The primary responsibility of the Cybersecurity Governance Manager is to enhance and lead the Corporate Cybersecurity IT Governance Program in collaboration with the IT and Cybersecurity teams at Sempra Companies. This role demands strong leadership and project management skills, along with the expertise to conduct comprehensive system-wide security analyses, evaluate the effectiveness of controls, assess risks, and develop policies, standards, and guidelines.
Duties and Responsibilities
- Corporate policies and standards: Develops enterprise cybersecurity policies and standards. Aligns policies to National Institute of Standards and Technology (NIST) and other regulatory frameworks. Communicates updates and maintains the roadmap for future policy requirements. Liaison with business units to communicate, educate, and clarify and policy questions.
- Metrics and reporting: Creates and maintains metrics and reports for the Corporate Cyber Council and Board. Establishes processes for consistent, accurate, and repeatable reporting.
- GRC Operating Model: Implements and maintains the General Rate Case (GRC) tool and processes to support tracking and monitoring of risks, issues, and risk exception for Sempra Companies.
- Team Management: Provides leadership to a team made up of employees and third parties. Provides direction, motivation, and strategic oversight. Owns all aspects of employee management for a large team, directing work and providing guidance. Responsible for all aspects of performance management, training, and development. May supervise team leads.
- Management self-assessment program: Performs and/or engages a third party to perform assessments of any process with cybersecurity risk to evaluate the risks and adequacy of controls. Establishes meaningful recommendations considering risk and impact to business processes where gaps are identified.
- Approves contracts and services with 3rd party vendors.
- Performs other duties as assigned.
Qualifications
Education
- Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, Software Engineering, Business Administration, related field, or equivalent experience is required.
Experience
- 8 years of Relevant Experience: A strong background in cybersecurity governance, IT Risk Management, or a related field is required.
- 6 years of Leadership: Proven experience in supervisory and leadership roles is required.
- 6 years of Reporting and Metrics: Expertise in creating reports and metrics for senior business executives and/or the Board is required.
- 6 years of GRC Tooling: Hands-on experience with GRC tool-sets (Governance Risk and Compliance), especially ServiceNow GRC/IRM, is required.
- 6 years of Project Management: Demonstrated ability to manage projects in a fast-paced, collaborative environment, track progress, manage key deliverables, and report to executives is required.
- 2 years of Industry Experience: Experience in the energy sector or with a utility is preferred.
- Must reside in Southern California or be willing to relocate upon hire.
- We offer a hybrid work environment. Although the schedule may vary, typically this will allow you to work from the office three days per week and work remotely on the remaining workdays.
Sempra
101 Ash St
San Diego
California United States
www.sempra.com