Director of Cybersecurity - GRC
Company: PSEG
Location: Newark
Posted on: April 1, 2026
|
|
|
Job Description:
Job Number: 7454 External Description: Job Summary The Director,
Cybersecurity Governance, Risk, and Compliance leads the
development, implementation, and ongoing coordination of
enterprise-wide Cybersecurity Governance, Risk, and Compliance,
including Regulatory Assurance (e.g. NRC, SOX, DoE, NERC CIP, TSA,
Internal Audits, etc.), Cybersecurity Risk, Cybersecurity Policy,
Cybersecurity Awareness, and Nth Party Risk Management and
Assurance. (S)he coordinates across all business lines, service
departments, external risk organizations (e.g. cross-sector cyber
industry trade organizations), and peer energy companies. As PSEG’s
senior leader responsible for Cybersecurity Governance, Risk, and
Compliance, (s)he will also be responsible for defining and
aligning cybersecurity policies, strategy, and standards. (S)he
will be responsible for multiple discrete projects/enhancements to
build, maintain, and mature capabilities, including people,
processes, and technologies. (S)he will engage across the entire
IT, OT, and managed services landscapes, including leading a team
across these environments. (S)he will spend his/her time * Serving
as the Subject Matter Expert for Cybersecurity governance, risk,
and compliance issues/concerns/audits. * Conducting cybersecurity
assessments, identifying risks, and tracking/reporting on
remediations. * Providing cybersecurity insight and expertise in
assessing new business opportunities. * Identifying opportunities
for process improvements to deliver increasing efficiency within
the Risk and Control framework. * Interacting with auditors on
cybersecurity management oversight. * Coordinating with outside
vendors/third-parties to protect client information, to secure data
transmission protocols, and to complete/remediate
Information/cybersecurity assessments. * Collaborating closely with
developers and infrastructure teams to implement the Cybersecurity
policies required to protect the integrity, confidentiality, and
availability of the information on an end-to-end basis. *
Implementing the risk assessment framework, which identifies
critical cybersecurity and privacy impacting business process
and/or systems. * Maintaining the global Cybersecurity and IT risk
registers, tracking remediations, and creating status
reports/metrics. * Completing risk assessments of new/existing
infrastructure, systems, Industrial Control Systems, and other
components. * Conducting risk assessments of third-party vendors to
evaluate cybersecurity controls for protecting company-specific
data. * Leading and/or contributing to the creation and maintenance
of the enterprise’s cybersecurity documents (policies, standards,
guidelines and procedures). Ensuring enforcement of these
enterprise cybersecurity documents. * Preparing for, supporting,
and potentially presenting at, Cybersecurity Council, Senior
Executive Team, and Board of Directors meetings. * Preparing
senior-level technical reports for executive management. *
Providing support and risk guidance for enterprise infrastructure,
the wireless environment, Cloud software/infrastructure security,
secure software development, and data protection. * Collaborating
closely with Digital Workplace, Infrastructure, Enterprise Resource
Planning, and Application Development Teams to identify and
remediate cybersecurity issues. * Identifying/overseeing
remediation of open cybersecurity issues and validating closure. *
Maintaining up-to-date cybersecurity knowledge, including awareness
of innovative solutions/processes, emerging standards, and new
threat vectors by reading professional publications, maintaining
personal networks, and participating in professional organizations.
Job Responsibilities Directs, coaches, and counsels
internal/external cyber resources on Cybersecurity technologies,
including Regulatory Assurance (e.g. NRC, SOX, DoE, NERC CIP, TSA,
Internal Audits, etc.), Cybersecurity Risk, Cybersecurity Policy,
Cybersecurity Awareness, and Nth Party Risk Management and
Assurance for all lines of business and service departments for
both IT and OT landscapes. Ensure that Cybersecurity Governance,
Risk, and Compliance service delivery aligns with the corporate IT
strategy, including development of Cybersecurity operations
standards, capacity planning, lifecycle management plans, solution
selection, and partner management. Ensure scalability of
Cybersecurity Governance, Risk, and Compliance capabilities,
including hardware and software, to meet business needs and risk
tolerances. Develops and implements best practices for PSEG
Cybersecurity Governance, Risk, and Compliance capabilities.
