Principal IT Risk & Vulnerability Remediation Consultant
Date: Nov 21, 2024
Location: Bethpage, NY, US
Company: PSEG
Requisition: 80480
PSEG Company: PSEG Long Island
Salary Range: $ 101,600 - $ 160,900
Incentive: PIP 15%
Work Location Category: Remote Local
PSEG operates under a Flexible Work Model where flexible work is offered when job requirements allow. In support of this model, roles have been categorized into one of four work location categories: onsite roles, hybrid roles that are a blend of onsite and remote work, remote local roles that are primarily home-based but require some level of purpose-driven in-person interaction and living within a commutable distance, and remote non-local roles that can be effectively performed remotely with the ability to work in approved states.
We want you to be healthy, balanced, and feel secure. That’s why you’ll enjoy a comprehensive range of benefits, with a focus on supporting your whole health. Starting on day one of your employment, you’ll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs. We also offer a retirement program, 401(k) with company match, company paid life insurance, tuition reimbursement and a minimum of 18 days of paid time off per year.
PSEG offers a unique experience to our more than 12,000 employees – we provide the resources and opportunities for career development that come with being a Fortune 500 company, as well as the attention, camaraderie and care for one another you might typically associate with a small business. Our focus on combatting climate change through clean energy technology, our new net zero climate vision for 2030 and enhanced commitment to diversity, equity and inclusion; and supporting the communities we serve make this a particularly exciting time to join PSEG.
Job Summary
This position is a direct report to the Group Product Manager and has sound knowledge of business processes in the specific area of technology enablement. This position is responsible for managing Vulnerability Management Remediation, Risk Management, Reporting and Metrics Management, and Governance & Process Improvement, to meet business outcomes, spanning multiple technologies including associated impact, cost and complexity. In that capacity, this position is responsible for the following:
• Product Consultants are the primary facilitators for product. Product Consultants are responsible for optimizing the value proposition. They anticipate issues and/or complications, and respond well to time pressures.
• Leads the effort to work with multiple IT teams to oversee and govern Vulnerability Management Remediation, Risk Management, Reporting and Metrics Management, and Governance & Process Improvement.
• Serves as a subject matter expert for their assigned area.
• Prioritize actions with IT resources to meet changing business needs.
• Keeps informed of technical and managerial advances in IT, including leading the introduction of best practice.
Job Responsibilities
Responsibilities include:
• Leading products teams, in a matrix model, to deliver business solutions:
Vulnerability Management and Compliance –
o Primary point of contact for vulnerability management and related queries and escalations.
o Works with IT teams to govern and enforce IT Vulnerability Management process, inclusive of identifying, specifying and analyzing vulnerability closure, report status and managing progress throughout the lifecycle of a vulnerability.
o Develops status updates, evaluates SLA adherence and formulates plans, schedules and escalation channels, in order to meet or exceed SLA targets.
o Collaborate with various team to assess risks related to open vulnerabilities and implement mitigation strategies.
o Manages vulnerability life-cycle, including risk acceptance process for residual vulnerabilities / risk items.
o Identifies and negotiates schedules, milestones and resources required to meet objectives, primarily through coordinating the activities with other IT departments and Vendors (e.g., database, telecommunications, operations, technical support, etc.).
o Escalates unresolved vulnerabilities in a timely manner and close any backlogs.
• Governance and Process Improvement:
o Design and build processes for governance of IT vulnerability management, risk management, and compliance.
o Utilize domain specific knowledge to work with different IT teams to: identify, specify and analyze SLA requirements and processes, and monitors progress throughout the vulnerability lifecycle and closure process.
o Identifies process gaps and recommends improvements to enhance efficiency and reduce operational risk
• Responsible for reporting and metrics management:
o Define, track, and manage key performance indicators (KPI) for IT business areas, including IT service management, Vulnerability management, Application Management, Infrastructure Management etc.
o Produce reports and dashboards on Vulnerability Management, SLA Adherence, and IT operational metrics to senior leadership team.
o Ensures quality through the use of company-approved methodologies.
