Cybersecurity Senior GRC Analyst

Requisition Number: 28916 

At UGI Utilities, Inc. we believe in providing a superior range of energy products and services to our customers in a safe, affordable manner. As our energy needs evolve, UGI will be there providing safe and reliable service that brings warmth and comfort to our 750,000 customers in 45 counties in Pennsylvania and 1 county in Maryland.

We strive to reflect the communities we serve by attracting and retaining top talent, while maintaining a diverse workforce that embraces our culture of safety, service, and integrity. As an employee of UGI Utilities, you can expect a competitive total compensation plan and comprehensive benefits. Employees work in a collaborative environment, have upward mobility opportunities, and the ability to enjoy a true work life balance.

To learn more about UGI's workplace culture, sustainability efforts, and commitment to inclusivity, we invite you to visit our UGI Corporate sustainability page. 

Apply to UGI Utilities today to share in our mission and support countless neighbors, friends, and families in providing best-in-class products and services!

Job Summary

The Governance Risk & Compliance (GRC) Cybersecurity Senior Analyst  plays a critical role in ensuring that UGI Utilities Inc. operates within its regulatory, legal, and compliance obligations while managing risk effectively. The GRC Cybersecurity Senior Analyst  will report directly to the Global Cybersecurity Risk Manager. This role involves collaborating with cross-functional teams to design, implement, and maintain governance, risk, and compliance processes for UGI Utilities Inc. cybersecurity regulatory requirements. The ideal candidate is detail-oriented, analytical, and experienced in compliance, risk management frameworks, and governance best practices.

Key Responsibilities:

Governance:

• Track UGI Utilities, Inc. compliance to the cybersecurity regulatory requirements (i.e., TSA, PUC, etc.)  
• Through collaboration assist with tracking the maintenance of processes and procedure documentation that supports the compliance to regulatory requirements.
• Assist with the review of policies and standards through collaborating with stakeholders.
• Collaborate with stakeholders to establish and track metrics for UGI Utilities, Inc. cybersecurity regulatory governance programs.
• Collaborate with stakeholders who monitor regulatory requirements and monitor industry developments to ensure compliance with changes.

Risk Management:

• Responsible for tracking all activities (i.e., Tabletop exercises, Cybersecurity Architecture Design Reviews, TSA Cybersecurity Action Plan, the Biennial cybersecurity audit ,etc.) to measure regulatory compliance for required internal and external assessments related to UGI Utilities, Inc.
• Track all gaps from internal and external assessments to completion.    

Compliance:

• Create awareness of compliance to company policies and standards and regulatory requirements through monitoring and reporting.
• Collaborate with IT stakeholders to monitor UGI Utilities, Inc. cybersecurity exceptions and other IT operational activities that may have gaps. 

Collaboration and Reporting:

• Partner with IT, Legal, HR, Enterprise Risk Management and other departments to ensure alignment on risk and compliance efforts.
• Collaborate with stakeholders to ensure they have operational metrics to monitor their compliance.
• Collaborate with the Cybersecurity GRC team to deliver regular risk and compliance metrics for the IT senior leadership.

Qualifications:

• Bachelor’s degree in Information Security, Risk Management, Computer Science, or related field, required.
• 4–6 years of experience in GRC, risk management, or compliance roles.

Skills and Competencies:

• Strong understanding of GRC tools and platforms (e.g., RSA Archer, ServiceNow GRC, Fusion).
• Familiarity with risk management frameworks (e.g., NIST 800, COBIT, FAIR) and compliance standards.
• Exceptional analytical, problem-solving, and organizational skills.
• Strong written and verbal communication skills, with the ability to interact effectively with stakeholders at all levels.
• Certifications such as CISA, CRISC, CISSP, CMMC, or PCI  preferred.

Key Attributes:

• Attention to detail and ability to manage multiple priorities.
• Proactive mindset with a focus on continuous improvement.
• Collaborative team player who can influence without authority.

 UGI Utilities, Inc is an Equal Opportunity Employer. The Company does not discriminate on the basis of race, color, sex, national origin, disability, age, gender identity, sexual orientation, veteran status, or any other legally protected class in its practices.

Successful applicants shall be required to pass a pre-employment drug screen as a condition of employment, and if hired, shall be subject to substance abuse testing in accordance with UGI policies.

As a federal contractor that engages in safety-sensitive work, UGI cannot permit employees in certain positions to use medical marijuana, even if prescribed by an authorized physician. Similarly, applicants for such positions who are actively using medical marijuana may be denied hire on that basis.