Participate in external risk organizations (including with peer
groups) to learn from other organizations and to benchmark our
program. Partner with professional Cybersecurity Governance, Risk,
and Compliance associations, service providers, and to identify and
implement best practices. Partners with and advises various IT
teams. Operationalizes Policies, Practices, and Instructions to
protect against existing and emerging threats. Builds relationships
across PSEG business and technology teams. Interacts routinely with
vendors, service providers, consultants/advisors, law enforcement
agencies, and cross-sector cyber industry trade organizations.
Ensures that cyber governance, risk, and compliance requirements
are identified, well defined, properly documented, and approved by
appropriate stakeholders. Develops, manages, and pre-prioritizes
Cybersecurity CAPEX and OPEX budgets based on business needs and
cyber threats. Lead the identification of optimal OPEX and CAPEX
allocations, including opportunities to reduce expenditures while
transforming PSEG Cybersecurity Governance, Risk, and Compliance.
Lead and advise on business case development. Leads team, including
performance evaluations, career development guidance, and other
aspects to grow the talent pipeline and to mature our program. Job
Specific Qualifications Bachelors degree and 10 years of relevant
cybersecurity experience, including leadership experience
Demonstrated strong leadership and influence skills Demonstrated
strong presentation skills with the ability to present to all
levels of management and executive leadership Experience leading a
Cybersecurity Governance, Risk, and Compliance organization
Executive teamwork, facilitation, relationship building, and
negotiation skills Ability to maintain positive working
relationships both as a leader and as a team member Effective time
management and multitasking skills Ability to communicate
effectively with both technical and non-technical individuals
Strong interpersonal communication skills, analytical abilities,
detail focused, quality focused, and problem-solving skills, as
well as broad knowledge of business functions, information
technologies, and cybersecurity and compliance practice on a global
level A demonstrated ability to develop and maintain policy that
integrates various cybersecurity, network and data protection
technologies and controls into a cohesive solution that
sufficiently mitigates risk Extensive relevant experience in
Cybersecurity, Information Risk Management, Nth-Party Risk
Management, Cybersecurity Policies/Procedures, and Cybersecurity
Compliance/Audit Strong analytical skills, problem solving skills,
writing skills, attention to detail, and conceptual thinking,
including the ability to work with technical and non-technical
business owners Broad knowledge of cybersecurity principles (e.g.
access control, data protection, security architecture,
infrastructure/application security design principles, policies)
and privacy (i.e. GDPR) Working knowledge of cybersecurity and
control frameworks (ISO27001, NIST, CobIT) Effective communication
skills, including the ability to build relationships with technical
and non-technical individuals Be able to identify, analyze, and
address problems in order to resolve issues in ways that minimize
negative impact and risk to the company Experience evaluating
security controls, conducting risks assessments, and providing
guidance to platform architects/developers Demonstrated experience
in delivering comprehensive solutions to complex security issues on
a global scale Confidence in leading diverse matrix teams
independently, making decisions daily as it relates to the
successful delivery of the program Ability and insight to know when
critical decisions must be raised to senior level and/or business
unit management quickly to ensure that the program remains on track
Department of Energy’s regulation 10 CFR 810 is required Desired
Industry Cybersecurity certifications (e.g. CISSP, CEH, etc.…)
Masters in Information Security, Computer Science, Business,
Engineering, or related fields Experience in Electric or Gas
Utility or Power Generation industry, and/or experience in
manufacturing Broad knowledge of IT and related control
environments Job Number: RQ82809_Dir Cyber Sec - GRC Community /
Marketing Title: Director of Cybersecurity - GRC
Location_formattedLocationLong: Newark, New Jersey US
Keywords: PSEG, Hoboken , Director of Cybersecurity - GRC, IT / Software / Systems , Newark, New Jersey
