Chief, IT and Cyber Risk Validation
Company: PG&E Corporation
Location: San Ramon
Posted on: January 1, 2026
|
|
|
Job Description:
Requisition ID 167963 Job Category: Compliance / Risk / Quality
Assurance Job Level: Director/Chief Business Unit: Gen Counsel,
Ethics, Risk & Compliance Work Type: Hybrid Job Location: San Ramon
Department Overview The Operational Risk Validation team is focused
on assessing and validating risk mitigations and controls to
determine the effectiveness of PG&E’s programs to address the
highest risks for the enterprise. The goal is to confirm the right
work is being done in a way that truly reduces risk, and to
strengthen how we collectively quantify actual risk reduction based
on units of work completed. This team will partner closely with the
existing risk, compliance, and operational groups, digging a few
levels deeper beyond compliance. This will include observations in
the field and dialogue with front-line employees to better
understand operational risks, inform future risk reduction
programs, and advocate for needed resources or support. Assessments
and validations of risk-reducing work will be done for the top-tier
enterprise risks, while responding to industry disruptors and
emerging risk factors that may not fit neatly into existing risk
frameworks. These assessments and resulting recommendations will
evaluate whether operations are meeting legal, regulatory, and
other commitments – and beyond this, determine whether we’re truly
reducing risk to an appropriate level. Position Summary Chief, IT
and Cyber Risk Validation is an individual contributor who is
responsible for ensuring that the risks associated with Cyber
Security, Physical Security and Technology Improvements are
effectively managed across the enterprise. This role will validate
that the controls and mitigations are monitored, and all the
stakeholders are engaged in data driven decision making. This
individual will provide expertise on the key areas of risk for IT
and Physical Security across the enterprise to build risk
management capabilities. The knowledge expected from this role are
AI, Cloud, Data management, Cyber and Physical security, Asset
management, Networking, IT infrastructure etc. This is a high-level
position focused on strengthening and building relationships across
the organization in an area of risk that is continuously growing
across all Functional Areas (FA). This position is hybrid, working
from your remote office and your assigned work location based on
business need. The assigned work location will be within the
PG&E Service Territory. Reporting This role reports to the
Director, Operational Risk Validation Generation/ IT. This is an
individual contributor role. Job Responsibilities Partners with
Cybersecurity teams such as Asset Management, Strategy, Risk
Assessment, Vulnerability Management, Security Intelligence and
Operations Center etc. Validates the risk and ensures effectiveness
on existing controls and mitigations on an ongoing basis. Partners
with all asset owners and leaders across the enterprise to raise
awareness, build support and partnership in the improvement of
cyber asset data management across all technologies. Partners as
the single point of contact within the Enterprise Risk and
Compliance (ERC) team to ensure that technology and systems
supporting cyber asset management are implemented and configured to
ensure Cybersecurity of all assets across the Enterprise. Supports
Cyber Security Asset Management strategy development and
implementation to ensure external obligations are met across all
regulators present and future. Partners with Enterprise Data
Management, Physical Security and IT Infrastructure teams to set
priorities and drive all risk- related activities managing the
risks proactively. Primary thought leader for Enterprise Risk for
development of the roadmap to Propel migration and mitigation
strategies that support operational and strategic objectives of the
ERC organization. Works directly with and coaches senior leadership
in key operational areas to identify, address and communicate risk
management issues, primarily focused on Cyber, Physical and IT
risks. Recognizes and communicates internal and external
developments that may impact risks based on in-depth knowledge of
operational risks across all FAs to improve risk management
practices across the enterprise. Provides subject-matter expertise
and challenges business decisions and decision-making processes to
ensure all aspects of risks are appropriately considered and
effective controls and mitigations are implemented. Leads strategy
development and implementation of risk education and training
materials for use enterprise-wide and at all levels. Background
Qualifications Minimum Bachelor’s degree or equivalent experience.
12 years of job-related experience Desired Advanced degree in a
relevant field such as data management, computer science,
information technology, systems engineering, operational
governance, or other applicable discipline Experience with
Operational Technology, and Regulatory compliance IT and Security
experience Engineering, Architecture, and Risk experience
Experience with ISO 31000 and 55001 Experience with NERC CIP, TSA
and FERC utility industry regulations Utility industry experience,
electric or gas, or other job-related, 10 years Leadership
Qualities PG&E expects its leaders to conduct themselves with
the highest ethics and integrity and to embody specific leadership
qualities. Strategic Mindset Sees ahead to future possibilities and
translates them into breakthrough strategies. Operates effectively,
even when things are not certain, or the way forward is not clear.
A Leader in the Community and Industry Effectively builds formal
and informal relationship networks inside and outside the
organization. Anticipates and balances the needs of multiple
stakeholders. Demonstrates Safety Leadership A safety champion in
words and deeds with respect to both employee and public safety.
Creating and maintaining a speak up culture free of retaliation.
Influences and Inspires Using various- communications that convey a
clear understanding of the needs of different audiences.
Maneuvering comfortably through complex policy, process, and
people-related dynamics. Optimizes Team Performance Building teams
with a strong identity that apply their diverse skills and
perspectives to achieve common goals. Creating a climate where
people are developed and motivated to do their best to help the
organization. Values Inclusion and Respects Individual Differences
Recognizing the value that different perspectives and cultures
bring to an organization. Fiscally Responsible Interpreting and
applying understanding of key financial indicators to make better
business decisions. Planning and prioritizing work to meet
commitments aligned with organizational goals. Leads Ethically and
in a Compliant Manner Sponsoring and sustaining a high integrity
speak-up corporate culture which prioritizes safety, compliance,
and ethics. Building on necessary level of industry, company, and
subject-matter expertise, including laws and regulations. Provides
a High Level of Customer Service Building strong customer
relationships and delivering hometown, customer-centric solutions.
Compensation PG&E is providing the salary range that the
company in good faith believes it might pay for this position at
the time of the job posting. This compensation range is specific to
the locality of the job. The actual salary paid to an individual
will be based on multiple factors, including, but not limited to,
specific skills, education, licenses or certifications, experience,
market value, geographic location, and internal equity. We estimate
the successful candidate hired into this role will be placed within
the reasonable compensation range of $168,000-$241,500. The
decision will be made on a case-by-case basis. This leadership role
is also eligible for an annual Short Term Incentive Plan (STIP)
award, as well as the Long Term Incentive Plan (LTIP) grant.
Keywords: PG&E Corporation, Vallejo , Chief, IT and Cyber Risk Validation, IT / Software / Systems , San Ramon, California
