• Principal IT Governance and Risk Consultant

    PSEG Long Island (Bethpage, NY)


    **Requisition** : 82085

    **PSEG Company** : PSEG Long Island

    **Salary Range** : $ 104,600 - $ 186,000

    **Work Location Category** : Hybrid Flexible

     

    We’re one of the country’s largest energy companies, with a vision of powering a future where people use less energy, and it’s cleaner, safer and delivered more reliably than ever. We’re also deeply connected to the communities we serve, with more than 13,000 employees working together to support our customers and make a difference every day.

     

    Here, you’ll have the stability and exciting opportunities that come with being a Fortune 500 company — along with a supportive, friendly work environment where your contributions are valued. We know life isn’t one-size-fits-all, and neither is work. That’s why we offer flexible work options depending on the role.

    In support of this model, roles have been categorized into one of three work location categories:

    1. Onsite – roles where employees are expected to be onsite daily.

    2. Hybrid fixed – roles that are a mix of remote work and onsite work fixed days each week.

    3. Hybrid flexible – roles that are a mix of remote work and onsite work, but the onsite requirements have greater flexibility. (i.e. 5-8 days a month vs. set days each week).

     

    As an employee, if you are regularly scheduled to work 20 or more hours per week, you will have access to a wide range of comprehensive benefits eligible the first of the month coincident with or following your date of hire., designed to support your total well-being: medical, dental, vision, paternal leave and family leave programs, behavioral health programs, 401(k) with company match, life insurance, tuition reimbursement, and generous paid time off.

     

    More than 13,000 people already call PSEG their work home, taking pride in providing safe, reliable service to millions of customers. If you’re looking for a place where you can build a meaningful career and help power and support our communities, we’d love to welcome you to the team.

     

    PSEG is not offering visa sponsorship for this position.

    Job Summary

    This position is a direct report to the Group Product Manager and has sound knowledge of business processes in the specific area of technology enablement. This position is responsible for managing Vulnerability Management Remediation, IT Risk Management, Reporting & Metrics Management, and Governance & Process Improvement, to meet business outcomes, spanning multiple technologies including associated impact, cost and complexity. This position is part of IT’s control assurance program, and part of IT. In that capacity, this position is responsible for the following: Product Consultants are the primary facilitators for the product. Product Consultants are responsible for optimizing the value proposition. They anticipate issues and/or complications, and respond well to time pressures. Leads the effort to work with multiple IT teams to oversee and govern Vulnerability Management Remediation, IT Risk Management, Reporting and Metrics Management, and Governance & Process Improvement. Serves as a subject matter expert for their assigned area. Prioritize actions with IT resources to meet changing business needs. Keeps informed of technical and managerial advances in IT, including leading the introduction of best practice.

    Job Responsibilities

    + Leading products teams, in a matrix model, deliver business solutions:

    + Vulnerability Management and Compliance.

    + Primary point of contact for vulnerability management remediation and related queries and escalations.

    + Works with IT teams to govern and enforce IT Vulnerability Management process, inclusive of identifying, specifying and analyzing vulnerability closure, report status and managing progress throughout the lifecycle of a vulnerability.

    + Develops status updates, evaluates SLA adherence and formulates plans, schedules and escalation channels, in order to meet or exceed SLA targets.

    + Collaborate with various team to assess risks related to open vulnerabilities and implement mitigation strategies.

    + Manages vulnerability life-cycle, including risk acceptance process for residual vulnerabilities/risk items.

    + Identifies and negotiates schedules, milestones and resources required to meet objectives, primarily through coordinating the activities with other IT departments and Vendors (e.g., database, telecommunications, operations, technical support, etc.).

    + Escalates unresolved vulnerabilities in a timely manner and close any backlogs.

    + Governance and Controls Assurance:

    + Lead the development and maintenance of IT controls aligned with frameworks (NIST, NERC, ISO, SOX etc.).

    + Map regulatory, audit, and business requirements to control objectives and ensure ongoing compliance.

    + Prepare management responses, remediation plans, and track closure of findings.

    + Collaborate with IT Risk Management, Cybersecurity, and Audit teams to ensure controls support company objectives.

    + Design and build processes for governance of IT vulnerability management, risk management, and compliance.

    + Utilize domain specific knowledge to work with different IT teams to: identify, specify and analyze SLA requirements and processes, and monitor progress throughout the vulnerability lifecycle and closure process.

    + Identifies process gaps and recommends improvements to enhance efficiency and reduce operational risk.

    + Responsible for reporting and metrics management:

    + Define, track, and manage key performance indicators (KPI) for IT business areas, including IT service management, Vulnerability management, Application Management, Infrastructure Management etc.

