Primary Purpose
This position manages a section or multiple related sections and translates cyber security strategy into executable plans across products or platforms. It balances risk reduction, service quality, and cost by selecting appropriate controls, metrics, and supplier arrangements, and by aligning teams to an operating model that supports business outcomes. The Information & Cybersecurity Governance team establishes and advances the organization's cybersecurity governance framework: bridging strategy and business operations to quantify risk, translate it into executive-ready intelligence, drive policy adoption, enable integrated risk management, and equip operational teams for real-time risk decisions. This team focuses on governance, risk visibility, and cross-functional coordination.
Duties and Responsibilities
- Cybersecurity Risk Reporting & Governance - Structures and delivers enterprise-wide cyber risk reporting for executive leadership and the board; maintaining governance forums and decision-support mechanisms that enable leadership visibility into risk posture and decision making.
- Policy & Standards Development -Authors, deploys, and maintains cybersecurity policies, standards, and procedures aligned with regulatory requirements, industry frameworks, and organizational risk appetite.
- Policy Exception Management - Administers policy exception process, including intake, risk-based evaluation, approval workflows, and tracking through resolution or acceptance.
- Compliance & Cross-Functional Coordination - Partners with operational cyber teams, IT, legal, compliance, safety, audit, supply management, and business stakeholders to ensure cybersecurity governance requirements are integrated into enterprise processes and regulatory obligations are met.
- Integrated Risk Management (IRM) Platform Execution - Drives the evolution and operational effectiveness of enterprise IRM platforms (e.g., ServiceNow) to enable risk reporting, issue tracking, remediation management, and policy exception facilitation.
- Maturity Assessment & Executive Exercises - Plans and executes cybersecurity maturity assessments and executive-level tabletop exercises to evaluate organizational preparedness and identify capability gaps.
- Tool & Process Optimization - Continuously evaluates, streamlines, and enhances cybersecurity governance tools, platforms, and workflows to improve operational efficiency, reduce manual effort, eliminate redundancy, and accelerate program delivery. This includes identifying automation opportunities, rationalizing toolsets, and ensuring governance processes scale effectively with organizational growth and evolving threat landscapes.
- People Management & Team Development - Directly manages a team of professionals responsible for executing cybersecurity governance programs. This includes workforce planning, performance management, coaching and mentorship, workload balancing, succession planning, and fostering a culture of accountability and professional growth.
- Performs other duties as assigned.
Sempra
101 Ash St
San Diego
California United States
www.sempra.com
