Cybersecurity Risk Lead

Tulsa, OK, United States

PPL Corporation

Cybersecurity Risk Lead

Louisville ,

Kentucky

Apply Now

As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation. PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid. We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve. PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today.

Overview

PPL is seeking a highly skilled Cybersecurity Risk Lead to join our Cybersecurity Governance, Risk, & Compliance team. As part of our team, you will be responsible for managing and maturing the third-party risk program including; third party risk assessments, identifying risks that pose cyber impact to our environments from third parties, escalating third party incidents and managing third party risk remediation efforts.

This is a key leadership role where you will work closely with Supply Chain, Legal, Business leaders, and other Cyber teams to ensure the security of PPL’s Enterprise vendor ecosystem. You will drive program improvements and integrate the program into Cyber, IT, and other Business functions. You will have direct responsibility for managing Third-Party risk reduction and present metrics to senior leadership. You will provide expert guidance, thorough security risk assessments, and provide detailed remediation plans to third parties.

NOTE: This position is available remote or hybrid with working locations in Louisville, KY ; Allentown, PA ; Providence, RI

Responsibilities

Lead and drive third-party incident notifications and work directly with the Cyber Operations team to remediate and communicate.

Be the technical leader and own managing/mitigating third party risks across the Enterprise.

Keep cybersecurity training and knowledge current by monitoring the latest security threats and vulnerabilities, as well as recent breaches that could impact PPL third and fourth parties.

Maintain an understanding of information security controls, how they are used to detect and respond to cybersecurity risks, how they impact the business, and how gaps can be mitigated/remediated.

Leverage strong communication skills to write clear and concise risk assessments detailing findings and recommendations used to inform multiple levels of business functions across the Enterprise.

Provide recommendations for remediation of identified third party security risks.

Mature and maintain a centralized repository for all third-party risk management documentation activities.

All other duties and projects as assigned.

Qualifications

Bachelor’s degree and 7 years of experience OR 10 years of related work experience in 3rd party risk management, vendor management such as SIG or CAIQ, or equivalent experience in cyber preferably product security, IT Audit, or IT risk management.

Strong knowledge of SaaS platforms, Web App Security, Microsoft 0365, and Azure Iaas.

Proficiency in risk documentation and escalating high vendor risks to leadership.

Experience in managing and improving a Cyber Program, preferably TPRM.

Understanding of strategic priorities and ability to adapt program and approach to align with them.

Knowledge of managing risks associated with geopolitical issues and products.

Ability to audit third party security documentation and ask technical maturity questions and drive remediation action items.

Strong communication and report-writing skills.

Note: Must meet all requirements within this section before considered as a candidate.

Preferred Qualifications

Knowledge of relevant legal and regulatory requirements, including GDPR and SOC2.

A degree in Cybersecurity or a recognized certification such as the CISSP, CISA, CompTIA, and Sec+.

Experience with SaaS security and web application security assessment is a plus.

Hands-on experience and a strong track record of successfully identifying third party risks, communicating major risks to senior leadership, and driving remediation efforts.

Bachelor’s degree and 7 years of experience OR 10 years of related work experience in 3rd party risk management, vendor management such as SIG or CAIQ, or equivalent experience in cyber preferably product security, IT Audit, or IT risk management.

Strong knowledge of SaaS platforms, Web App Security, Microsoft 0365, and Azure Iaas.

Proficiency in risk documentation and escalating high vendor risks to leadership.

Experience in managing and improving a Cyber Program, preferably TPRM.

Understanding of strategic priorities and ability to adapt program and approach to align with them.

Knowledge of managing risks associated with geopolitical issues and products.

Ability to audit third party security documentation and ask technical maturity questions and drive remediation action items.

Strong communication and report-writing skills.

Note: Must meet all requirements within this section before considered as a candidate.

Preferred Qualifications

Knowledge of relevant legal and regulatory requirements, including GDPR and SOC2.

A degree in Cybersecurity or a recognized certification such as the CISSP, CISA, CompTIA, and Sec+.

Experience with SaaS security and web application security assessment is a plus.

Hands-on experience and a strong track record of successfully identifying third party risks, communicating major risks to senior leadership, and driving remediation efforts.

Lead and drive third-party incident notifications and work directly with the Cyber Operations team to remediate and communicate.

Be the technical leader and own managing/mitigating third party risks across the Enterprise.

Keep cybersecurity training and knowledge current by monitoring the latest security threats and vulnerabilities, as well as recent breaches that could impact PPL third and fourth parties.

Maintain an understanding of information security controls, how they are used to detect and respond to cybersecurity risks, how they impact the business, and how gaps can be mitigated/remediated.

Leverage strong communication skills to write clear and concise risk assessments detailing findings and recommendations used to inform multiple levels of business functions across the Enterprise.

Provide recommendations for remediation of identified third party security risks.

Mature and maintain a centralized repository for all third-party risk management documentation activities.

All other duties and projects as assigned.

Remote Work

The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both. Assigned work location may change. In the case of remote work, physical presence in the office/on-site may be required to engage in face-to-face interaction and coordination of work among direct reports and co-workers.

Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.

#J-18808-Ljbffr