Duquesne Light Company Sr Mgr IS Gov Risk & Comp in Pittsburgh, Pennsylvania
Duquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been in the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. Today, the company continues its role as a leader in the transmission and distribution of electric energy, providing a secure supply of reliable power to more than half a million customers in southwestern Pennsylvania.
Duquesne Light Company is committed to creating a culture of inclusion. We value and respect the unique differences and experiences of our employees. We believe that our differences lead to better collaboration, innovation and outcomes. We want you to join our team!
Job Family: Information Technology
Discipline: Information Security / Governance, Risk & Compliance
Career Level: Senior Manager
Department: Information Security
FLSA Status: Exempt
The Senior Manager of IT Governance, Risk and Compliance (GRC) should be an experienced leader with significant management experience in IT Risk Management concepts and regulatory frameworks. The Senior Manager will report to the Chief Information Security Officer and will collaborate closely with Information Technology, the Office of Corporate Compliance, Supply Chain, Enterprise Risk Management and Operations. The Senior Manager must be a detail oriented, highly organized self-starter that is an experienced manager of people and a practitioner of GRC.
The Senior Manager of IT GRC will lead a team responsible for enhancing and maintaining a risk and governance program to ensure that information and operational assets are adequately protected through the execution of DLC’s North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) program and IT Risk Management programs. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance/regulatory requirements and supports the risk posture of the enterprise. The position is responsible for ensuring that Duquesne Light's information security objectives are met.
Experience with NERC CIP standards is preferred as this position plays a significant role in the day-to-day execution and oversight of DLC’s NERC CIP program. The Senior Manager should drive employee engagement and understanding of the NERC CIP regulations and requirements to ensure DLC maintains compliance, mitigates risk, and ensures appropriate and specific controls are in place to meet DLC’s obligations.
Establishment, enhancement and ongoing maintenance of Information Security governance, risk, and compliance program including management of staff, budget, projects, information security strategic plans and priorities.
Develops, maintains, and publishes up-to-date information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
Provides oversight and management of DLC’s cybersecurity supply chain risk management programCreates, communicates, and implements a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers.
Creates and manages information security and risk management awareness training programs for all employees, contractors, and approved system users.
Works directly with the business units to facilitate IT risk assessment and risk management processes and works with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
Provides strategic risk and regulatory guidance for IT projects.
Ensures that security programs are following relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
Maintains relationships with leaders in IT Enterprise Risk and Compliance Departments.
Maintains management reports, metrics associated with information security risk, compliance and other functional areas as defined by management.
Establishes and oversees formal risk analysis and self-assessments program for various Information Services systems and processes.
Oversees information security policies, standards, guidelines, and baselines. Ensures policies are reviewed and updated regularly.
Manages, coaches, leads, and develops a staff of GRC personnel.
Oversees the development, management and monitoring of the corporate wide information security awareness program.
Supports the CISO and Chief Compliance Officer (CCO) in meeting reporting obligations and evidence requirements, including FERC, NERC, PUC and other regulatory requirements and ensures documentation and processes for each effort are in place for audits, spot checks, or other compliance oversight in support of meeting regulatory obligations.Education/Experience Requirements:Roles at this level require a university/college degree. Higher level education such as a master’s degree, PhD, or certification is desired. Relevant experience to be successful in the given role is typically 10+ years. At least 3+ years of prior management experience is required. Preferred: Utilities industry experience with NERC CIP regulatory responsibilities. Scope:Primary focus is on day-to-day management and operational execution also develops and exercises business plans, policies, and procedures. Contributes to proactive planning exercises of management team as requested. Trains and develops staff. Plans the work flow. Looks for areas of process improvement and directs available resources towards continuous improvement. Decision Impact:Resolves problems of a high complexity. Improves existing processes and systems using conceptualization, reasoning, and interpretation skills. Solutions require thorough understanding of business strategies and issues. Defines broad based solutions that would require consideration of wider implications on organization results and resources.
Duquesne Light Company is committed to providing equal employment opportunity to all people in all aspects of the employment relationship, without discrimination because of race, age, sex, color, religion, national origin, disability, sexual orientation and gender identity or status as a Vietnam era or special disabled veteran or any other unlawful basis, as defined by applicable law, and fostering a workplace free of unlawful discrimination and retaliation. This policy affects decisions including, but not limited to, hiring, compensation, benefits, terms and conditions of employment, opportunities for promotion, transfer, layoffs, return from a layoff, training and development, and other privileges of employment. An integral part of Duquesne Light's commitment is to comply with all applicable federal, state and local laws concerning equal employment and affirmative action.