    + Produce reports and dashboards on Vulnerability Management, SLA Adherence, and IT operational metrics to senior leadership team.

    + Ensures quality through the use of company-approved methodologies.

    Job Specific Qualifications

    + Bachelor’s degree in Computer Science or a related technical field, i.e. STEM, with 6 or more years of relevant work experience.

    + Demonstrated leadership capabilities through projects or other work planning experiences.

    + Demonstrated understanding of and experience in IT project management methodologies, requirements management, quality assurance and IT processes.

    + Must have broad knowledge of the business area's functions and applications, and of system and technology alternatives.

    + Deep familiarity with regulatory and assurance frameworks: NIST CSF, NIST 800-53, COBIT, NERC CIP, SOX.

    + Strong knowledge of IT general controls, application controls, cybersecurity and disaster recovery/business continuity.

    + Strong understanding of Vulnerability Management process, Risk assessments methodologies, and SLA/KPI management & reporting.

    + Demonstrated experience in analytic tools to automate performance reporting, and KPI management.

    + Prior experience in IT governance, risk and/or compliance field.

    + Strong analytical ability to translate insights into actionable recommendations.

    + Strong verbal and written communication skills.

    + Strong facilitation skills.

    + Strong judgment and escalation management skills.

    + Ability to foster working relationships with the team, IT Management and vendor teams.

    + Solid understanding of technology platforms and ability to explain technical ask.

    + Demonstrated ability to measure process performance and identify constraints, or any other escalation requirements.

    + Working knowledge of specific technology area including business process configuration and execution for assigned domains.

    + Department of Energy’s regulation 10 CFR 810 is required.

    Desired

    + Relevant technical acumen or experience in vulnerability management tools, risk assessment and IT governance.

    + Familiarity with risk management frameworks.

    + Ability to automate repetitive tasks.

    + Ability to handle complex challenges under time constraints.

    + Ability to prioritize and escalate critical vulnerabilities to the appropriate stakeholders.

    + Project Management Professional Certification (PMP)

    + Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC).

    + Experience with Cybersecurity.

     

    Some positions at PSEG require access to information covered by the Department of Energy’s regulation 10 CFR 810 (Part 810). If applicable, the successful applicant must prove they are: (1) a citizen or national of the USA; OR (2) a lawful permanent resident of the United States (Non-Conditional Permanent I-551 / Green Card / Permanent Resident Card holder); OR (3) a citizen, national, or permanent resident of a “Generally Authorized” destination on the attached list and not also a citizen, national, permanent resident of any country not listed; OR (4) a “Protected Individual” under the Immigration and Naturalization Act (8 U.S.C 1324b(a)(3)).

     

    As an employee of PSEG Long Island, you should be aware that during storm/outage restoration efforts, you may be required to perform functions different from normal operations and work extended hours beyond your regular work schedule. You may also be required to work on premise or in an alternate location as directed by the company.

     

    For all roles, PSEGLI’s drug and alcohol testing program includes pre-employment testing, testing for cause, and post-incident/accident testing.

     

    Employees who are hired or transfer into a federally regulated role (including positions covered by USDOT, PHMSA, or NRC regulations) are subject to random drug and alcohol testing, inclusive of marijuana. Although numerous states throughout the country have legalized marijuana/cannabis products recreationally and medically, the use of these products are prohibited for employees in federally regulated roles. Please note that the use of CBD products may result in a positive drug test for THC/Marijuana and such use is not a legitimate medical explanation for a positive result.

     

    If you are a current PSEG employee and offered an opportunity with PSEG Long Island, you will be treated as a new hire. Please note that as a new hire to the Long Island subsidiary, your benefits will change and generally will be consistent with other similarly situated PSEG Long Island new hires. Similarly, for PSEG Long Island employees who accept job opportunities with PSEG or any of its subsidiaries (other than PSEG Long Island), their benefits will change and generally be consistent with other similarly situated new hires of that company.

     

    PSEGLI is an equal opportunity employer, dedicated to a policy of non-discrimination in employment, including the hiring process, based on any legally protected characteristic. Legally protected characteristics include race, color, religion, national origin, sex, age, marital status, sexual orientation, disability or veteran status or any other characteristic protected by federal, state, or local law in locations where PSEG employs individuals.

     

    PSEGLI is committed to providing reasonable accommodations to individuals with disabilities. If you have a disability and need assistance applying for a position, please call 973-430-3845 or email [email protected].

     

    If you need to request a reasonable accommodation to perform the essential functions of the job, email [email protected]. Any information provided regarding a disability will be kept strictly confidential and will not be shared with anyone involved in making a hiring decision.

     

    ADDITIONAL EEO INFORMATION (Click link below)

     

    Know your Rights: Workplace Discrimination is Illegal