Primary Purpose

The Cybersecurity Specialist - Governance, Risk, and Compliance (GRC) designs and implement controls and processes of Sempra's GRC function, ensuring compliance and protection of Sempra's assets and data against the dynamically changing threat landscape. The GRC Specialist develops and improves policies, standards, procedures, and enablers in compliance with the law and according to industry standards. This role coordinates assessments, controls, security monitoring, and key risk and performance indicators to uphold GRC function across IT, Lines of Business, and other administration functions across Sempra.

Duties and Responsibilities

• Designs and implements the governance & risk frameworks, policy creation & management, IT control management, and security audits & assessments.
• Creates, reviews and updates governance, risk, and compliance frameworks tailored to the company via policies, standards, procedures, and controls.
• Implements improvements based on industry best practices around compliance and information security; establishes policies across IT and business line technologies.
• Proposes and implements innovative ways to establish adequate controls, optimize risk management, and improve continuous Monitoring.
• Administers cybersecurity assessments (such as maturity, risk, and penetration testing).
• Develops and monitors cybersecurity KRIs and KPIs.
• Increases the level of maturity in risk management and controls.
  

Communication & Stakeholder Management

• Collaborates with other Security teams to improve and scale cyber governance.
• Provides training and guidance within the company on secure governance frameworks, business processes, architecture design, and risk technical controls.

Troubleshooting

• Ensures team works closely with System Engineers to implement security controls and patches based on capability and need.
• Oversees vendor, carrier, and remote support when necessary to respond, and resolve high-impact security issues.
• Documents lesson learnings, and problems and report to management, engineers, and/or peers.
  
• Performs other duties as assigned (no more than 5% of duties).

Required Qualifications

• Bachelor's Degree in Computer Science, Information Technology, or equivalent relevant work experience.
• 4+ years experience in Information Security, Cyber Security, or relevant roles.
• 2+ years experience managing Governance, Risk, and Compliance of an organization with a complex Information Technology environment.
• Bilingual in Spanish/English
• Standard certifications in Information Security (CISSP, CISM, CISA, or equivalent).
• Extensive knowledge in defining and implementing policies and procedures tailored to a wide range of domains including cloud, OT, IT, data, service providers, partner eco-systems.
• Ability to leverage enterprise GRC tools (e.g., ServiceNow, Archer, etc.)
• Ability to implement global regulatory requirements surrounding data security & privacy (e.g., GDPR, CCPA, CRPA, etc.).
• Understanding of relevant cybersecurity regulations and agencies pertinent to utility environments.
• General understanding of cyber security operations functions, in areas such as incident response, security monitoring, threat, and vulnerability, SOC, and SOC service delivery.
• General knowledge of OT network infrastructure, SCADA/DCS systems, data/communication systems, and management systems.
• General knowledge of security software architecture/programming concepts and security integration into SDLC.
• Demonstrated skills to collaborate across a diverse technical workforce in multiple locations, overseeing a full range of technology platforms and solutions as well as vendor personnel.
• Ability to lead, manage, and coach staff; personal drive and energy level to achieve superior results individually and through others.
• Excellent communication skills and ability to convey technical concepts to a non-technical audience.
• Ability to participate in cooperative working relationships including knowledge sharing and partnership in achieving solutions within and across business or operational functions.

Preferred Qualifications

• Technical certifications (GRC related e.g. ISACA CRISC).

Note: The Company strives to ensure that employees are paid equitably and competitively. Starting salaries may vary based on factors such as relevant experience, qualifications, and education.

Sempra Infrastructure offers a competitive total rewards package that goes beyond base salary. This position is eligible for an annual performance-based incentive (bonus) as well as merit-based recognition. Company benefits include health and welfare (medical, dental, vision), employer contributions to retirement benefits, life insurance, paid time off, as well as other company offerings such as tuition reimbursement, paid parental leave, and employee assistance programs.