Governance, Risk & Compliance Manager (GRC)
Date: Oct 6, 2024
Location: Bethpage, NY, US
Company: PSEG
Requisition: 78527
PSEG Company: PSEG Long Island
Salary Range: $ 129,000 - $ 211,900
Incentive: PIP 20%
Work Location Category: Remote Local
PSEG operates under a Flexible Work Model where flexible work is offered when job requirements allow. In support of this model, roles have been categorized into one of four work location categories: onsite roles, hybrid roles that are a blend of onsite and remote work, remote local roles that are primarily home-based but require some level of purpose-driven in-person interaction and living within a commutable distance, and remote non-local roles that can be effectively performed remotely with the ability to work in approved states.
We want you to be healthy, balanced, and feel secure. That’s why you’ll enjoy a comprehensive range of benefits, with a focus on supporting your whole health. Starting on day one of your employment, you’ll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs. We also offer 401(k) with company match, company paid life insurance, tuition reimbursement and a minimum of 18 days of paid time off per year.
PSEG offers a unique experience to our more than 12,000 employees – we provide the resources and opportunities for career development that come with being a Fortune 500 company, as well as the attention, camaraderie and care for one another you might typically associate with a small business. Our focus on combatting climate change through clean energy technology, our new net zero climate vision for 2030 and enhanced commitment to diversity, equity and inclusion; and supporting the communities we serve make this a particularly exciting time to join PSEG.
Job Summary
The Manager of Cyber Security leads the development, implementation, and ongoing coordination of an enterprise-wide cyber security governance, risk & compliance management (GRC) program including cyber risk identification, analysis, and mitigation, tracking and reporting to executive management. Coordinates among all lines of business and service departments, as well as external risk organizations (including E-ISAC, and other cyber industry trade organizations) and peer energy companies, as PSEG LI's senior leader responsible for Cyber GRC. This leader develops and maintains enterprise information and cyber security policies to ensure PSEG LI digital products and services have best in class cyber security, oversees vendor risks and influences user behavior to ensure that information, cyber assets, and industrial control systems are adequately protected.
This leader is responsible for defining and aligning security policies, strategy, standards and controls, risk management, 3rd party risk, assessments, baseline security controls, as well as technology compliance initiatives. The Director of Cybersecurity engages across the enterprise and supports cyber innovation activities based upon emerging operating horizon needs. This individual is responsible for maintaining PSEG LI's NIST CSF program and oversees Information Security staff in the evaluation of risks and threats. This individual is responsible for the development, implementation, communication, operation, monitoring and maintenance of the security policies and procedures to promote secure and uninterrupted operation of all systems, application and infrastructure.
Additionally, this role is responsible for planning, executing, and closing specific cybersecurity projects for PSEG LI. This includes defining project scope, allocating resources, managing timelines, and coordinating efforts across the teams. This includes completing projects, controlling business processes, and ensuring effective capability maturation in support of the business. Determines the potential needs of Cyber including Delivery capacity planning, Day 2 strategy planning, and Dependency (Down & Cross-stream) planning. Responsible for managing all requests along the across the run, build, transform spectrum and tracking & forecasting OPEX, CAPEX including HW, SW, & licensing. Responsible for all regular and ad hock reporting and dashboarding.
Job Responsibilities
- Provide leadership and direction to a team responsible for information security policies and practices., Completes risk analysis & assessments, and maintain compliance to standards and regulatory requirements. Manage other matrix relationships both internal and external to Cyber (such as Business Continuity, IT Operations, and OT Operations) required to complete all assigned tasks.
- Establishes measurable individual and team objectives aligned with organizational and business goals. Recognize and reward associates commensurate with performance. Ensure that staff has the resources and skills needed to support all work initiatives.
- Ensure that PSEG Digital Services offered to external customers are secure and follow regulatory and best practice frameworks.
- Work with Functional Areas to implement practices that meet defined policies and standards for information security. Oversee all information and cyber security risk management activities and ensures effective coordination with corporate risk management.
- Establish information security baseline and advances information security maturity model; subject matter expert to executive management and external stakeholders on range of information security standards as influenced by federal and state regulatory agencies (e.g., NERC, NRC) and industry best practices (e.g. C2M2, NIST). Communicates and ensures information security programs, and other assigned frameworks are in compliance with regulatory applicable laws, policies, organizational security policies and standards. Lead efforts to establish and implement integrated cyber security and risk management solutions.
- Develop and manage a GRC capital and O&M budgets to meet business needs. Provide leadership in the identification of optimal O&M and capital allocations, inclusive of opportunities to reduce expenditures while transforming the way PSEGLI conducts its business. Lead and/or participate in business case development.
- Aligns cyber strategies, services, investment decisions and delivery structures and processes with the strategic direction of the organization.
