Cybersecurity Technology Architect, Principal
San Francisco, CA

Job Description

Requisition ID # 14932

Job Category : Information Technology

Job Level : Manager/Principal

Business Unit: Information Technology and Supply Chain

Job Location : San Francisco

Company

Based in San Francisco, Pacific Gas and Electric Company, a subsidiary of PG&E Corporation (NYSE:PCG), is one of the largest combined natural gas and electric utilities in the United States.And we deliver some of the nation's cleanest energy to our customers in Northern and Central California. For PG&E, Together, Building a Better California is not just a slogan.It's the very core of our mission and the scale by which we measure our success. We know that the nearly 16 million people who do business with our company count on our more than 24,000 employees for far more than the delivery of utility services.They, along with every citizen of the state we call home, also expect PG&E to help improve their quality of life, the economic vitality of their communities, and the prospect for a better future fueled by clean, safe, reliable and affordable energy.

Pacific Gas and Electric Company is an Affirmative Action and Equal Employment Opportunity employer that actively pursues and hires a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color,national origin, ancestry, sex, age, religion, physical or mental disability status, medical condition, protected veteran status, marital status, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic informationor any other factor that is not related to the job.

Department Overview

The Cybersecurity team enables PG&E to achieve its mission by providing governance, oversight, and support of operational resiliency and asset safeguards in a relevant, timely and data-driven manner. The Cybersecurity team consists of security professionals, each with multiple years of experience in their chosen discipline:

* Cybersecurity Risk & Strategy
* Cybersecurity Project Management
* Policy, Compliance Management, Training, & Awareness
* Risk Monitoring & Incident Management
* Control Assessment & Verification
* Business Planning & Control

Working together, we review the current cyber threat landscape and lend our expertise to help the company understand its security posture and act on the highest priority risks.

The Cybersecurity team takes a proactive approach to security by focusing on the cyber risks PG&E faces. Cybersecurity's methodology and framework synthesizes current legal, regulatory, and operating mandates with PG&E's business goals and operations. By taking this information and focusing on the cyber risks unique to individual Lines of Business (LOB), Cybersecurity helps PG&E's LOBs make informed decisions about where to invest their resources.

Position Summary

This position is based out of San Francisco and will report to the Senior Manager of Cybersecurity Risk & Strategy. The successful candidate will provide cybersecurity architecture technical knowledge though leadership and consulting services with the lines of business and cybersecurity for the development of cybersecurity architectures and solutions that will address long-term strategic objectives and fulfill risk management strategies enterprise wide. This position will be responsible for delivering a hybrid cloud security architecture spanning AWS, Azure and Google Cloud. Creating and maintaining roadmaps, reference architectures, blueprints for cloud security encompassing CASB, Identity and Access Management, and QRadar integration, etc.

Understanding of one or several of the following items is highly desirable in the successful candidate:

* Cloud security
* Network Security
* Firewalls
* Segmentation
* Protocols
* Identity and access management
* System security
* Data Security
* Internal/External web security
* Remote access security
* Mobile technologies and security

Qualifications

Minimum:

* B.S. degree in Computer Science, Information Systems or other related field, or equivalent work experience
* 8 years of Information Technology experience, with at least 8 years of experience in information security working with security tools, security operations, security intelligence or equivalent functions
* 5 years in security technology infrastructure implementation

Desired:

* M.S. or M.B.A. degree in business administration, computer science, or equivalent preferred
* Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA)
* Utility industry experience strongly preferred
* Demonstrated knowledge or technological trends and developments in cyber/information security
* Knowledgeable of various hardware, software, and security networks and facilities that make up a utility infrastructure
* Experience with IT security products and technology
* Working experience with systems/software development, engineering, integration, testing and evaluation
* Knowledge of Cyber/information security management policies, procedures, regulations and governance processes
* Process and systems analysis, testing, application development, network design
* Knowledge of regulatory requirements and utility technologies are highly desirable
* Knowledge of risk management techniques

Skills and Abilities:

* Demonstrated problem analysis and decision-making skills
* Ability to communicate and convey complex IT/OT technical security related concepts to business and technology teams
* Ability to influence and work with and across all levels within the business
* Excellent written and verbal communication skills required
* Anticipates issues and develops innovative solutions
* Ability to successfully manage change
* Ability to foster a work environment in which individuals collaborate in pursuit of a common mission and mutual goals

Job Responsibilities

* Leads the development and improvement of architectural and security designs for PG&E systems.
* Explores and integrates new cybersecurity testing tools, processes, and capabilities.
* Serves as a subject matter expert to executive leadership on a range of cybersecurity best practices, architectures, solutions and technologies.
* Provides cybersecurity architecture services across specific lines of business to ensure the secure delivery of all technology.
* Supports the development and implementation of cybersecurity strategies across the LOBs.
* Ensures architectures, technologies and solutions align with and integrate regulatory requirements (e.g. HIPAA, SOX, NERC CIP, NRC Title 10, FCC, CPUC) and industry best practices (e.g. ITL, COBIT).
* Provides strategic and tactical cybersecurity guidance for technology (informational and operational) projects, including the evaluation and recommendation of technical controls.
* Develops technical roadmaps and business cases for technology investment.
* Defines cybersecurity protection/defense schemes.
* Provides functional domain expertise to support the definition and implementation of risk mitigation strategies for exposed production systems.
* Designs and implements cybersecurity reference architectures and solutions that are aligned to stakeholder needs and requirements.
* Effectively leverages industry trends and new technologies to develop cybersecurity strategies that enhance business value and address business needs.
* Maintains awareness of emerging threats and translates that awareness into architectures and designs that protect critical systems.
* Influences technological and architectural decisions with peer groups.
* Ensures that architectural deliverables (e.g. system lifecycle support plans, concept of operations, operational procedures and maintenance training materials) are properly documented and updated as necessary.
* Provides peer review and support for organizational deliverables.
* Works with senior management to support strategic planning and decision making.
* Coaches and mentors less experienced employees.