Cybersecurity Manager (Hybrid) - Sempra Energy
San Diego, CA 92101
About the Job
Job DescriptionSempra: Where opportunity powers impact At Sempra, we tackle the biggest energy challenges that face our industry
Our high-performing team leverages the full capabilities of our organization to serve 40 million consumers across North America
By collaborating and challenging one another across multiple disciplines, we inspire our best work, ideas and innovation
From increasing liquified natural gas (LNG) capacities to reducing carbon emissions to helping people prepare for the realities of climate change, we are committed to building a better energy future for all. Primary PurposeThe primary responsibility of the Cybersecurity Governance Manager is to enhance and lead the Corporate Cybersecurity IT Governance Program in collaboration with the IT and Cybersecurity teams at Sempra Companies
This role demands strong leadership and project management skills, along with the expertise to conduct comprehensive system-wide security analyses, evaluate the effectiveness of controls, assess risks, and develop policies, standards, and guidelines.Duties and ResponsibilitiesCorporate policies and standards: Develops enterprise cybersecurity policies and standards
Aligns policies to National Institute of Standards and Technology (NIST) and other regulatory frameworks
Communicates updates and maintains the roadmap for future policy requirements
Liaison with business units to communicate, educate, and clarify and policy questions.Metrics and reporting: Creates and maintains metrics and reports for the Corporate Cyber Council and Board
Establishes processes for consistent, accurate, and repeatable reporting.GRC Operating Model: Implements and maintains the General Rate Case (GRC) tool and processes to support tracking and monitoring of risks, issues, and risk exception for Sempra Companies.Team Management: Provides leadership to a team made up of employees and third parties
Provides direction, motivation, and strategic oversight
Owns all aspects of employee management for a large team, directing work and providing guidance
Responsible for all aspects of performance management, training, and development
May supervise team leads.Management self-assessment program: Performs and/or engages a third party to perform assessments of any process with cybersecurity risk to evaluate the risks and adequacy of controls
Establishes meaningful recommendations considering risk and impact to business processes where gaps are identified.Approves contracts and services with 3rd party vendors.Performs other duties as assigned.QualificationsEducationBachelor’s Degree in Cybersecurity, Computer Science, Information Systems, Software Engineering, Business Administration, related field, or equivalent experience is required
Experience 8 years of Relevant Experience: A strong background in cybersecurity governance, IT Risk Management, or a related field is required.6 years of Leadership: Proven experience in supervisory and leadership roles is required.6 years of Reporting and Metrics: Expertise in creating reports and metrics for senior business executives and/or the Board is required.6 years of GRC Tooling: Hands-on experience with GRC tool-sets (Governance Risk and Compliance), especially ServiceNow GRC/IRM, is required.6 years of Project Management: Demonstrated ability to manage projects in a fast-paced, collaborative environment, track progress, manage key deliverables, and report to executives is required.2 years of Industry Experience: Experience in the energy sector or with a utility is preferred.Must reside in Southern California or be willing to relocate upon hire.We offer a hybrid work environment. Although the schedule may vary, typically this will allow you to work from the office three days per week and work remotely on the remaining workdays.Skills and AbilitiesStakeholder Management: Advanced ability to create and maintain strong relationships with stakeholders to drive outcomes and align around a vision or course of action is required.Team / Initiative Management: Advanced demonstrated ability to operate and innovate within a small team in a fast-paced environment, balancing strategic and tactical needs
Flexibility to adapt to changing assignments and effectively prioritize
Highly self-motivated, goal-oriented, and self-directed is required.Communication: Advanced ability to communicate technical ideas and strategies effectively to non-technical audiences, including executive leadership, through various mediums (e.g., written communications, verbal communications, presentations)
Strong analytical skills and the ability to organize work logically, thoroughly, and succinctly
Effective written and verbal English communication at all levels, providing compliance guidance to project teams, management, and business partners is required.Cybersecurity & Technology Trends: Advanced understanding of emerging trends in the cybersecurity and technology landscape, including new technologies, processes, and ways of working
Ability to determine the impact of technological advancements on the company’s systems, applications, infrastructure, and practices
Strong understanding of risk management principles, regulatory requirements, and industry best practices
Good understanding of General IT Controls and Data Privacy Regulations is required.Vendor / Contract Management: Advanced ability to build effective relationships and manage the execution of projects delivered by third-party providers, suppliers, and partners is required.Financial Acumen: Advanced financial acumen, including the ability to accurately report spending in the IT function and an understanding of both CapEx and OpEx budgets is required.Business Functional Knowledge: Advanced knowledge and understanding of the business context, market, and operational functions of the operating company and the wider utilities industry
Good understanding of IT systems and controls, including web systems, e-commerce, data centers, network infrastructure, patching, access controls, databases, CRM, and cloud systems is preferred.Licenses and CertificationsCertified Information Systems Security Professional (CISSP) is preferred.Work ScheduleHYBRID: Work a combination of onsite and remote days each week, typically 2-3 days per week.Area of InterestInformation TechnologyFull Time/Part TimeFull-timeMin Salary$143,100.00Mid Point$178,900.00Max Salary$214,700.00Total Rewards PhilosophySempra strives to ensure that employees are paid equitably and competitively
Starting salaries may vary based on factors such as relevant experience, qualifications, and education. Sempra offers a competitive total rewards package that goes beyond base salary
This position is eligible for an annual performance-based incentive (bonus) as well as other merit-based recognition
Company benefits include health and welfare (medical, dental, vision), employer contributions to retirement benefits, life insurance, paid time off, as well as other company offerings such as tuition reimbursement, paid parental leave, and employee assistance programs.