Job Specific Qualifications
Required Qualifications:
• Bachelor’s degree in Computer Science or a related technical field, i.e. STEM, with 6 or more years of relevant work experience
• Demonstrated leadership capabilities through projects or other work planning experiences
• Understanding of and experience in IT project management methodologies, requirements management, quality assurance and IT processes
• Requires broad knowledge of the business area's functions and applications, and of system and technology alternatives
• Strong understanding of Vulnerability Management process, Risk assessments methodologies, and SLA/KPI management & reporting
• Demonstrated experience in analytic tools to automate performance reporting, and KPI management
• Prior experience in IT governance, risk and/or compliance field
• Strong analytical ability to translate insights into actionable recommendations
• Strong verbal and written communication skills
• Strong facilitation skills
• Strong judgment and escalation management skills
• Ability to foster working relationships with the team, IT Management and vendor teams
• Good understanding of technology platforms and ability to explain technical ask
• Ability to measure process performance and identify constraints, or any other escalation requirements
• Working knowledge of specific technology area including business process configuration and execution for assigned domains
Desired Qualifications:
• Relevant technical acumen or experience in vulnerability management tools, risk assessment and IT governance
• Familiarity with risk management framework.
• Ability to automate repetitive tasks
• Ability to handle complex challenges under time constraint.
• Ability to prioritize and escalate critical vulnerabilities to the appropriate stakeholders
• Project Management Professional Certification (PMP)
• Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC)Experience with Cybersecurity
Minimum Years of Experience
Education
Certifications
Disclaimer
Certain positions at the Company may require you to have access to Part 810-Controlled Information. Under the law, the Company is limited in who it can share this information with and in certain circumstances it is necessary to obtain specific authorization before the Company can share this information. Accordingly, if the position does require access to this information, you must complete a 10 CFR Part 810 Export Control Compliance Nationality Request Form, a copy of which will be provided to you by Talent Acquisition if an offer is made. If there is a need for specific authorization, due to the time it takes to obtain authorization from the government, we will likely not be able to further proceed with an offer.
PSEG is an equal opportunity employer, dedicated to a policy of non-discrimination in employment, including the hiring process, based on any legally protected characteristic. Legally protected characteristics include race, color, religion, national origin, sex, age, marital status, sexual orientation, disability or veteran status or any other characteristic protected by federal, state, or local law in locations where PSEG employs individuals.
As an employee of PSEG you should be aware that during storm restoration efforts, you may be required to perform functions outside of your routine duties and on a schedule that may be different from normal operations.
For all roles, PSEG’s drug and alcohol testing program includes pre-employment testing, testing for cause, and post-incident/accident testing. For employees in federally regulated roles (including positions covered by USDOT, PHMSA, or NRC regulations), this also includes random testing. Although numerous states throughout the country have legalized marijuana/cannabis products recreationally and/or medically, it is prohibited for employees in federally regulated roles. Employees who are hired or transfer into a federally regulated role are subject to drug and alcohol testing, inclusive of marijuana. Please note that the use of CBD products may result in a positive drug test for THC/Marijuana and such use is not a legitimate medical explanation for such a positive result.
PSEG employees must apply for jobs internally through emPower which can be accessed through sharepoint.pseg.com by clicking on the emPower icon, then selecting careers. This site is strictly for candidates who are not currently PSEG employees, with the exception of PSEG employees who do not have company email addresses.
PSEG is committed to providing reasonable accommodations to individuals with disabilities. If you have a disability and need assistance applying for a position, please call 973-430-3845 or email accommodations@pseg.com.
If you need to request a reasonable accommodation to perform the essential functions of the job, email accommodations@pseg.com. Any information provided regarding a disability will be kept strictly confidential and will not be shared with anyone involved in making a hiring decision.
ADDITIONAL EEO/AA INFORMATION (Click link below)
Nearest Major Market: Long Island
Nearest Secondary Market: New York CIty
Job Segment:
Risk Management, Sharepoint, Developer, Quality Assurance, Equity, Finance, Technology