Global Cybersecurity GRC Manager

Job Summary

This position is a leadership position reporting to the CISO. The Global Cybersecurity Governance Risk & Compliance Manager role is responsible for growth and execution of the enterprise, wide UGI Information Security Governance & Risk Program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected through governance processes and adequate risk assessments. This hands-on role is also responsible for
identifying, evaluating, and reporting on cybersecurity risk for information assets, while supporting and advancing business objectives through qualitative and quantitative metrics, third party relationship due diligence, and mergers and acquisitions.

Duties and Responsibilities

 Govern the global information security program to ensure adequate controls are in place to

protect the confidentiality, integrity and availability of information owned, controlled or

processed by the Company via company policies and standards.

 Manage a global security compliance program based on UGI standards, industry standards,

applicable regulatory and compliance requirements (e.g., FISMA, PCI, SOX, GDPR,

CCPA,PUC, etc.).

 Accountable for reporting out the cybersecurity compliance of the company through

monthly metrics.

 Advise the CISO on emerging risks and trends developing within the company from metrics

and security exceptions and other forms of communications

 Accountable for tracking all third-party breaches and remediations that are not directly

supported by UGI’s technology team.

 Oversee technical assessments and processes of the effectiveness and design of

cybersecurity controls, including, application security controls, vendor security reviews,

security exceptions, mergers & acquisitions, technology projects, identity access

management, data loss prevention and artificial intelligence activities.

 Collaborate with key stakeholders (i.e. Information Technology, Cybersecurity Risk

Manager, Legal, HR , Procurement, etc.) regarding the development, implementation and

sustainability of programs that support the governance, risk and compliance processes.

 Lead the identification and development of talent and for managing performance to ensure

goals and objectives are met or exceeded.

 Ability to develop a mentoring culture with both experienced team members and junior staff

 Consistently measuring GRC talent performance to identify strengths and opportunities

through qualitative and quantitative metrics.

 Ensuring a continuous improvement process is embedded in the teams’ practices to further

advance the GRC program.

 Develop external relationships to keep a pulse on what is happening in the industry.

Knowledge, Skills and Abilities

This position requires keen external focus and avid learning given the rapid pace of change
globally.
 Resourcefulness, good judgment, persistence, the ability to influence others and strong
executive presence are some of the qualities of a successful candidate.
 Experience working with a diverse set of stakeholders across complex and diverse
organizational structures.
 Prior managerial experience leading security or compliance teams is required.
 Experience in energy, financial or other regulated industries is preferred.
 Bachelor’s degree in Computer Science, Information Systems, Cyber Security or
Information Technology.
 Master’s Degree (Preferred): in Cybersecurity, Risk Management or Business
Administration (MBA) with a Cyber or Risk focus can provide a deeper understanding of
strategic management and leadership.
 One or more Industry-standard security certifications (such as CISSP, CISM, CISA, CRISC)
is preferred.
 Experience working with a diverse set of stakeholders, including international across
complex and diverse organizational structures.
 Experience using various frameworks such as NIST, ISO/IEC 27000, NERC-CIP, FAIR, CSA,
COBIT, COSO, OCTAVE, PCI 27000 series, ITIL, COBIT.

Education and Experience

Bachelor’s degree in Computer Science, Information Systems, Cyber Security or Information Technology.

Master’s Degree (Preferred): in Cybersecurity, Risk Management or Business Administration (MBA) with a Cyber or Risk focus can provide a deeper understanding of strategic management and leadership.

One or more Industry-standard security certifications (such as CISSP, CISM, CISA, CRISC) is preferred.

Experience working with a diverse set of stakeholders across complex and diverse organizational structures.

Experience using various risk management frameworks such as NIST, ISO/IEC 27000, FISMA, FAIR, CSA, COBIT, COSO, OCTAVE, PCI 27000 series, ITIL, COBIT, NIST Cybersecurity. 

Experience in energy, financial or other regulated industries.

Prior managerial experience leading security or compliance teams is a plus.