Our high-performing team leverages the full capabilities of our organization to serve 40 million consumers across North America
By collaborating and challenging one another across multiple disciplines, we inspire our best work, ideas and innovation
From increasing liquified natural gas (LNG) capacities to reducing carbon emissions to helping people prepare for the realities of climate change, we are committed to building a better energy future for all. Primary PurposeThe primary responsibility of the Cybersecurity Governance Manager is to enhance and lead the Corporate Cybersecurity IT Governance Program in collaboration with the IT and Cybersecurity teams at Sempra Companies
This role demands strong leadership and project management skills, along with the expertise to conduct comprehensive system-wide security analyses, evaluate the effectiveness of controls, assess risks, and develop policies, standards, and guidelines.Duties and ResponsibilitiesCorporate policies and standards: Develops enterprise cybersecurity policies and standards
Aligns policies to National Institute of Standards and Technology (NIST) and other regulatory frameworks
Communicates updates and maintains the roadmap for future policy requirements
Liaison with business units to communicate, educate, and clarify and policy questions.Metrics and reporting: Creates and maintains metrics and reports for the Corporate Cyber Council and Board
Establishes processes for consistent, accurate, and repeatable reporting.GRC Operating Model: Implements and maintains the General Rate Case (GRC) tool and processes to support tracking and monitoring of risks, issues, and risk exception for Sempra Companies.Team Management: Provides leadership to a team made up of employees and third parties
Provides direction, motivation, and strategic oversight
Owns all aspects of employee management for a large team, directing work and providing guidance
Responsible for all aspects of performance management, training, and development
May supervise team leads.Management self-assessment program: Performs and/or engages a third party to perform assessments of any process with cybersecurity risk to evaluate the risks and adequacy of controls
Establishes meaningful recommendations considering risk and impact to business processes where gaps are identified.Approves contracts and services with 3rd party vendors.Performs other duties as assigned.QualificationsEducationBachelor’s Degree in Cybersecurity, Computer Science, Information Systems, Software Engineering, Business Administration, related field, or equivalent experience is required
Experience 8 years of Relevant Experience: A strong background in cybersecurity governance, IT Risk Management, or a related field is required.6 years of Leadership: Proven experience in supervisory and leadership roles is required.6 years of Reporting and Metrics: Expertise in creating reports and metrics for senior business executives and/or the Board is required.6 years of GRC Tooling: Hands-on experience with GRC tool-sets (Governance Risk and Compliance), especially ServiceNow GRC/IRM, is required.6 years of Project Management: Demonstrated ability to manage projects in a fast-paced, collaborative environment, track progress, manage key deliverables, and report to executives is required.2 years of Industry Experience: Experience in the energy sector or with a utility is preferred.Must reside in Southern California or be willing to relocate upon hire.We offer a hybrid work environment. Although the schedule may vary, typically this will allow you to work from the office three days per week and work remotely on the remaining workdays.Skills and AbilitiesStakeholder Management: Advanced ability to create and maintain strong relationships with stakeholders to drive outcomes and align around a vision or course of action is required.Team / Initiative Management: Advanced demonstrated ability to operate and innovate within a small team in a fast-paced environment, balancing strategic and tactical needs
Flexibility to adapt to changing assignments and effectively prioritize
Highly self-motivated, goal-oriented, and self-directed is required.Communication: Advanced ability to communicate technical ideas and strategies effectively to non-technical audiences, including executive leadership, through various mediums (e.g., written communications, verbal communications, presentations)
Strong analytical skills and the ability to organize work logically, thoroughly, and succinctly
Effective written and verbal English communication at all levels, providing compliance guidance to project teams, management, and business partners is required.Cybersecurity & Technology Trends: Advanced understanding of emerging trends in the cybersecurity and technology landscape, including new technologies, processes, and ways of working
Ability to determine the impact of technological advancements on the company’s systems, applications, infrastructure, and practices
Strong understanding of risk management principles, regulatory requirements, and industry best practices
Good understanding of General IT Controls and Data Privacy Regulations is required.Vendor / Contract Management: Advanced ability to build effective relationships and manage the execution of projects delivered by third-party providers, suppliers, and partners is required.Financial Acumen: Advanced financial acumen, including the ability to accurately report spending in the IT function and an understanding of both CapEx and OpEx budgets is required.Business Functional Knowledge: Advanced knowledge and understanding of the business context, market, and operational functions of the operating company and the wider utilities industry
Good understanding of IT systems and controls, including web systems, e-commerce, data centers, network infrastructure, patching, access controls, databases, CRM, and cloud systems is preferred.Licenses and CertificationsCertified Information Systems Security Professional (CISSP) is preferred.Work ScheduleHYBRID: Work a combination of onsite and remote days each week, typically 2-3 days per week.Area of InterestInformation TechnologyFull Time/Part TimeFull-timeMin Salary$143,100.00Mid Point$178,900.00Max Salary$214,700.00Total Rewards PhilosophySempra strives to ensure that employees are paid equitably and competitively
Starting salaries may vary based on factors such as relevant experience, qualifications, and education. Sempra offers a competitive total rewards package that goes beyond base salary
This position is eligible for an annual performance-based incentive (bonus) as well as other merit-based recognition
Company benefits include health and welfare (medical, dental, vision), employer contributions to retirement benefits, life insurance, paid time off, as well as other company offerings such as tuition reimbursement, paid parental leave, and employee assistance programs.
Source : Sempra Energy