Department Overview
The Cybersecurity team enables PG&E to achieve its mission by providing governance, oversight, and support of operational resiliency and asset safeguards in a relevant, timely and data-driven manner. The Cybersecurity team consists of security professionals, each with multiple years of experience in their chosen discipline:
- Cybersecurity Risk & Strategy
- IT Compliance
- Cybersecurity Services
- Risk Monitoring & Incident Management
Working together, we review the current cyber threat landscape and lend our expertise to help the company understand its security posture and act on the highest priority risks.
The Cybersecurity team takes a proactive approach to security by focusing on the cyber risks PG&E faces. Cybersecurity's methodology and framework synthesizes current legal, regulatory, and operating mandates with PG&E's business goals and operations. By taking this information and focusing on the cyber risks unique to individual Lines of Business (LOB), Cybersecurity helps PG&E's LOBs make informed decisions about where to invest their resources.
Position Summary
The Third Party (Vendor) Risk Assessor is responsible for the assessment, verification, review, and audit of security/privacy controls and overall security/privacy posture of Third Party vendors against PG&E security standards, best practices and regulatory requirement across the enterprise, and other related tasks, as requested. This position is also responsible for risk analysis, risk determination, and Third Party risk management governance support across the enterprise. The Third Party (Vendor) Risk Assessor builds and maintains relationships with Business Unit partners to understand business requirements, issues resolution, and sustained overall customer satisfaction.
Qualifications
Minimum:
- Bachelor's degree in Computer Science or related field, or equivalent work experience
- 5 or more years of general IT experience, including IT security or IT risk management experience
Desired:
- Utility industry experience
- Excellent problem-solving and decision making ability
- Excellent written and verbal communication skills
- Excellent technical documentation skills
- Professional demeanor, exceptional interpersonal skills, including teamwork, facilitation and negotiation
- Team player, highly collaborative, able to work cross-functionally
- Resourceful and self-motivated, able to work independently when required
- Broad breadth of technical skills and experience in IT, security, and privacy; able to "wear multiple hats".
- Excellent planning, organizational and project management skills; detail and process-oriented; able to multi-task a number of different projects
- Provides technical leadership and serves as a senior level technical expert in area(s) of their specialty
Responsibilities
- Assist, execute and support Third party vendors security and risk assessments, audits, tests, and verification activities.
- Validate controls are operating effectively.
- Work under consultative direction to review test results or interpret evidence.
- Within area(s) of specialty, develop control test procedures, vulnerability-testing code writing capability, and other analytical tools to support Third Party Security and Risk Management activities and services.
- Document results of assessments, audits, tests, and verification activities.
- Create and maintain Third Party Security and Risk group, project, and service-aligned documentation.
- Perform or support review of security control modifications, as required.
- Develop ability to speak and understand security terminology, especially those related to Information Assurance.
- Conduct Security Testing and Generate Risk Scores on all Assessment Findings.
- Maintain metrics for Third Party Security and Risk management, Administer and use system/ Tools to analyze risks, including vulnerabilities, impact upon occurrence, and likelihood of threats.
- Working knowledge of security domains, auditing standards and frameworks, and risk analysis frameworks.
- Develop partnerships with business owners and operational stakeholders, in identifying and resolving control deficiencies, and addressing information security and privacy vulnerabilities.
- Develop situational awareness, stay informed or current technology and vulnerabilities, and contribute to PG&E and industry in the area(s) of their specialty.
- Perform other tasks, as requested, to ensure that the Third Party Security and Risk management group meets its commitments to its customers.
Click here to view the full job posting.
Pacific Gas and Electric Company (PG&E)
77 Beale St
San Francisco
California United States
www.pge.com