- Develop and monitor a strategic, comprehensive cyber security and risk management program (including strategy, policies, standards, processes, and guidelines) to ensure the integrity and confidentiality of information owned, controlled or processed by the organization.
- Coordinate information security and risk management projects with PSEG IT Application and Infrastructure delivery and operations groups as well as business unit teams; provide strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls. Coordinate with PSEG Strategic Sourcing to ensure that information security requirements are incorporated into third party arrangements.
- Responsible for cyber program management including, delivery management, capacity management, demand management, cost management, and metrics & reporting.
Job Specific Qualifications
Required
- Bachelors degree and 10 years of relevant cyber security experience
- Over 10 years of information security management experience to include a combination of security application development and system security administration in large multi-platform environments (e.g UNIX, Windows, Linux, and Industrial Control System)
- Over 5 years of experience in an Information Security leadership role managing teams of at least 5 FTEs
- Strong understanding of current cyber threats, regulatory frameworks (e.g. NERC CIP) and information security technologies
- Expert in interpreting and communicating technical information in business language and vice versa
- Can anticipate change and effectively and efficiently deploy resources
- Able to take innovative approaches to problem solving
- Thinks strategically with a focus on business value; able to develop strategies while incorporating a broad organizational perspective
- Makes decisions at the appropriate time, taking into account the needs of the situation, priorities, constraints and the availability of necessary information
- Identifies inspiring goals and objectives, then motivates and leads others towards them
- Experience with the implementation of NIST Cyber Security Framework (CSF), North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) or other comparable frameworks
- Track record of metric-based evaluation of cyber security posture and proven ability to balance risks and make sound decisions in emergency situations
- Strong process discipline in a continuous improvement environment. Experience managing cost center and departmental financial functions like budgets, etc.
- Demonstrated capabilities in leadership, innovation, problem solving, influencing, organizing and relationship building.
- Excellent verbal and written communication skills, persuasion, and the ability to communicate security and risk-related concepts to both technical and non-technical audiences at all levels, including the C-suite
- CISSP or equivalent security certification
Desired
- Experience in Electric or Gas Utility or Power Generation Sectors
- Experience designing security for commercial digital products used on a large customer basis
- Proven track record of developing cyber processes that improve effectiveness, efficiency and controls
- Experience in dealing with internal / external auditors and regulators
Minimum Years of Experience
Education
Certifications
Disclaimer
Certain positions at the Company may require you to have access to Part 810-Controlled Information. Under the law, the Company is limited in who it can share this information with and in certain circumstances it is necessary to obtain specific authorization before the Company can share this information. Accordingly, if the position does require access to this information, you must complete a 10 CFR Part 810 Export Control Compliance Nationality Request Form, a copy of which will be provided to you by Talent Acquisition if an offer is made. If there is a need for specific authorization, due to the time it takes to obtain authorization from the government, we will likely not be able to further proceed with an offer.
PSEG is an equal opportunity employer, dedicated to a policy of non-discrimination in employment, including the hiring process, based on any legally protected characteristic. Legally protected characteristics include race, color, religion, national origin, sex, age, marital status, sexual orientation, disability or veteran status or any other characteristic protected by federal, state, or local law in locations where PSEG employs individuals.
As an employee of PSEG you should be aware that during storm restoration efforts, you may be required to perform functions outside of your routine duties and on a schedule that may be different from normal operations.
For all roles, PSEG’s drug and alcohol testing program includes pre-employment testing, testing for cause, and post-incident/accident testing. For employees in federally regulated roles (including positions covered by USDOT, PHMSA, or NRC regulations), this also includes random testing. Although numerous states throughout the country have legalized marijuana/cannabis products recreationally and/or medically, it is prohibited for employees in federally regulated roles. Employees who are hired or transfer into a federally regulated role are subject to drug and alcohol testing, inclusive of marijuana. Please note that the use of CBD products may result in a positive drug test for THC/Marijuana and such use is not a legitimate medical explanation for such a positive result.
PSEG employees must apply for jobs internally through emPower which can be accessed through sharepoint.pseg.com by clicking on the emPower icon, then selecting careers. This site (PSEG Careers and Job Openings) is strictly for candidates who are not currently PSEG employees, with the exception of PSEG employees who do not have company email addresses.
PSEG is committed to providing reasonable accommodations to individuals with disabilities. If you have a disability and need assistance applying for a position, please call 973-430-3845 or email accommodations@pseg.com.
If you need to request a reasonable accommodation to perform the essential functions of the job, email accommodations@pseg.com. Any information provided regarding a disability will be kept strictly confidential and will not be shared with anyone involved in making a hiring decision.
ADDITIONAL EEO/AA INFORMATION (Click link below)
Nearest Major Market: Long Island
Nearest Secondary Market: New York CIty
Job Segment:
Compliance, Information Security, Strategic Sourcing, Sharepoint, Developer, Legal, Technology, Operations