Share this Job

Chief Information Security Officer


King Of Prussia, PA, US

Company:  UGI Corporation

Power up your career in the dynamic energy industry! UGI Corporation is an international energy distribution and services company that provides superior service in delivering a range of energy products. By operating as a best-in-class service provider, offering a great place to work, serving our communities and delivering value to investors, we aim to positively impact the lives of our shareholders, employees, customers and communities.


UGI Corporation (NYSE: UGI) is a holding company that distributes and markets energy products and services through our subsidiaries and the company’s common stock is a balanced growth and income investment. UGI Corporation has paid common dividends for more than 134 consecutive years.


In addition to a challenging career and competitive compensation, our employees enjoy:

Generous and Family-friendly Health & Welfare Benefits Including:

•    Medical
•    Dental
•    Vision
•    Optional Health Savings Account
•    Optional Dependent Care Savings Account
•    Paid Maternity/Paternity Leave
•    Prescription Coverage
•    Health Advocate
•    Life Insurance
•    Disability Insurance 
•    Work from home policy
•    Employee Assistance Program


Additional Benefits Include:

•    401K with a generous company match
•    Tuition Reimbursement
•    Assistance with Professional Credentialing
•    Adoption Assistance
•    Pet Insurance 
•    Referral Bonuses
•    Onsite Deli 
•    Employee Discount Programs



The Chief Information Security Officer will establish, plan and administer the overall policies, goals and procedures for the information security function for UGI Corporation and its business units (collectively, the “Company”). The incumbent will initiate, implement and develop information security and disaster discovery programs in accordance with organizational information security standards; perform and evaluate information risk on a regular time schedule and promote information security awareness within the Company.


Job Responsibilities:

  • Develop, implement, and monitor a strategic, comprehensive organization-wide information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the Company
  • Facilitate information security governance through implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board
  • Develop, publish and maintain up-to-date security policies, standards and guidelines; and oversee training and dissemination of security policies and practices
  • Create, implement and communicate a risk-based process for vendor risk management
  • Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users
  • Work directly with business unit and functional leaders to facilitate IT risk assessment and risk management processes, and work with the VP-Information Technology and appropriate staff throughout the organization on identifying acceptable levels of residual risk
  • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection
  • Develop and enhance an information security management framework based on one of the currently accepted standards such as ISO 27001 ISM
  • Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
  • Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings
  • Work with the VP-Information Technology to respond to and address risks and audit findings; define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings
  • Manage security incidents and events to protect IT assets, including intellectual property, regulated data, and the Company’s reputation
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the security program, facilitate appropriate resource allocation, and increase the maturity of the program


Job Requirements:

  • Minimum 10 plus years’ experience in Information Security
  • Bachelor Degree in Computer Science, Information Systems, Cyber Security o
  • Certifications in one or more areas: CISSP, CISM, CEH, CCSP
  • Security design and implementation experience in a large-scale corporate environment
  • Familiarity with third-party audits and risk assessment methodologies
  • Familiarity or experience with ISO 27001/27002, ITIL, COBIT and NIST Cybersecurity frameworks
  • Experience with PCI, NIST, and SOX compliance assessments
  • Experience with secure coding practices, ethical hacking and threat modeling
  • Excellent, transparent, and persuasive communication and presentation skills with the ability to distill complex information for non-technical audiences
  • Innovative problem solver who uses critical thinking approaches to proactively solve a broad range of problems across business processes and related technologies
  • Strong business skills and demonstrated ability to build solid working relationships with teammates, business leaders, and stakeholders while exhibiting genuine care
  • Collaborative leader who creates open channels of communications and encourages constructive dialogue



All offers of employment are contingent upon the successful completion of a background check and drug screen, subject to applicable laws and regulations.


UGI Corporation is an Equal Opportunity Employer.  The company maintains and observes employment policies that do not discriminate against any person because of race, color, sex, sexual orientation, gender identity, national origin, religion, disability, age, ancestry and any other basis prohibited by federal, state or local law. This applies to recruiting, hiring, training, compensation, overtime, job classifications, work assignments, promotions, demotions, layoffs, terminations, transfers, and all other conditions of employment.

Nearest Major Market: Philadelphia

Job Segment: Information Security, Executive, Medical, Corporate Security, Technology, Management, Security, Healthcare