The Corporate Security Department is part of the enterprise Security organization within PG&E. Our mission is to protect the people, assets and facilities of PG&E. The department includes regional physical security, security asset and technology management, security operations center, compliance, investigations, emergency response, training and awareness and executive protection teams. Given the criticality of the infrastructure and the facilities it is housed within, PG&E has several compliance obligations at both the federal and state level. We work together internally and in concert with lines of business and supporting partners to provide security based on identified risks.
The Corporate Security Compliance Specialist is a key role which will maintain Corporate Security critical infrastructure protection and compliance programs. The Compliance Specialist will work with Physical Security and Technology Teams to support policy, process, procedures, and internal controls to ensure department SMEs are informed, necessary documentation is captured to demonstrate compliance with reliability standards and established security practices. The successful candidate will ensure consistent use of compliance related data systems, measures results, monitors controls and keeps records of all regulatory compliance filings. This position will also act as a liaison for Corporate Security with Lines of Business (LOBs) and with staff at regulatory bodies assigned to investigate specific aspects of PG&E’s compliance practices.
Estimated travel within PG&E service territory up to 25%.
· Coordinating audits, preparing reports, developing and maintaining performance metrics, conducting self-certifications, spot checks, and investigations, issue handling, facilitating reporting and violation mitigation.
· Assist with the development, implementation and maintenance of a compliance framework and program documentation in support one or more of FERC Dam Sector, NERC CIP Physical Security Requirements, CPUC, TSA Gas Pipeline and other regulations as assigned.
· Ensures that all documentation is current, complete, accurate and in compliance with applicable regulatory standards.
· May lead cross functional teams and engage in activities such as clarifying responsibilities and commitments, hand-offs, training and communication.
· Applies subject matter expertise (SME) in physical security and regulatory knowledge to evaluate current practices, gap analysis and risk reduction initiatives.
· Expected to remain current with evolving regulatory requirements and ensure completeness of requirement inventory and compliance artifacts.
· Respond to ad hoc requests from other lines of business and compliance oversight organizations to ensure timely oral and written communication.
· Support Corporate Security requirement owners in the development, implementation and maintenance of effective controls.
· May lead written responses to regulatory data requests, investigations, compliance and regulatory audits and customer inquiries.
· Conduct quality reviews on programmatic compliance activities.
· Develop documentation related to audit findings, self-reports, root cause analysis, mitigation plans and evidence of completion.
· May monitor developing or evolving compliance obligations to ensure compliance with national, regional and local regulations. Developing new metrics as needed.
· Participate, monitor and track LOB-owned compliance issues in Corrective Action Plans (CAP), initiation through closure.
· Implement commitment tracking activities associated with regulatory requirements
· Monitor compliance-related metrics, Implement WECC / NERC / FERC self-reporting process, including making non-compliance (PNC) determinations and preparing self-reports to the regulator.
· Validating, through Gap Analysis and Self-Certification, that complete and accurate evidence of compliance exists.
· Support requests from the NERC steering Committee and NERC Governance Committee
· Preparing presentations on compliance topics for Corporate Security, as needed.
· Develop and enhance compliance-related training.
· High School Diploma or GED Equivalent
· 3 years of experience in compliance related field, including some experience in physical security or in project management leading multiple complex projects
· Seven (7) years of experience in compliance related field, including some experience in physical security and project leadership role managing multiple complex projects
· Bachelor’s degree in job-related discipline or equivalent experience
· Auditor certification
· ASIS Certified Protection Professional (CPP) or Physical Security Professional (PSP)
· PMI-Project Management Institute PMP-Project Management Professional certification