Senior Advisor, Data Protection

Join the Clean Energy Revolution

\u00a0

Become a Senior Advisor, Data Protection at Southern California Edison (SCE) and build a better tomorrow. In this job, you\u2019ll develop, enhance, and implement Data Exfiltration controls in close collaboration with data owners, application owners, cybersecurity, IT architecture, procurement, compliance, legal, and enterprise risk management teams.

\u00a0

Key responsibilities include:

\u00a0

• Developing Data Protection Program: Work with data owners, application owners and other stakeholders to develop robust data exfiltration, data classification, ownership, data minimization, incident response and external sharing requirements. Partner with Cybersecurity to implement the rules.
• Monitoring and Improving Controls: Work with Cybersecurity and other parties to ensure SCE effectively monitors and protects confidential data.
• Security Architecture: Partner with IT Architecture and Cyber to ensure data protection needs are taken into account.
• Cloud Protection Controls: Help optimize secure hybrid cloud infrastructure (AWS, Azure, on-prem), ensuring cost efficiency and enhanced security.
• Risk Management: Provide security advisory to executive committees, offering insights on security posture, risk, and compliance. Contribute to policies for business impact analysis (BIA), business continuity planning (BCP), disaster recovery planning (DRP), and incident response planning (IRP)
• Vendor Management: Conduct vendor security due diligence in partnership with Supply Chain, Legal, Compliance and Risk Management.
• Compliance: Ensure compliance with regulatory frameworks such as SOC2, FISMA, FedRAMP, NIST, and ATO. Lead assessments and maintain compliance, reducing risk exposure.
• Information Governance: Develop and enforce robust information governance policies, overseeing ITIL/ITSM-based operations.
• Identity and Access Management (IAM): Work with IAM team to ensure robust identity governance and secure authentication and authorization processes.
• Data Protection Awareness: Champion organization-wide security awareness programs, fostering a \"security-first\" culture.

• Oversees customer fraud prevention activities, mitigates privacy incidents and misuse of customer information
• Develops and reviews information governance policies, standards, presentations, communications and trainings
• Develops materials for internal and external audits, external assessments and regulatory reporting for the management of company information
• Oversees and ensures projects align to information governance policies and standards
• Contributes to product assessments for emerging technology platforms and new service offerings
• Provides complex input to strategic business initiatives within the information governance practice
• Leads the coordination of data quality remediation plans where data fails to meet established Information Governance standards
• Participates in the development, implementation, and maintenance of a Information Governance process framework that integrates with guidance, policies and processes
• Participates in business continuity policy development and process mapping
• Leads efforts to ensure the ongoing support and compliance of the corporate records and information management function and the Data Privacy program
• A material job duty of all positions within the Company is ensuring the protection of all its physical, financial and cybersecurity assets, and properly accessing and managing private customer data, proprietary information, confidential medical records, and other types of highly sensitive information and data with the highest standards of conduct and integrity.

• Ten or more years of experience with information governance and data management practices and processes.

• Bachelor\u2019s or Master\u2019s Degree in Information Systems, Computer Science, or related disciplines.
• Certifications: ITIL\u00ae 4 Foundation Certification in ITSM, AWS or Azure Certified Practitioner, CISSP, CISM, CISA, or similar certifications.
• Fifteen (15) or more years of experience in Cybersecurity, enterprise technology, and cloud strategies. Proven record of aligning Cybersecurity and IT initiatives with business objectives to drive growth and operational efficiency.
• Technical Skills: Expertise in CASB, SOAR platforms, MDR/EDR solutions, SIEM, DNS security, PKI, Palo Alto NGFW, WAF, SSO, SAML, ADCS, Entra, MFA, IAM, encryption, vulnerability assessments, penetration testing, regulatory compliance, risk management, software licensing, endpoint and device management, email security, cloud security, infrastructure management, enterprise IT operations, storage and database management, Linux administration, remote access, VDI, networking, monitoring, telephony, software escrow, project management, engineering and development, ERP and CRM systems.
• Leadership and Communication: Ability to work collaboratively with cross-functional teams, Proactive problem-solving and creative thinking abilities, Commitment to fostering a security-first culture within the organization.

• This position\u2019s work mode is\u00a0hybrid.\u00a0The employee will report to an SCE facility for a set number of days with the option to work remotely on the remaining days.\u202f Unless otherwise noted, employees are required to work and\u00a0reside in the state of California.\u202f Further details of this work mode will be discussed at the interview stage.\u00a0The work mode can be changed based on business needs.
• Visit our\u00a0 Candidate Resource \u00a0page to get meaningful information related to benefits, perks, resources, testing information, hiring process, and more!
• Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.\u00a0
• The primary work location for this position is Rosemead, CA.\u00a0
• This position has been identified as a NERC/CIP impacted position - Prior to being hired, the successful candidate must pass a Personnel Risk Assessment (PRA) or Background Investigation.\u00a0 Once hired, the candidate must complete specified training prior to gaining un-escorted access to assigned work location and performing necessary job duties.
• Relocation may apply to this position.