk Consultant, Expert position is accountable for the successful delivery of the compliance program in alignment with PG&E strategic vision & goals.

This position is hybrid, working from your remote office and Oakland, CA approximately 1 - 3 days per month, or more, based on business needs.

PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of the job posting. This compensation range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience, market value, geographic location, and internal equity. Although we estimate the successful candidate hired into this role will be placed between the entry point and the middle of the range, the decision will be made on a case-by-case basis related to these factors. This job is also eligible to participate in PG&E’s discretionary incentive compensation programs.

A reasonable salary range is:

• Bay Area Minimum: $118,000.00
• Bay Area Maximum: $188,000.00

Job Responsibilities

• Plan and manage annual compliance oversight activities utilizing CMM Elements as core functions.
• Act as a consultant for Cybersecurity Frameworks and controls, as well as ensuring compliance program standards and procedures align with CMM elements and NIST Frameworks.
• Coach and develop risk and compliance specialists in the formation of a cohesive, interdependent, and agile team of employees and contractors.
• Participate and contribute to industry forums and working groups.
• Develop and execute a comprehensive compliance monitoring process to identify potential risks and ensure corrective actions are taken promptly.
• Stay abreast of evolving regulatory changes in California and the broader utility industry, adapting processes and procedures accordingly.
• Collaborate with cross-functional teams to integrate compliance requirements into EP-IT business processes and programs.
• Provide guidance and training to employees on compliance matters, fostering a culture of awareness and accountability.
• Responsible for communicating findings and recommendations to directors, officers, and governance committees in a clear and concise manner.
• Anticipate and develop effective key performance and key risk indicators (KPI/KRI) to track, report, and improve overall performance and maturity of the compliance program.

Qualifications

• Minimum: Bachelor's degree in business, Engineering, or related discipline, or equivalent experience; 7 years of job-related experience.
• Desired: MBA or MS, or equivalent experience; experience in an IT, cybersecurity, or compliance role; strong analytical and problem-solving skills; excellent communication and interpersonal skills; experience at the corporate or operational level; experience in the utility or highly regulated industry; knowledge of California and Federal regulatory programs; familiarity with regulatory compliance concepts; detailed understanding of NIST RMF and CSF is highly desired.

Desired Certification: At least one existing certification from the following list, which must be a currently maintained and valid certification: Certified Information Systems Security Professional (CISSP); Certified Information Systems Auditor (CISA); Certified in Risk and Information Systems Control (CRISC); Risk Management Professional (RMP).

Job Tags

Similar Jobs