• Apply Now! Will take less than 5 minutes
• Refer a friend (by e-mail) to this job opportunity

Rearden Commerce, creator of the Deem™ commerce platform, is transforming commerceon behalf of buyers and sellers. Through a suite of interoperable smart applications, the Deem platform is designed to leverage big data, analytics and semantics technology to optimize the exchange of goods, services, and information with personalization and repeat value to drive customer loyalty. Deem is distributed globally by more than 40 strategic partners including American Express and JPMorgan Chase — connecting millions of consumers and over 35,000 business customers across every market segment to more than 1.2 million merchants. Rearden Commerce is headquartered in Foster City, California.

The Deem commerce platform is designed to connect buyers and sellers via Absolute Relevance™ technology. Deem leverages big data, social collaboration, game-mechanics, semantics and advanced machine learning to optimize the exchange of goods, services and information between buyers and sellers, resulting in the web's most personalized one-to-one marketplace.

This position, reporting to the Information Security Officer, is responsible for design and implementation of the application security program at Rearden Commerce.  Key components of the program are security architecture governance and application vulnerability management. The governance role includes development and maintenance of secure application coding standards and policies, participation in the integrated architecture governance program, and management of security exceptions and application risk assessments.  The vulnerability management responsibility includes both static code analysis and ongoing active vulnerability assessment.

Responsibilities:

The Principal Application Security Engineer is responsible for driving selection, implementation and maintenance of all code analysis and vulnerability assessment tools and processes.   Support for PCI and other external audits of Rearden Commerce applications and infrastructure is also a part of this role.  Finally, the Principal Application Security Engineer is responsible for acquiring and / or developing and delivering educational materials to ensure Rearden software engineers are well-trained in secure application development practices.  This candidate will also support the network security functions.

Qualifications:

• 3-5 years application development experience in a secure environment handling sensitive data
• 2+ years experience in application security (as an architect, tech lead or senior engineer focused on application security)
• Demonstrated expertise in application security spanning multiple development platforms (ideally, Java/J2EE, .Net and Ruby on Rails)
• Practical experience implementing static and/or dynamic application vulnerability and risk assessment tools and programs
• Excellent communication and consultative skills
• Proven track record developing secure applications in Java and improving application security
• Bachelors in CS or the equivalent

Additional Qualifications:

• CISSP, BSCS or MSCS certifications
• Application security program management experience
• SIEM implementation/support experience
• PCI audit preparation experience
• Hands-on secure application development experience in .Net and Ruby on Rails

Job Title: Technology Risk Advisor, Principal (Customer)
Job Location: San Francisco, CA
Job Type: Staff

Job Description

The Technology Risk Management job family is responsible for overall relationship management and risk operating/analytics related to the cyber risk management program for each line of business. Technology Risk Advisor builds and maintains relationships with Business Unit partners to understand business requirements, issues resolution and sustained overall customer satisfaction. Participates in enterprise technology planning, bringing a current knowledge and future vision of technology/industry as it relates to a line of business.

Requirements

Education:

• B.A./B.S. degree or equivalent work experience in computer science, business administration or other relevant field required.
• M.S. or M.B.A. degree in business administration or computer science desired

REQUIRED:

• Minimum of 8 years of relevant technical experience
• Minimum of 4 years of supervisory and leadership experience over an IT function
• Utility Experience

DESIRED:

• PG&E experience within the related line of business.
• Demonstrated experience managing technical teams to successfully deliver IT services

License/ Certification:

• CISSP certification, or ability to obtain via self-study within one year of date of hire, other relevant IT or security certifications.

Responsibilities

• Expert contributor to security vision, strategy, planning and leadership for the design, development, implementation and support of technology risk management framework.
• Proactively provides expert knowledge of industry trends and technologies as it relates to specific opportunities where security can enhance value to the business and/or addresses a specific business need.
• Identifies risk opportunities to make IT and business processes more effective and efficient.
• Drive compliance to standards/regulations and governance processes as it relates to the business.
• May direct small teams of technical and professional staff.

