Public Service Enterprise Group Inc
Director Cybersecurity Governance, Risk, & Compliance
Public Service Enterprise Group Inc, Newark, New Jersey, us, 07175
Director Cybersecurity Governance, Risk, & Compliance
The Director, Cybersecurity Governance, Risk, and Compliance leads the development, implementation, and ongoing coordination of enterprise-wide Cybersecurity Governance, Risk, and Compliance, including Regulatory Assurance (e.g. NRC, SOX, DoE, NERC CIP, TSA, Internal Audits, etc.), Cybersecurity Risk, Cybersecurity Policy, Cybersecurity Awareness, and Nth Party Risk Management and Assurance. He/she coordinates across all business lines, service departments, external risk organizations (e.g. cross-sector cyber industry trade organizations), and peer energy companies. As PSEG's senior leader responsible for Cybersecurity Governance, Risk, and Compliance, he/she will also be responsible for defining and aligning cybersecurity policies, strategy, and standards. He/she will be responsible for multiple discrete projects/enhancements to build, maintain, and mature capabilities, including people, processes, and technologies. He/she will engage across the entire IT, OT, and managed services landscapes, including leading a team across these environments. Job Responsibilities
Directs, coaches, and counsels internal/external cyber resources on Cybersecurity technologies, including Regulatory Assurance (e.g. NRC, SOX, DoE, NERC CIP, TSA, Internal Audits, etc.), Cybersecurity Risk, Cybersecurity Policy, Cybersecurity Awareness, and Nth Party Risk Management and Assurance for all lines of business and service departments for both IT and OT landscapes. Ensure that Cybersecurity Governance, Risk, and Compliance service delivery aligns with the corporate IT strategy, including development of Cybersecurity operations standards, capacity planning, lifecycle management plans, solution selection, and partner management. Ensure scalability of Cybersecurity Governance, Risk, and Compliance capabilities, including hardware and software, to meet business needs and risk tolerances. Develops and implements best practices for PSEG Cybersecurity Governance, Risk, and Compliance capabilities. Participate in external risk organizations (including with peer groups) to learn from other organizations and to benchmark our program. Partner with professional Cybersecurity Governance, Risk, and Compliance associations, service providers, and to identify and implement best practices. Partners with and advises various IT teams. Operationalizes Policies, Practices, and Instructions to protect against existing and emerging threats. Builds relationships across PSEG business and technology teams. Interacts routinely with vendors, service providers, consultants/advisors, law enforcement agencies, and cross-sector cyber industry trade organizations. Ensures that cyber governance, risk, and compliance requirements are identified, well defined, properly documented, and approved by appropriate stakeholders. Develops, manages, and pre-prioritizes Cybersecurity CAPEX and OPEX budgets based on business needs and cyber threats. Lead the identification of optimal OPEX and CAPEX allocations, including opportunities to reduce expenditures while transforming PSEG Cybersecurity Governance, Risk, and Compliance. Lead and advise on business case development. Leads team, including performance evaluations, career development guidance, and other aspects to grow the talent pipeline and to mature our program. Job Specific Qualifications
Bachelors degree and 10 years of relevant cybersecurity experience, including leadership experience Demonstrated strong leadership and influence skills Demonstrated strong presentation skills with the ability to present to all levels of management and executive leadership Experience leading a Cybersecurity Governance, Risk, and Compliance organization Executive teamwork, facilitation, relationship building, and negotiation skills Ability to maintain positive working relationships both as a leader and as a team member Effective time management and multitasking skills Ability to communicate effectively with both technical and non-technical individuals Strong interpersonal communication skills, analytical abilities, detail focused, quality focused, and problem-solving skills, as well as broad knowledge of business functions, information technologies, and cybersecurity and compliance practice on a global level A demonstrated ability to develop and maintain policy that integrates various cybersecurity, network and data protection technologies and controls into a cohesive solution that sufficiently mitigates risk Extensive relevant experience in Cybersecurity, Information Risk Management, Nth-Party Risk Management, Cybersecurity Policies/Procedures, and Cybersecurity Compliance/Audit Strong analytical skills, problem solving skills, writing skills, attention to detail, and conceptual thinking, including the ability to work with technical and non-technical business owners Broad knowledge of cybersecurity principles (e.g. access control, data protection, security architecture, infrastructure/application security design principles, policies) and privacy (i.e. GDPR) Working knowledge of cybersecurity and control frameworks (ISO27001, NIST, CobIT) Effective communication skills, including the ability to build relationships with technical and non-technical individuals Be able to identify, analyze, and address problems in order to resolve issues in ways that minimize negative impact and risk to the company Experience evaluating security controls, conducting risks assessments, and providing guidance to platform architects/developers Demonstrated experience in delivering comprehensive solutions to complex security issues on a global scale Confidence in leading diverse matrix teams independently, making decisions daily as it relates to the successful delivery of the program Ability and insight to know when critical decisions must be raised to senior level and/or business unit management quickly to ensure that the program remains on track Department of Energy's regulation 10 CFR 810 is required Desired Industry Cybersecurity certifications (e.g. CISSP, CEH, etc.) Masters in Information Security, Computer Science, Business, Engineering, or related fields Experience in Electric or Gas Utility or Power Generation industry, and/or experience in manufacturing Broad knowledge of IT and related control environments
