APPLICATION DEADLINE: Open Until Filled
For over 125 years, Portland General Electric has proudly served Oregon. Our dedication to helping customers is matched by our commitment to providing PGE employees with a diverse array of rewarding career opportunities. Diversity and community are at the heart of what we do for our customers and for each other. We are committed to a team that looks like the Oregon community that we know and love.
PGE team members are creative problem solvers who love to apply themselves to challenges, big and small. We are looking for team members who will grow their skills, their career and their future with us.
IT Risk and Compliance Manager (R17-164)
The IT Risk and Compliance manager is a manager within the Information Technology (IT) department responsible for assessing and overseeing all IT-related compliance issues including privacy, business continuity, identity management, user access and data integrity. This includes providing objective risk assessments of the company's compliance with regulatory, organizational and commercial requirements governing the organization's information technology systems.
The IT Risk and Compliance manager will also direct the development and implementation of policies, procedures and controls to ensure that the organization's practices remain observant to all pertinent local, state/province/county and federal laws and industry standards. In this role, the IT Risk and Compliance manager will work directly with non-IT compliance professionals such as legal, audit and corporate compliance to ensure organizational alignment.
The ideal candidate is a thought leader, a consensus builder, collaborator, and an integrator of people and processes. As the leader of the IT compliance program, he or she must be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity.
You will support our journey by leading these IT initiatives:
Risk Management (20%)-
- Govern information technology policies and ensure they are current to updated regulations or laws.
- Create an IT compliance risk assessment framework and periodically assess the risks.
- Manage all the risk-related activities of PGE’s IT organization and recommending appropriate remediation measures.
Compliance Management (60%)-
- Inventory all technology compliance requirements.
- Develop and direct IT compliance control monitoring programs to ensure acceptable residual risk.
- IT compliance issue management tracking that will address known issues, according to severity and potential impact to the organization.
- Report the levels of IT compliance risk and control effectiveness to key stakeholders.
- Coordinate audit-related tasks such as ensuring the readiness of IT managers and their organizations for audit testing and facilitating the timely resolution of any audit findings.
- Manage the overall IT compliance-related budget/financial spend.
- Assist with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives.
- Oversee the monitoring and periodic testing of IT compliance.
Disaster Recovery / Emergency Management (20%)-
- Assist business and IT management in the design and planning of emergency procedures and recovery plans to align corporate resiliency goals with capabilities
- Lead and maintain IT disaster recovery practices and procedures.
- COMMUNICATIONS (description and reason for contacts)
- Officers and senior management - Balance IT Compliance and business constraints to provide recommendations for strategies, changes to practices/procedures, and interpretations of regulatory requirements to senior management. Educate and negotiate technology based risk concepts.
- External Regulators–. Resolve conflicts, protect PGE interests and solicit assistance / information.
- Managers - Lead and partner in the development of policies, procedures, and requirements with regards to company security and technology risk. Communicate audit and compliance results.
- Other utilities' managers - Exchange information and solicit assistance / information.
You will bring the following skills to our team:
- 10-12 years of management experience related to running an information risk, compliance or governance function.
- 5-7 years of consulting or general industry experience coupled with a detailed knowledge of the IT domains related to Operations, Risk Management and Compliance
- 3-5 years of working Knowledge and understanding of national and international regulatory compliance frameworks such as ISO (International Organization for Standardization), NERC CIP (Critical Infrastructure Protection), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.(PCI DSS) ITIL (Information Technology Infrastructure Library), COBIT and (National Institute of Standards and Technology) NIST
- Poise and ability to act calmly and competently in high-pressure, high-stress situations
- Critical thinking with strong problem-solving skills
- Strong communication skills (written and oral), particularly with government/legal agencies and external/internal auditors.
- Excellent knowledge of technology environments.
- Demonstrated understanding of data processing, hardware platforms, and enterprise software applications and outsourced systems.
- Solid understanding of project management principles.
Join us today and power your potential!
PGE is committed to diversity and inclusion in the workplace and is an equal opportunity employer. PGE will not discriminate against any employee or applicant for employment based on race, color, national origin, gender, gender identity, sexual orientation, age, religion, disability, protected veteran status, or other characteristics protected by law.
To be considered for this position, please complete the following employment application by the deadline:
If you have any questions, please feel free to call us at 503-464-7250.
PGE believes in rewarding strong performance. We provide a total compensation package that is designed to reward your contributions to the company, and, at the same time, support your well-being and professional development, both now and into the future.
Assisting with storms or other Company emergencies is a part of all positions at Portland General Electric.
Talent Acquisition Contact:
Connect with us on Twitter (twitter.com/PortlandGeneral),
Facebook (facebook.com/portlandgeneralelectric) and
THIS IS AN INTERNAL / EXTERNAL JOB POSTING