Core Responsibilities (Advisor):

• Directly responsible for overall business relationship.
• Manages up to a large size portfolio and/or multiple portfolios.
• Ensures successful implementation of security into new/enhanced systems to meet scope, schedule, and budget.
• Overall translation of risk from A&V, T&I, and BC/DR teams into consistent format.
• Accountable for communication of risk posture to business units.
• Accountable for overall risk calculation reporting to CISO, CIO, and Board.
• Development and execution of a risk-based portfolio management.
• Establishes and updates system inventory for LOB.
• Partners closely and aligns to Business Technology Leads (BTLs).
• Evaluates portfolio risk as part of the annual IT planning process with BTLs and LOBs.
• Engages in project governance stage gate reviews.
• IT representative for each LOB’s Enterprise Risk Management Committee.
• Prioritizes and directs the implementation of mitigation (improvement) activities.
• May conduct Enterprise Risk Management (ERM) related activities across IT as the Risk Manager for IT.
• Analyzes supply & demand and for all risk assessment activities to develop schedule with A&V team.
• Oversees contracting resources and supervises small teams of technical employees, where applicable.

Key Outputs (Advisor):

• LOB risk portfolio. (Production and project based view).
• Business engagement and relationship heat-maps.
• Periodic risk measurement.
• System risk assessments.
• ERM IT Risk Register
• Supply and demand forecast.
• Risk assessment master schedule.

Pacific Gas and Electric Company is an AA/EEO employer that actively pursues and hires a diverse workforce.

Contact Information:

Christopher Lee
Pacific Gas and Electric Company
San Francisco, CA
415-852.0162
www.pge.com/careers | Requisition Number: 50604212

Job Title: Cyber Incident Specialist, Principal
Job Location: San Francisco, CA
Job Type: Staff

Job Description

The Enterprise Technology Risk Management (ETRM) function is responsible for IT security
across the organization as well as the related implementation of appropriate controls for
regulations such as SOX, HIPAA, CA1386 and NERC/CIP. The function has direct responsibility
for establishing IT Security standards, toolsets and processes and then matrixing them to the
delivery, operation and maintenance areas across PG&E. The Threat & Incident Management
group is responsible for ensuring that PG&E proactively identifies and assesses threats to its
network and data, investigates intrusions and other relevant events, and has a sophisticated and
detailed understanding of the evolving threat landscape.

The Cyber Incident Specialist, Principal will build out and manage the Incident Response program,
providing leadership, support, guidance and mentoring to the Incident Response team. The
Incident Response program includes cyber incident response, digital forensics and eDiscovery
services provided to the entire company. The ideal candidate will possess extensive experience in
the area of incident response supplemented by expertise in digital forensic investigations and the
evidentiary process, ideally honed in a corporate environment. In addition to strong judgement and
discretion, he/she will possess exceptional communication and presentation skills.

Requirements

Required:

• Bachelor's Degree, or equivalent work experience
• CISSP or EnCE or ACE or CCE or related Degree

Highly Desired:

• CFE, GREM,
• Other Certifications considered desirable include ECSAP, EnCE, GCFA Security, SANS
• certificates.
• A minimum of 10 years in cyber incident response or digital forensic experience; may be  substituted for other more specialized experience such as malware reverse engineering and application programming experience.
• Politically astute; persuasive and credible at senior levels
• Strong case management and forensic procedural skills
• Previous experience with Guidance EnCase and other digital investigations tools
• Deep technical skills including malware reverse engineering, scripting and other relevant technical security skills
• Strong case management and forensic procedural skills

Responsibilities

• Serves as the ultimate subject matter expert on cyber incident response within the company
• Leads PG&E’s response activities to cyber incidents in concert with the IT department and
• affected lines of business.
• Utilizes digital forensic tools including Guidance EnCase to lead digital investigations and perform
• incident response activities.
• Understands how threat actors execute cyber-attacks and has the ability to search for and find
• evidence of those attacks
• Conducts investigations of computer based events and other security issues.
• Establishes links between suspects and other violators by piecing together evidence uncovered
• from a variety of sources.
• Analyzes and evaluates investigative progress to reassess priorities, leads and direction.
• Maintains a liaison with the organization's Law Department and Corporate Security
• Prepares clear, comprehensive and cohesive investigative reports based on established procedures.
• Detects and assesses threats  to the infrastructure.
• Establishes and maintains defensible evidentiary process for all investigations
• Uses and maximizes relevant investigative tools, software and hardware
• Coordinates with IT to leverage skills and resources in support of investigations
• Contributes to Information Security investigation best practices
• Advances the practice and science of information security investigation

Pacific Gas and Electric Company is an AA/EEO employer that actively pursues and hires a diverse workforce.

Contact Information:

Christopher Lee
Pacific Gas and Electric Company
San Francisco, CA
415-852.0162
www.pge.com/careers | Requisition Number: 50576605