The Cybersecurity Risk & Strategy team focuses on identifying risks, helping partners reduce or mitigate risks, developing initiatives to protect PG&E from cyber-attacks, and engaging with other groups to continually improve PG&E’s security posture. As part of the Risk & Strategy Cybersecurity Consulting team, you will concentrate on PG&E efforts related to evaluating cybersecurity projects across the enterprise.
You will engage with project teams, and collaborate with other parts of the Cybersecurity group, Information Technology partners, and experts in the lines of business to identify threats, create strategies to better protect technology assets, and deploy technologies and processes to put those strategies into action. You will contribute to strategically manage risk and proactively adapt to evolving threats and business needs. Performing risk assessments, evaluating and assigning security controls, assisting with the development, design, and implementation of security architectures, project security support, and technical experience are all important skill sets for this position.
- Leads project engagements and technology assessments to understand capabilities of required systems or networks
- Identifies and recommends cyber strategies for technology development based on stakeholder requirements
- Drives security reviews, identifies gaps in security architecture and designs and recommends necessary security controls to be integrated within the development lifecycle
- Develops and recommends security controls, identifies key security objectives to maximize software and system security while minimizing disruption to plans and schedules
- Leads translation of security controls into technical specifications and guidance to stakeholders to ensure common understanding across the stakeholders and enable adequate implementation
- Actively recommends engineering solutions in collaboration with Cybersecurity Architects and product owners to remediate inherent cyber security risks
- Provides peer review and support for organizational deliverables