Sempra: Where opportunity powers impact

At Sempra, we tackle the biggest energy challenges that face ourindustry. Our high-performing team leverages the full capabilities ofour organization to serve 40 million consumers across NorthAmerica. By collaborating and challenging one another acrossmultiple disciplines, we inspire our best work, ideas andinnovation. From increasing liquified natural gas (LNG) capacitiesto reducing carbon emissions to helping people prepare for therealities of climate change, we are committed to building a betterenergy future for all.

Primary Purpose

The primary responsibility of the Cybersecurity Governance Manager is to enhance and lead the Corporate Cybersecurity IT Governance Program in collaboration with the IT and Cybersecurity teams at Sempra Companies. This role demands strong leadership and project management skills, along with the expertise to conduct comprehensive system-wide security analyses, evaluate the effectiveness of controls, assess risks, and develop policies, standards, and guidelines.

Duties and Responsibilities

• Corporate policies and standards: Develops enterprise cybersecurity policies and standards. Aligns policies to National Institute of Standards and Technology (NIST) and other regulatory frameworks. Communicates updates and maintains the roadmap for future policy requirements. Liaison with business units to communicate, educate, and clarify and policy questions.
• Metrics and reporting: Creates and maintains metrics and reports for the Corporate Cyber Council and Board. Establishes processes for consistent, accurate, and repeatable reporting.
• GRC Operating Model: Implements and maintains the General Rate Case (GRC) tool and processes to support tracking and monitoring of risks, issues, and risk exception for Sempra Companies.
• Team Management: Provides leadership to a team made up of employees and third parties. Provides direction, motivation, and strategic oversight. Owns all aspects of employee management for a large team, directing work and providing guidance. Responsible for all aspects of performance management, training, and development. May supervise team leads.
• Management self-assessment program: Performs and/or engages a third party to perform assessments of any process with cybersecurity risk to evaluate the risks and adequacy of controls. Establishes meaningful recommendations considering risk and impact to business processes where gaps are identified.
• Approves contracts and services with 3rd party vendors.
• Performs other duties as assigned.