Cyber Risk & Compliance Tech Lead
Bethpage, New York, United States
PSEG operates under a Flexible Work Model where flexible work is offered when job requirements allow. In support of this model, roles have been categorized into one of four work location categories: onsite roles, hybrid roles that are a blend of onsite and remote work, remote local roles that are primarily home-based but require some level of purpose-driven in-person interaction and living within a commutable distance, and remote non-local roles that can be effectively performed remotely with the ability to work in approved states.
PSEG offers a unique experience to our more than 12,000 employees – we provide the resources and opportunities for career development that come with being a Fortune 500 company, as well as the attention, camaraderie and care for one another you might typically associate with a small business. Our focus on combatting climate change through clean energy technology, our new net zero climate vision for 2030 and enhanced commitment to diversity, equity and inclusion; and supporting the communities we serve make this a particularly exciting time to join PSEG.
Job Summary
This position is an experienced, senior level, hands-on technical lead, performing IT security functions and maintaining systems, while providing technical guidance to the team. Manage & enhance the cyber risk management program to ensure proactive and comprehensive approach to managing cyber risk within PSEG. Optimize and streamline third-party risk management processes to ensure effective oversight and adherence to security requirements. Evaluate, select, and implement new security technologies to enhance risk and compliance capabilities. Ensure ongoing compliance with relevant cybersecurity regulations and standards. Strengthen collaboration with IT, legal, enterprise risk, and business units to address cybersecurity requirements and ensure a comprehensive approach.
Job Responsibilities
Responsibilities include:
• Develop, enhance, and manage the cybersecurity risk management program in alignment with industry standards, regulatory requirements, and organizational goals
• Develop a strategy for managing cybersecurity risks associated with third-party vendors
• Ensure that third-party relationships are evaluated and monitored for cybersecurity compliance
• Coordinate and support regulatory compliance assessments and audits, and lead remediation activities for any audit and control findings
• Collaborate with the incident response team to integrate risk analysis into incident response planning
• Conduct regular cadence with enterprise risk and third-party risk teams to ensure organizational visibility and escalation of cyber related risks
• Manage the full cyber risk lifecycle, inclusive of identification, assessment, mitigation of cyber risks, and updating of cyber risk register
• In collaboration with management, plans, organizes, leads, administers, and evaluates the projects and activities of the Risk Management / Governance and Compliance function.
• Evaluates risks and designs controls to manage risks. Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
Job Specific Qualifications
Required Qualifications:
• Bachelors degree and 8 years of relevant cyber security experience
• In lieu of a degree 12 years of cyber experience
• Experience with Cyber strategy development.
• Technical experience includes: information / data / network / computer security design, administration and/or assessment.
• Experience with key information security technologies such as SIEM, firewalls, intrusion detection/prevention systems, vulnerability assessment, encryption, identity and access control systems, anti-malware, and security event analysis.
• Demonstrated ability to effectively communicate with both technical and non-technical individuals.
• Experience building and maintaining a solid working knowledge of Information Security principles and practices.
• Demonstrated ability to follow cyber security news and alerts in order to understand complex attack vectors and risks including the ability to identify and evaluate emergent cyber security threats and vulnerabilities.
• Experience in recommending appropriate corrective actions for information security incidents and provides risk mitigation recommendations to management and team.
• Must be able to work independently with little or no supervision.
• Experience working in a team environment, with experience teaching and learning from other team members.
• Ability to foster working relationships with the team, IT Management and Client departments.
• Ability to explain technical concepts to the business users in the context of business requirements.
Please Note the Following:
• Approximately 5% Travel required
• NERC CIP position, requires NERC CIP background investigation prior to start
Desired:
• Industry Security certifications such as SANS, CISSP, etc.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISSP Compliance Encryption Firewalls Governance Incident response Intrusion detection Malware NERC CIP Risk analysis Risk management SANS SIEM Strategy Teaching Vulnerabilities
Perks/benefits: Career development Flex hours Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.