The Director, Cybersecurity Governance, Risk, and Compliance leads the development, implementation, and ongoing coordination of enterprise-wide Cybersecurity Governance, Risk, and Compliance, including Regulatory Assurance (e.g. NRC, SOX, DoE, NERC CIP, TSA, Internal Audits, etc.), Cybersecurity Risk, Cybersecurity Policy, Cybersecurity Awareness, and Nth Party Risk Management and Assurance. He/she coordinates across all business lines, service departments, external risk organizations (e.g. cross-sector cyber industry trade organizations), and peer energy companies. As PSEG's senior leader responsible for Cybersecurity Governance, Risk, and Compliance, he/she will also be responsible for defining and aligning cybersecurity policies, strategy, and standards. He/she will be responsible for multiple discrete projects/enhancements to build, maintain, and mature capabilities, including people, processes, and technologies. He/she will engage across the entire IT, OT, and managed services landscapes, including leading a team across these environments. Job Responsibilities
Directs, coaches, and counsels internal/external cyber resources on Cybersecurity technologies, including Regulatory Assurance (e.g. NRC, SOX, DoE, NERC CIP, TSA, Internal Audits, etc.), Cybersecurity Risk, Cybersecurity Policy, Cybersecurity Awareness, and Nth Party Risk Management and Assurance for all lines of business and service departments for both IT and OT landscapes. Ensure that Cybersecurity Governance, Risk, and Compliance service delivery aligns with the corporate IT strategy, including development of Cybersecurity operations standards, capacity planning, lifecycle management plans, solution selection, and partner management. Ensure scalability of Cybersecurity Governance, Risk, and Compliance capabilities, including hardware and software, to meet business needs and risk tolerances. Develops and implements best practices for PSEG Cybersecurity Governance, Risk, and Compliance capabilities. Participate in external risk organizations (including with peer groups) to learn from other organizations and to benchmark our program. Partner with professional Cybersecurity Governance, Risk, and Compliance associations, service providers, and to identify and implement best practices. Partners with and advises various IT teams. Operationalizes Policies, Practices, and Instructions to protect against existing and emerging threats. Builds relationships across PSEG business and technology teams. Interacts routinely with vendors, service providers, consultants/advisors, law enforcement agencies, and cross-sector cyber industry trade organizations. Ensures that cyber governance, risk, and compliance requirements are identified, well defined, properly documented, and approved by appropriate stakeholders. Develops, manages, and pre-prioritizes Cybersecurity CAPEX and OPEX budgets based on business needs and cyber threats. Lead the identification of optimal OPEX and CAPEX allocations, including opportunities to reduce expenditures while transforming PSEG Cybersecurity Governance, Risk, and Compliance. Lead and advise on business case development. Leads team, including performance evaluations, career development guidance, and other aspects to grow the talent pipeline and to mature our program. Job Specific Qualifications
Bachelors degree and 10 years of relevant cybersecurity experience, including leadership experience Demonstrated strong leadership and influence skills Demonstrated strong presentation skills with the ability to present to all levels of management and executive leadership Experience leading a Cybersecurity Governance, Risk, and Compliance organization Executive teamwork, facilitation, relationship building, and negotiation skills Ability to maintain positive working relationships both as a leader and as a team member Effective time management and multitasking skills Ability to communicate effectively with both technical and non-technical individuals Strong interpersonal communication skills, analytical abilities, detail focused, quality focused, and problem-solving skills, as well as broad knowledge of business functions, information technologies, and cybersecurity and compliance practice on a global level A demonstrated ability to develop and maintain policy that integrates various cybersecurity, network and data protection technologies and controls into a cohesive solution that sufficiently mitigates risk Extensive relevant experience in Cybersecurity, Information Risk Management, Nth-Party Risk Management, Cybersecurity Policies/Procedures, and Cybersecurity Compliance/Audit Strong analytical skills, problem solving skills, writing skills, attention to detail, and conceptual thinking, including the ability to work with technical and non-technical business owners Broad knowledge of cybersecurity principles (e.g. access control, data protection, security architecture, infrastructure/application security design principles, policies) and privacy (i.e. GDPR) Working knowledge of cybersecurity and control frameworks (ISO27001, NIST, CobIT) Effective communication skills, including the ability to build relationships with technical and non-technical individuals Be able to identify, analyze, and address problems in order to resolve issues in ways that minimize negative impact and risk to the company Experience evaluating security controls, conducting risks assessments, and providing guidance to platform architects/developers Demonstrated experience in delivering comprehensive solutions to complex security issues on a global scale Confidence in leading diverse matrix teams independently, making decisions daily as it relates to the successful delivery of the program Ability and insight to know when critical decisions must be raised to senior level and/or business unit management quickly to ensure that the program remains on track Department of Energy's regulation 10 CFR 810 is required Desired Industry Cybersecurity certifications (e.g. CISSP, CEH, etc.) Masters in Information Security, Computer Science, Business, Engineering, or related fields Experience in Electric or Gas Utility or Power Generation industry, and/or experience in manufacturing Broad knowledge of IT and related control environments