Apply on Employer Site

PSEG · 1 month ago

Director Cybersecurity Governance, Risk, & Compliance

Newark, NJ, US

Full-time

Hybrid

Director/Executive

$157K/yr - $258K/yr

10+ years exp

PSEG is one of the country’s largest energy companies, committed to powering a future where energy use is cleaner and more reliable. The Director of Cybersecurity Governance, Risk, and Compliance will lead the development and implementation of cybersecurity policies and strategies, overseeing compliance and risk management across the organization.

EnergyEnergy EfficiencySharing EconomySolar

No H1B

U.S. Citizen Only

Responsibilities

Directs, coaches, and counsels internal/external cyber resources on Cybersecurity technologies, including Regulatory Assurance (e.g. NRC, SOX, DoE, NERC CIP, TSA, Internal Audits, etc.), Cybersecurity Risk, Cybersecurity Policy, Cybersecurity Awareness, and Nth Party Risk Management and Assurance for all lines of business and service departments for both IT and OT landscapes. Ensure that Cybersecurity Governance, Risk, and Compliance service delivery aligns with the corporate IT strategy, including development of Cybersecurity operations standards, capacity planning, lifecycle management plans, solution selection, and partner management. Ensure scalability of Cybersecurity Governance, Risk, and Compliance capabilities, including hardware and software, to meet business needs and risk tolerances

Develops and implements best practices for PSEG Cybersecurity Governance, Risk, and Compliance capabilities. Participate in external risk organizations (including with peer groups) to learn from other organizations and to benchmark our program. Partner with professional Cybersecurity Governance, Risk, and Compliance associations, service providers, and to identify and implement best practices

Partners with and advises various IT teams. Operationalizes Policies, Practices, and Instructions to protect against existing and emerging threats

Builds relationships across PSEG business and technology teams. Interacts routinely with vendors, service providers, consultants/advisors, law enforcement agencies, and cross-sector cyber industry trade organizations. Ensures that cyber governance, risk, and compliance requirements are identified, well defined, properly documented, and approved by appropriate stakeholders

Develops, manages, and pre-prioritizes Cybersecurity CAPEX and OPEX budgets based on business needs and cyber threats. Lead the identification of optimal OPEX and CAPEX allocations, including opportunities to reduce expenditures while transforming PSEG Cybersecurity Governance, Risk, and Compliance. Lead and advise on business case development

Leads team, including performance evaluations, career development guidance, and other aspects to grow the talent pipeline and to mature our program

Qualification

Cybersecurity GovernanceRisk ManagementCompliance AuditingCybersecurity PolicyCybersecurity FrameworksCybersecurity AssessmentsLeadership ExperienceAnalytical SkillsInterpersonal SkillsPresentation SkillsProblem SolvingTime ManagementCommunication SkillsNegotiation SkillsRelationship BuildingAttention to DetailTeamwork

Required

Bachelors degree and 10 years of relevant cybersecurity experience, including leadership experience

Demonstrated strong leadership and influence skills

Demonstrated strong presentation skills with the ability to present to all levels of management and executive leadership

Experience leading a Cybersecurity Governance, Risk, and Compliance organization

Executive teamwork, facilitation, relationship building, and negotiation skills

Ability to maintain positive working relationships both as a leader and as a team member

Effective time management and multitasking skills

Ability to communicate effectively with both technical and non-technical individuals

Strong interpersonal communication skills, analytical abilities, detail focused, quality focused, and problem-solving skills, as well as broad knowledge of business functions, information technologies, and cybersecurity and compliance practice on a global level

A demonstrated ability to develop and maintain policy that integrates various cybersecurity, network and data protection technologies and controls into a cohesive solution that sufficiently mitigates risk

Extensive relevant experience in Cybersecurity, Information Risk Management, Nth-Party Risk Management, Cybersecurity Policies/Procedures, and Cybersecurity Compliance/Audit

Strong analytical skills, problem solving skills, writing skills, attention to detail, and conceptual thinking, including the ability to work with technical and non-technical business owners

Broad knowledge of cybersecurity principles (e.g. access control, data protection, security architecture, infrastructure/application security design principles, policies) and privacy (i.e. GDPR)

Working knowledge of cybersecurity and control frameworks (ISO27001, NIST, CobIT)

Effective communication skills, including the ability to build relationships with technical and non-technical individuals

Be able to identify, analyze, and address problems in order to resolve issues in ways that minimize negative impact and risk to the company

Experience evaluating security controls, conducting risks assessments, and providing guidance to platform architects/developers

Demonstrated experience in delivering comprehensive solutions to complex security issues on a global scale

Confidence in leading diverse matrix teams independently, making decisions daily as it relates to the successful delivery of the program

Ability and insight to know when critical decisions must be raised to senior level and/or business unit management quickly to ensure that the program remains on track

Department of Energy's regulation 10 CFR 810 is required