Southern California Edison Senior Manager, Cybersecurity Risk and Governance in Rosemead, California
ENERGY FOR WHAT’S AHEAD
Are you looking to make a difference in your career? We’re working on smarter grids, cleaner energy and tools to help people manage energy more efficiently.
As a Senior Manager in Cybersecurity Risk and Governance, you will lead a team who evaluates, tests, recommends, develops, coordinates, monitors, maintains, audits and implements Cybersecurity standards, governance policies, procedures and systems.You will guide governance and risk assessment efforts for hardware, firmware and software across the SCE Corporate environment. You assist in the investigation of security incidents and recommend improvements for governance and risk assessment methodologies. Responsible for ensuring that appropriate cybersecurity governance processes are in place for programs such as NIST policy standards. As part of SCE's Cybersecurity team, you will create innovative programs to protect our key electric infrastructure against threats, propels transformation, and drives growth.
Detailed stuff you will be doing...
As the Senior Manager, you are responsible for leading and coordinating, articulating, and tracking actions related to developing and driving the implementation of the cyber assurance plans, ensuring effective cybersecurity governance and risk management practices, and engaging with the business unit members on a wide range of cybersecurity matters to achieve overall business objectives.
Plan, direct and control ongoing information technology (IT) governance and risk management programs including identification, classification and prioritization of risk associated with information resources. Analyzes risk management programs and observations and makes recommendations as to the most helpful and cost-effective approaches to addressing risk threatening cybersecurity.
Implement tools and technology to provide important metrics and reports for cybersecurity governance, risk and adherence to cybersecurity standards. You will maintain an integrated governance and risk technology roadmap to ensure key integration of risk and governance tool sets with cybersecurity infrastructure.
Qualifications you need…
You have seven (7) years of experience supervising or managing a technical teams or business units, though ten (10) or more years of management experience is preferred. You have five (5) or more years of experience deconstructing complex security processes and solutions to identify relevant risk areas, potential control points, and provide sound recommendations for risk treatment.
Preferred requirements include…
It is preferred if you have ten (10) years of experience in the information security field and managing an information security staff in a medium to large company or installation. It is preferred if you have five (5) or more years of experience with various security disciplines, up to and including securing Internet/web development, security practices and methodologies, or equivalent strengths in security controls architecture on mainframe or mid-range systems, firewalls and dial up systems, and industry technologies, such as public key infrastructures (PKI), digital certificates, intrusion detection/prevention, and encryption. Additional preferences include:
Broad inter-disciplinary skills, with a demonstrated capability of bringing to any scale environment a solid background in information security technologies, tools, and competencies, as well as strong analytical proficiencies, program management skills, knowledge of client business, and a real-world perspective and application of security technology trends and advances.
Analysis, design, and implementation of industry-standard information security programs on mainframe, mid-range, network, and distributed computing environments.
Development of strategic information security plans, policies, procedures, and controls, and an extensive experience in regulatory compliance, up to and including, external and internal audits.
Design and implementation of security systems, common services, governance, programs, administrative functions, and energy systems, as well as an in-depth knowledge of information classification, forensics investigations, incident response and tracking, and risk management and assessment methodologies and programs.
Deconstruct complex security processes and solutions to identify relevant risk areas, potential control points, and provide sound recommendations for risk treatment.
Knowledge of Information Security best practice such as NIST 800 series, ISO 27000 series, ISA, or COBIT.
Experience with security related compliance standards such as NERC CIP, NRC or comparable standards.
Interpersonal and leadership skills to form and maintain effective project teams consisting of members across organizations.
Knowledge of change management process such as ITIL, Six Sigma, or MSF.
Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or GIAC GSEC certified.
Bachelor’s degree in Engineering, Computer Science, Information Systems or related field.
You should know...
Relocation is available for this position, and who wouldn’t want to live in sunny Southern California?
US Citizenship required as part of Critical Infrastructure security protocols.
NERC/CIP - This position has been identified as a NERC/CIP impacted position - Prior to being hired, the successful candidate must pass a Personnel Risk Assessment (PRA) or Background Investigation. Once hired, the candidate must complete specified training prior to gaining un-escorted access to assigned work location and performing necessary job duties.
Southern California Edison, an Edison International (NYSE:EIX) company, serves a population of approximately 15 million via 5 million customer accounts in a 50,000-square-mile service area within Central, Coastal and Southern California. Join the utility leader that is safely delivering reliable, affordable electricity to our customers for over 125 years.
SCE is a proud Equal Opportunity Employer and will not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other protected status.