Cyber Security Risk & Governance Principal Manager

Job Description

Join the Clean Energy Revolution

Become a Cyber Security Risk and Governance Principal Manager at Southern California Edison (SCE) and build a better tomorrow. In this job, you'll be reporting to the Vice President/ CISO of the Cybersecurity & IT Compliance department. You will focus on setting and enforcing standards and ensuring security is "designed in" to new SCE systems on both the IT (Admin) and Grid networks. After setting security standards and reference architectures, you will support the Operating Units from system concept through go-live, ensuring security is applied and standards are met through each phase of the system lifecycle. Lead an organization to update and create cybersecurity standards and policy for the OUs, define reference architectures for secure business solutions, provide cybersecurity requirements and design reviews and support, and perform vulnerability assessments and penetration testing of business technologies before they go live. Lead a team that is also responsible for identifying and mitigating cybersecurity risk across SCE by providing security Governance, Risk, Compliance functions, Security Risk Assessments, and working with Supply Chain risk management. You will be the primary interface to the Organizational Units (OU) for cybersecurity support and will lead the intake of cybersecurity requests for SCE. In addition, you will also provide ongoing governance, risk, and compliance (GRC) for cybersecurity. As a Principal Manager, your work will help power our planet, reduce carbon emissions and create cleaner air for everyone. Are you ready to take on the challenge to help us build the future?

A day in the life - Get ready to think big, work smart and shine bright!
  • Lead cybersecurity team focused on identifying and managing cybersecurity risks to SCE systems and data in the IT and OT environments.
  • Develop, update, and manage cybersecurity standards and associated governance related functions. Interface with other parts of Cybersecurity & Compliance and other Operating Units (OUs) to ensure that SCE systems are designed, built, and tested to meet SCE security standards before systems go live. Help streamline the systems development lifecycle and save cost and time by designing security into the systems beginning at the concept development phase.
  • Provide cybersecurity risk and engineering services to the other OUs on activities such as risk assessments and developing secure architectures to strengthen the cybersecurity posture of the company. Support OU implementation and compliance with cybersecurity policy & standards. Interpret and provide guidance for OUs to meet interpret, understand, and meet security requirements and design concepts. Support OU-specific requirements through standards and reference architectures that are applicable to the business. Manage the governance process and review requests for waivers to standards and manage the risk register to ensure appropriate risk understanding and mitigation across the SCE enterprise.
  • Establish an intake and request process for the OUs to request design and support services from cybersecurity. Use organizational change management principles to improve the relationships between cybersecurity and the OUs so the OUs know how to request services and what support should be expected. Establish internal service level measurement to quantify the engagement improvements with the OUs. Interface with senior management and obtain buy in.
  • Lead the Operational Technology Cybersecurity (OTC) Project Management Office (OTC-PMO) to coordinate cybersecurity maturity across T&D, IT, and Cybersecurity with a focus on ICS (Industrial Control Systems)
  • Interface with Supply Management, Information Governance, and Law on managing vendor/third party risks.
  • Manage resources and budget levels to meet strategic objectives and operational needs of the SCE, IT, and Cybersecurity and Compliance priorities. Make, recommend, and/or approve employment decisions, manage managers and employee performance for both direct and/or matrixed reports, and establish performance expectations and goals aligned with Company objectives, policies, and procedures.
  • Make, recommend, and/or approve employment decisions (e.g., hiring, promotion, appropriate pay, rewards/recognition, succession planning, termination). Manage managers and employee performance for both direct and/or matrixed reports. Establish performance expectations and goals aligned with Company objectives, policies and procedures.
  • Manage, train, and develop staff by providing timely feedback, coaching and support.
  • Demonstrate Company values through decisions and actions. Promote the Company's safety culture to ensure a safe work environment.

The essentials
  • Bachelor's degree.
  • Ten (7) years of experience in Information Technology (IT) or Operational Technology (OT) and/or Engineering.
  • Seven (7) years of experience managing, supervising, or leading a diverse workforce, staff, or team.
  • Three (3) years of cyber security leadership experience.

The preferred
  • Relevant experience / knowledge of Electric Grid (OT) processes, procedures, operating environments, technologies, and operating constraints.
  • Five (5) years of experience in managing at least three engineering functions (standards development, architecture, requirements, design, testing, risk assessments, identity & access management, supply chain, etc.).
  • Experience with large System Design.
  • Experience with SCADA or Real-Time System Security expertise.
  • Experience with integrating NIST 800-82 control systems standards into existing Cybersecurity standards.
  • Proficiency building and leading cross- organizational teams, setting vision and objectives, establishing roles and responsibilities, developing high impact action plans, managing, mentoring, and enabling team success.
  • Ability to unify and lead cross-functional projects, establish and manage integrated master schedules and align cross-organizational teams / workstreams for maximum impact and efficiency.
  • Experience managing foundational areas for a large cybersecurity program, such as, but not limited to standards, risk, governance, architecture, vulnerability management, penetration testing, and others.
  • Demonstratable history of successfully building cross-organization partnerships to work as one team to apply effective cybersecurity controls.

You should know...
  • Visit our Candidate Resource page to get meaningful information related to benefits, perks, resources, testing information, and hiring process, and more!
  • Relocation is offered for this position.
  • This position requires testing and applicants who are identified to continue through the selection process will be invited to test via email. Please access our Information Guides to reference test (Edison Leadership Workstyles -Test 8201). Candidates who have previously passed these assessment(s), in some cases, may not need to retest again for this position.
  • This position has been identified as a NERC/CIP impacted position - Prior to being hired, the successful candidate must pass a Personnel Risk Assessment (PRA) or Background Investigation. Once hired, the candidate must complete specified training prior to gaining un-escorted access to assigned work location and performing necessary job duties.
  • US Citizenship required as part of Critical Infrastructure security protocols.

About Southern California Edison

The people at SCE don't just keep the lights on. Our mission is so much bigger. We're fueling the kind of innovation that's changing an entire industry, and quite possibly the planet. Join us and create a future with cleaner energy, while providing our customers with the safety and reliability they demand. At SCE, you'll have a chance to grow personally and professionally, making a real impact in Southern California and around the world.

At SCE, we celebrate our differences. We are a proud Equal Opportunity Employer and will not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other protected status.

We are committed to ensuring that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodations at (833) 343-0727. #L1-WT1