• Global Cybersecurity GRC Manager

    UGI Corporation (King Of Prussia, PA)


    Global Cybersecurity GRC Manager

    Location:

    King Of Prussia, PA, US, 19406

     

    Workplace Environment: Hybrid

     

    Company: UGI Corporation

     

    Requisition Number: 27563

     

    UGI Corporation (NYSE: UGI)is a holding company that distributes and markets energy products and services through our subsidiaries and the company’s common stock is a balanced growth and income investment. UGI Corporation has paid common dividends for more than 135 consecutive years.

    In addition to a challenging career and competitive compensation, our employees enjoy:

    Generous and Family-friendly Health & Welfare Benefits Including:

    Medical, Vision, and Dental Plans

    Optional Health Savings Account

    Optional Dependent Care Savings Account

    Paid Maternity/Paternity Leave

    Work from home policy

    Employee Assistance Program

    Additional Benefits Include:

    401K with a generous company match

    Tuition Reimbursement

    Assistance with Professional Credentialing

    Referral Bonuses

    Employee Discount Programs

    Job Summary

    This position is a leadership position reporting to the CISO. The Global Cybersecurity Governance Risk & Compliance Manager role is responsible for growth and execution of the enterprise, wide UGI Information Security Governance & Risk Program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected through governance processes and adequate risk assessments. This hands-on role is also responsible for

     

    identifying, evaluating, and reporting on cybersecurity risk for information assets, while supporting and advancing business objectives through qualitative and quantitative metrics, third party relationship due diligence, and mergers and acquisitions.

     

    Duties and Responsibilities

     

    Govern the global information security program to ensure adequate controls are in place to

     

    protect the confidentiality, integrity and availability of information owned, controlled or

     

    processed by the Company via company policies and standards.

     

    Manage a global security compliance program based on UGI standards, industry standards,

     

    applicable regulatory and compliance requirements (e.g., FISMA, PCI, SOX, GDPR,

     

    CCPA,PUC, etc.).

     

    Accountable for reporting out the cybersecurity compliance of the company through

     

    monthly metrics.

     

    Advise the CISO on emerging risks and trends developing within the company from metrics

    and security exceptions and other forms of communications

    Accountable for tracking all third-party breaches and remediations that are not directly

     

    supported by UGI’s technology team.

     

    Oversee technical assessments and processes of the effectiveness and design of

     

    cybersecurity controls, including, application security controls, vendor security reviews,

     

    security exceptions, mergers & acquisitions, technology projects, identity access

     

    management, data loss prevention and artificial intelligence activities.

     

    Collaborate with key stakeholders (i.e. Information Technology, Cybersecurity Risk

     

    Manager, Legal, HR , Procurement, etc.) regarding the development, implementation and

     

    sustainability of programs that support the governance, risk and compliance processes.

     

    Lead the identification and development of talent and for managing performance to ensure

     

    goals and objectives are met or exceeded.

     

    Ability to develop a mentoring culture with both experienced team members and junior staff

    Consistently measuring GRC talent performance to identify strengths and opportunities

     

    through qualitative and quantitative metrics.

     

    Ensuring a continuous improvement process is embedded in the teams’ practices to further

     

    advance the GRC program.

     

    Develop external relationships to keep a pulse on what is happening in the industry.

     

    Knowledge, Skills and Abilities

     

    This position requires keen external focus and avid learning given the rapid pace of change

     

    globally.

     

    Resourcefulness, good judgment, persistence, the ability to influence others and strong

     

    executive presence are some of the qualities of a successful candidate.

     

    Experience working with a diverse set of stakeholders across complex and diverse

     

    organizational structures.

     

    Prior managerial experience leading security or compliance teams is required.

    Experience in energy, financial or other regulated industries is preferred.

    Bachelor’s degree in Computer Science, Information Systems, Cyber Security or

     

    Information Technology.

     

    Master’s Degree (Preferred): in Cybersecurity, Risk Management or Business

     

    Administration (MBA) with a Cyber or Risk focus can provide a deeper understanding of

     

    strategic management and leadership.

     

    One or more Industry-standard security certifications (such as CISSP, CISM, CISA, CRISC)

     

    is preferred.

     

    Experience working with a diverse set of stakeholders, including international across

     

    complex and diverse organizational structures.

     

    Experience using various frameworks such as NIST, ISO/IEC 27000, NERC-CIP, FAIR, CSA,

     

    COBIT, COSO, OCTAVE, PCI 27000 series, ITIL, COBIT.

     

    Education and Experience

     

    Bachelor’s degree in Computer Science, Information Systems, Cyber Security or Information Technology.

    Master’s Degree (Preferred): in Cybersecurity, Risk Management or Business Administration (MBA) with a Cyber or Risk focus can provide a deeper understanding of strategic management and leadership.

    One or more Industry-standard security certifications (such as CISSP, CISM, CISA, CRISC) is preferred.

    Experience working with a diverse set of stakeholders across complex and diverse organizational structures.

    Experience using various risk management frameworks such as NIST, ISO/IEC 27000, FISMA, FAIR, CSA, COBIT, COSO, OCTAVE, PCI 27000 series, ITIL, COBIT, NIST Cybersecurity.

    Experience in energy, financial or other regulated industries.

    Prior managerial experience leading security or compliance teams is a plus.

     

    All offers of employment are contingent upon the successful completion of a background check and drug screen, subject to applicable laws and regulations.

     

    UGI Corporation is an Equal Opportunity Employer. The Company does not discriminate on the basis of race, color, sex, national origin, disability, age, gender identity, sexual orientation, veteran status, or any other legally protected class in its practices.

     

    Nearest Major Market:Philadelphia Job Segment: Cyber Security, M&A, Compliance, Computer Science, Risk Management, Security, Management, Legal, Technology, Finance