Friday , February 23 2024

SOCAL Edison Jobs – Cyber Security Risk & Governance Principal Manager

Website Southern California Edison

Job Description:

Become a Cyber Security Risk and Governance Principal Manager at Southern California Edison (SCE) and build a better tomorrow. In this job, you’ll be reporting to the Vice President/ CISO of the Cybersecurity & IT Compliance department. You will focus on setting and enforcing standards and ensuring security is “designed in” to new SCE systems on both the IT (Admin) and Grid networks. After setting security standards and reference architectures, you will support the Operating Units from system concept through go-live, ensuring security is applied and standards are met through each phase of the system lifecycle. Lead an organization to update and create cybersecurity standards and policy for the OUs, define reference architectures for secure business solutions, provide cybersecurity requirements and design reviews and support, and perform vulnerability assessments and penetration testing of business technologies before they go live. Lead a team that is also responsible for identifying and mitigating cybersecurity risk across SCE by providing security Governance, Risk, Compliance functions, Security Risk Assessments, and working with Supply Chain risk management. You will be the primary interface to the Organizational Units (OU) for cybersecurity support and will lead the intake of cybersecurity requests for SCE. In addition, you will also provide ongoing governance, risk, and compliance (GRC) for cybersecurity. As a Principal Manager, your work will help power our planet, reduce carbon emissions and create cleaner air for everyone. Are you ready to take on the challenge to help us build the future?

Job Responsibilities:

  • Lead cybersecurity team focused on identifying and managing cybersecurity risks to SCE systems and data in the IT and OT environments.
  • Develop, update, and manage cybersecurity standards and associated governance related functions. Interface with other parts of Cybersecurity & Compliance and other Operating Units (OUs) to ensure that SCE systems are designed, built, and tested to meet SCE security standards before systems go live. Help streamline the systems development lifecycle and save cost and time by designing security into the systems beginning at the concept development phase.
  • Provide cybersecurity risk and engineering services to the other OUs on activities such as risk assessments and developing secure architectures to strengthen the cybersecurity posture of the company. Support OU implementation and compliance with cybersecurity policy & standards. Interpret and provide guidance for OUs to meet interpret, understand, and meet security requirements and design concepts. Support OU-specific requirements through standards and reference architectures that are applicable to the business. Manage the governance process and review requests for waivers to standards and manage the risk register to ensure appropriate risk understanding and mitigation across the SCE enterprise.
  • Establish an intake and request process for the OUs to request design and support services from cybersecurity. Use organizational change management principles to improve the relationships between cybersecurity and the OUs so the OUs know how to request services and what support should be expected. Establish internal service level measurement to quantify the engagement improvements with the OUs. Interface with senior management and obtain buy in.
  • Lead the Operational Technology Cybersecurity (OTC) Project Management Office (OTC-PMO) to coordinate cybersecurity maturity across T&D, IT, and Cybersecurity with a focus on ICS (Industrial Control Systems)
  • Interface with Supply Management, Information Governance, and Law on managing vendor/third party risks.
  • Manage resources and budget levels to meet strategic objectives and operational needs of the SCE, IT, and Cybersecurity and Compliance priorities. Make, recommend, and/or approve employment decisions, manage managers and employee performance for both direct and/or matrixed reports, and establish performance expectations and goals aligned with Company objectives, policies, and procedures.
  • Make, recommend, and/or approve employment decisions (e.g., hiring, promotion, appropriate pay, rewards/recognition, succession planning, termination). Manage managers and employee performance for both direct and/or matrixed reports. Establish performance expectations and goals aligned with Company objectives, policies and procedures.

Job Requirements:

  • Bachelor’s degree.
  • Ten (7) years of experience in Information Technology (IT) or Operational Technology (OT) and/or Engineering.
  • Seven (7) years of experience managing, supervising, or leading a diverse workforce, staff, or team.
  • Three (3) years of cyber security leadership experience.
  • Relevant experience / knowledge of Electric Grid (OT) processes, procedures, operating environments, technologies, and operating constraints.
  • Five (5) years of experience in managing at least three engineering functions (standards development, architecture, requirements, design, testing, risk assessments, identity & access management, supply chain, etc.).
  • Experience with large System Design.
  • Experience with SCADA or Real-Time System Security expertise.
  • Experience with integrating NIST 800-82 control systems standards into existing Cybersecurity standards.
  • Proficiency building and leading cross- organizational teams, setting vision and objectives, establishing roles and responsibilities, developing high impact action plans, managing, mentoring, and enabling team success.
  • Ability to unify and lead cross-functional projects, establish and manage integrated master schedules and align cross-organizational teams / workstreams for maximum impact and efficiency.
  • Experience managing foundational areas for a large cybersecurity program, such as, but not limited to standards, risk, governance, architecture, vulnerability management, penetration testing, and others.
  • Demonstrable history of successfully building cross-organization partnerships to work as one team to apply effective cybersecurity controls.

Job Details:

Company: Southern California Edison

Vacancy Type: Full Time

Job Functions: Others

Job Location: Los Angeles, CA, US

Application Deadline: N/A

Apply Here