Cyber Security Controls Assessor

Location
San Francisco, California
Salary
Competitive
Posted
26 Oct 2016
Closes
02 Dec 2016
Ref
53774459-E01
Sector
Oil and Gas
Contract Type
Permanent
Hours
Full Time
Company

Based in San Francisco, Pacific Gas and Electric Company, a subsidiary of PG&E Corporation (NYSE:PCG), is one of the largest combined natural gas and electric utilities in the United States. And we deliver some of the nation's cleanest energy to our customers in Northern and Central California. For PG&E, "Together, Building a Better California" is not just a slogan. It's the very core of our mission and the scale by which we measure our success. We know that the nearly 16 million people who do business with our company count on our more than 24,000 employees for far more than the delivery of utility services. They, along with every citizen of the state we call home, also expect PG&E to help improve their quality of life, the economic vitality of their communities, and the prospect for a better future fueled by clean, safe, reliable and affordable energy.

Pacific Gas and Electric Company is an Affirmative Action and Equal Employment Opportunity employer that actively pursues and hires a diverse workforce.  All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, sex, age, religion, physical or mental disability status, medical condition, protected veteran status, marital status, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic information or any other factor that is not related to the job.

Department Overview

Pacific Gas and Electric Company, a subsidiary of PG&E Corporation (NYSE:PCG), is one of the largest combined natural gas and electric utilities in the United States. Based in San Francisco, with 23,000 employees, the company delivers some of the nation's cleanest energy to 16 million people in Northern and Central California. Pacific Gas and Electric Company is an AA/EEO employer that actively pursues and hires a diverse workforce.

The Cybersecurity function is led by PG&E's Vice President - Chief Information Security Officer and is responsible for cybersecurity and risk management across the organization.

Position Summary

Oversees the assessment, verification, review, and audit of
security/privacy controls and overall security/privacy stance across the enterprise.

Qualifications

Minimum Education Required:
• Bachelor's degree in Computer Science, Information systems or related field, or equivalent work experience

Experience
• Minimum 3 or more years of general IT experience, including 3+ years of IT security or IT risk management experience

Desired On-the-job Experience:
• Utility experience

License/ Certification
Minimum Required License / Certification:
At least one existing certification from the following list, which must be a currently maintained and valid certification:
• Certified Information Systems Security Professional (CISSP);
• Certified Information Systems Auditor (CISA); or
• Certified in Risk and Information Systems Control (CRISC).

Desired License / Certification:
One or more current and valid certifications directly applicable or complementary to the role and area of expertise, including those listed above, as well as:
• CEH
• Security+
• ITIL • MCP, MCSE
• CCNA, CCNP, CCIE
• CISM
• SANS Audit, Software Security, Security Administration, or Forensics certification
• CCSK
• IAM, IEM

Knowledge, Skills, and Abilities:
• Excellent problem-solving and decision making ability
• Excellent written and verbal communication skills.
• Excellent technical documentation skills
• Professional demeanor, exceptional interpersonal skills, including teamwork, facilitation and negotiation
• Team player, highly collaborative, able to work cross-functionally.

Desired:
• Broad breadth of technical skills and experience in IT, security, and/or privacy; able to "wear multiple hats" even within the boundaries of the Third Party Security and Risk management Team
• Experience assessing Information Security risk and developing security reporting that is meaningful and actionable for a variety of audiences, including internal stakeholders and external third parties;
• Excellent planning, organizational and project management skills; detail and process-oriented; able to multi-task a number of different projects.
• Understanding of processes for risk evaluation and assessing third parties across diverse industries and against a broad range of security requirements.

Responsibilities

• Execute and support Third party vendors security and risk assessments, audits, tests, and verification activities.
• Validate controls are operating effectively.
• Contributor role in harmonizing controls and validating controls are operating effectively.
• Review test results or interpret evidence for vulnerabilities, gaps, and control deficiencies; work with business stakeholders to establish plans for sustainable resolution.
• Develop control test procedures, vulnerability-testing code writing capability, and other analytical tools to support the Third Party Security and Risk management activities and services.
• Document results of assessments, audits, tests, and verification activities.
• Create and maintain Third Party Security and Risk management service-aligned documentation.
Perform engineering review of security control modifications, as required.
Ability to speak and understand security terminology, especially those related to Information Assurance.
Conduct Security Testing and Generate Risk Scores on all Assessment Findings
• Maintain metrics for Third Party Security and Risk management; Administer and use tools to analyze risks, including vulnerabilities, impact upon occurrence, and likelihood of threats.
• Working knowledge of security domains, auditing standards and frameworks, and risk analysis frameworks.
• Develop partnerships with business owners and operational stakeholders, in identifying and resolving control deficiencies, and addressing information security and privacy vulnerabilities.
• Develop situational awareness, stay informed or current technology and vulnerabilities, and contribute to PG&E and industry in the area(s) of their specialty.
• Perform other tasks, as requested, to ensure that the Third Party Security and Risk management team meets its commitments to its customers.