Job Title: IT - Cyber Security Controls Assessor - Career
Job No.: #PCGJP00003347
Location: 300 Lakeside Dr, Oakland, CA 94612 (100% Remote – Local to PG&E Service Territory Preferred)
Position Summary:
PG&E is seeking a Cyber Security Controls Assessor to support compliance and risk management efforts across enterprise IT systems. This position is part of the Cyber Security Controls Assessment team and will be responsible for performing security control assessments, risk evaluations, evidence analysis, and compliance audits against established standards such as NIST SP800-53, SOX, and NERC CIP. This is a high-impact role requiring critical thinking, communication, and problem-solving skills to help ensure IT systems meet regulatory and internal control requirements.
Key Responsibilities:
- Conduct multi-platform control assessments across applications, databases, operating systems, and business processes.
- Review and interpret compliance evidence to validate control effectiveness.
- Execute IT compliance assessments using standards such as NIST SP800-53, SP800-115, SOX, and NERC CIP.
- Identify risks, control deficiencies, and propose sustainable remediation solutions.
- Collaborate with control owners to ensure control documentation reflects current practices.
- Perform retesting of remediated controls to confirm effectiveness.
- Support Compliance Managers in reporting and tracking assessment progress.
- Participate in ongoing initiatives to improve audit readiness, risk posture, and regulatory compliance.
Minimum Qualifications:
- Bachelor’s degree in Computer Science, Business, or a related field (or equivalent experience).
- At least 3 years of experience in IT, with a focus on cybersecurity, compliance, or IT risk management.
- Strong Excel skills including workbooks, formulas, and data analysis.
- Ability to manage multiple assessments or projects simultaneously.
- Excellent communication, organizational, and analytical skills.
Preferred Qualifications:
- Experience working in the utility industry or Big 4 consulting firms.
- Hands-on knowledge of SOX, NIST SP800-53, and general computing controls (GCCs).
- Familiarity with frameworks such as COBIT, ITIL, and CIS benchmarks.
- Working knowledge of security across application, database, and network layers.
Certifications (Required – At Least One):
- CISA, CISSP, CRISC, CIA, or CCNA
Preferred Certifications:
- CISM, CEH, PMP, ITIL, MCSE, CCNP, MCP
Additional Information:
- Candidates must have a computer with speakers and microphone for remote meetings. PG&E can provide a laptop if needed.
- Role may be extended depending on business need or backfill status.
- Strong preference for candidates residing in PG&E’s service territory in California.
