SDG&E is not just an energy company, we are the architects of a brighter, cleaner future. Our employees power everyday life for 3.7 million people - bringing the energy to support their passions, ambitions, and the heartbeat of our community.

We call Southern California our home. It's where we chase our dreams and raise our families. That's why the people who live here deserve an energy company unlike any other, and that's why every day, SDG&E employees strive to be at the forefront of innovations to reduce emissions, modernize the electric grid, and enable our customers to make the transition to clean technologies. We're redefining sustainability, advancing zero-emissions solutions, and driving the electric vehicle revolution.

It takes the best to build the best - join us!

Primary Purpose:

Provides leadership and support for Cybersecurity Critical Infrastructure Protection (CIP) and the Transportation Security Administration (TSA) staff and systems. Manages the work efforts of others, leading teams responsible for security, privacy and compliance of all North American Electric Reliability Corporation (NERC) CIP as well as TSA compliance requirements for all covered systems and data. Establishes the strategy and direction for security-specific systems within NERC CIP and TSA environments. Responsible for cyber security of critical utility infrastructure and for maintaining relationships with key IT suppliers.

Duties and Responsibilities:

• Oversees the operations of production and monitoring of CIP and TSA covered security systems. Solve problems of moderate complexity. Prioritize team priorities based on department directives. Mentor, coach, and provide constructive feedback to team. Ensure compliance with TSA and NERC CIP policies, laws, and regulations in ensuring a secure technology environment, including cyber security of critical utility infrastructure. Work within an established budget. Implement business and process improvements developed by upper-level management.
• Clearly communicates with peers and management about TSA and CIP security status and activities. Keeps management, business peers, and all stakeholders informed of threats, vulnerabilities, and action plans to minimize or mitigate threats to TSA and NERC CIP environments. Provides input to management on identifying and minimizing new threats, and vulnerabilities. Ensures effective implementation of plans to ensure business continuance of TSA and CIP standards, address Cybersecurity risks, and minimize risks. Manages relationships and negotiations with vendors. Develops and maintains a professional network of cybersecurity experts inside and outside the organization.
• Provides leadership for Cybersecurity and data privacy activities for TSA and NERC CIP environments. Provides input into TSA and CIP Cybersecurity strategy, including risk mitigation plans; implement strategy and monitor progress. Stays current on industry and government best-practices regarding TSA and NERC CIP security. Recommends policy and procedural changes reflective of these practices. Facilitates business and culture change in line with communicated strategic priorities. Oversees the development of policies, procedures, and standards within area of specialization.
• Performs other duties as assigned (no more than 5% of duties).

Hybrid Schedule:

• Although the schedule may vary, typically this will allow the employee to work onsite two days per week and remotely on the remaining workdays.
• Must reside in Southern California or be willing to relocate upon hire.

Required Qualifications:

• Bachelor's Degree Computer Science, Information Systems, Software Engineering, Business Administration, related field or equivalent training or experience.
• 8 years Information Technology, Security, or Regulatory experience.
• 6 years cybersecurity experience in NERC CIP or TSA standards.
• 6 years implementing compliance controls including NERC CIP standards and controls in various information systems and technologies, including applications, networks, network topologies, communications protocols, software, hardware required. Leverage compliance experience to ensure future compliance requirements are implemented in a systematic way to meet all regulations imposed by NERC CIP and TSA compliance programs.
• 2 years team leadership/supervisory experience.
• Knowledge of cybersecurity best practices and NERC CIP standards. Strong understanding of NERC CIP requirements, including CIP-002 through CIP-014, with a focus on cybersecurity, critical infrastructure protection, and compliance management.
• Knowledge of TSA regulations and security directives affecting critical infrastructure, especially for energy sectors.
• Knowledge of audit procedures, regulatory reporting requirements, and compliance documentation, including experience with both internal and external audits.
• Knowledge of various information systems and technologies, including applications, networks, network topologies, communications protocols, software, hardware in regards to CIP standards.
• Ability to work through diverse, sensitive company issues including digital forensics, investigations, legal matters, and close interface with Western Electricity Coordinating Council (WECC) and FRC teams.
• Ability to handle sensitive information, perform discreet tasks, properly dispose of information, and provide for secure management of data and to advise others on proper procedures in accordance with compliance requirements.
• Ability to communicate complex technical information to various stakeholders, TSA and NERC CIP Business Units.
• Interpersonal communication skills, including influencing and negotiating. Ability to negotiate vendor contracts.
• Analytical, problem solving, and strategic planning ability. Ability to manage and work within a budget.
• Judgment and creative thinking skills to address cybersecurity CIP challenges.
• Ability to manage resources in area of specialization, as directed, to ensure that CIP and TSA security issues are handled effectively and efficiently.
• Ability to encourage high performance and strong collaboration among team members in area of supervision.
• Knowledgeable of the evolving TSA regulations.
• Able to pass NERC CIP and TSA requirements around personnel risk assessments (when required by applicable standard).
• Emergency 24 hour response availability is required for this position.

Preferred Qualifications:

• 5 years experience in a Fortune 500 or large US Government agency desired, with a strong technical emphasis.
• Certified Information Systems Security Professional (CISSP).

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.

Note: SDG&E strives to ensure that employees are paid equitably and competitively. Starting salaries may vary based on factors such as relevant experience, qualifications, and education.

SDG&E offers a competitive total rewards package that goes beyond base salary. This position is eligible for an annual performance-based incentive (bonus) as well as other merit-based recognition. Company benefits include health and welfare (medical, dental, vision), employer contributions to retirement benefits, life insurance, paid time off, as well as other company offerings such as tuition reimbursement, paid parental leave, and employee assistance programs.