SDG&E is an innovative San Diego-based energy company that provides clean, safe and reliable energy to better the lives of the people it serves in San Diego and southern Orange counties. The company is committed to creating a sustainable future by providing its electricity from renewable sources; modernizing natural gas pipelines; accelerating the adoption of electric vehicles; supporting numerous non-profit partners; and, investing in innovative technologies to ensure the reliable operation of the region’s infrastructure for generations to come. SDG&E is a subsidiary of Sempra Energy (NYSE: SRE).

Our highly trained and responsive employees with their diverse skills, talents and ideas are the reason we can deliver on our commitment and are building America’s best energy company. They are also the reason why we have been recognized with the industry’s most coveted awards. Our employees undertake challenging work and receive highly competitive compensation and benefits. As one of the region’s largest employers, we’re always searching for talented and bright people to join our team. After all, it takes the best to build the best. Learn more about benefits HERE.

Diversity and inclusion are core values of SDG&E. Empowering our employees to be their whole selves at work is our competitive advantage. This is where new ideas come from and meaningful collaboration gets an authentic start. By bringing together people with different perspectives, diverse backgrounds and real commitment to their own individuality, we have built a stronger business. Learn more about our commitment to diversity and inclusion HERE.

For more information, visit SDGEnews.com or connect with SDG&E on Twitter (@SDGE), Instagram (@SDGE) and Facebook.

Primary Purpose
The Domain Architect – Cybersecurity defines overall direction of architecture for cybersecurity, aligned to business strategy and enterprise architecture. Translates strategy into blueprints and designs for the overall architecture of the company’s cybersecurity capabilities to ensure that the balance between business outcomes and security risk is maintained. As a specialist in cybersecurity, facilitates and defines IT architecture solutions to define strategy. Owns and maintains standards, patterns, and guardrails. Acts as an advisor and expert to engage with engineering and product teams to drive security framework and best practices.

Duties and Responsibilities

• Drives definition of cybersecurity standards, roadmaps, and selection of technology tools for enhanced delivery, continuous monitoring, and risk mitigation. Ensures that patterns and standards developed are consistent with desired enterprise risk posture. Works with Principal Architects to align architecture across domains and leverage opportunities for common approaches and standards. Sets architectural standards, and ensures implementation across product teams and groups, emphasizing DevSecOps practices and Continuous Integration / Continuous Delivery (CI/CD). Actively learns about new trends in industry and assesses new technology for suitability for use in respective cybersecurity architecture. Develops technology roadmaps and life-cycle strategies. Leads discovery or visioning phase to create a high-level design approach for cybersecurity solutions.
• Consults with business stakeholders, IT delivery teams, and outside vendors to integrate security architecture into roadmaps, application and system design, and information technology operations. Provides education on cybersecurity architecture, directions and goals, roadmaps, and architectural standards. Works holistically across enterprise, defines and aligns governance, controls, and guardrails for architecture standards to support teams’ understanding of enterprise expectations. Provides guardrails to delivery teams, to adopt new patterns, technology tools, and standards related to cybersecurity and risk management. Consults with agile teams to address design decisions. Closely partners with and mentors other technology professionals.
• Defines a cybersecurity architecture that optimizes for enterprise risk reduction, resilience, scalability, performance and availability, focused on continuous monitoring and DevSecOps practices. Solves unique and complex cybersecurity problems that have a broad impact, assisting the business and other architects ensuring that risks and vulnerabilities in solution designs are identified and addressed.
• Drives incremental value creation and business agility to provide cybersecurity domain-specific input and guidance to product teams and participates in agile, scrum, or Kanban ways of working as appropriate. Mentors less experienced technology staff on best practices, procedures, and processes. Kanban is a framework used for organizing work in an agile way, focused on managing the flow of knowledge and operational work and driving continuous improvement for a team.
• Performs other duties as assigned (no more than 5% of duties).

Required Qualifications

• Bachelor’s Degree in Computer Science, Information Systems, Software Engineering, related field or equivalent training and/or experience.
• 10 years – progressive experience in cybersecurity and technology, with experience in cybersecurity architecture, working with IT, endpoint security, network security, application security, and cybersecurity process, risk assessments, and troubleshooting of systems.
• Cybersecurity Acumen – Knowledge of cybersecurity design and architecture (application, data, network, and cloud) with understanding of how systems and processes work together as aligned to business and IT imperatives
• Cybersecurity Architecture – Ability to design and create cybersecurity architecture (application, data, network, and cloud) that is aligned to business and IT imperatives across systems, applications, or software, focused on safeguarding the company’s technology environment by proactively securing the enterprise and its assets.
• Information Security – Strong understanding of the fundamentals of information security, digital privacy measures, and cybersecurity practices, and the ability to incorporate strong security practices into technology systems and applications.
• Data Security and Privacy – Ability to analyze the risks related to sensitive data loss and implementing the appropriate data protection controls, while considering compliance and business risk in concert.
• May require work outside of normal business hours and/or 24/7 response availability for system and application maintenance, enhancements, production releases and/or operational emergencies.

Preferred Qualifications

• CompTIA Security+, Global Information Assurance Certification (GIAC), Certified Information Systems Security Professionals (CISSP), or GIAC Security Essentials (GSEC).
• 10 years- experience with National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) or Risk Management Framework (RMF) such NIST 800-53.
• 3 years- 3 years progressive experience working with DevSecOps practices, including Continuous Integration / Continuous Delivery (CI/CD). Experience working across multiple security platforms, ability to influence organizational direction for industry leading security practices.
• Architecture Strategy – Knowledge of the fundamentals of architecture strategy, with a strong ability to create an enterprise architecture (application, data, and technical) that is aligned to business and IT imperatives. Advanced
• Communication for Technical Leadership – Ability to communicate technical ideas and strategies effectively to non-technical audiences, including executive leadership, via multiple mediums (e.g., written communications, verbal communications, presentations, etc.).
• DevSecOps Practices – Strong understanding of automation and security concepts and processes (e.g., test automation, code coverage, DevSecOps, Continuous Integration / Continuous Delivery (CI/CD) pipelines, etc.), and ability to drive the integration of development, operations, and security into enterprise software development.
• Packaged Platform / Systems – Knowledge of technologies and Packaged Platform/Systems including SAP S/4 HANA, IBM, Oracle, Public Cloud services, GIS, etc.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.

Note: SDG&E strives to ensure that employees are paid equitably and competitively. Starting salaries may vary based on factors such as relevant experience, qualifications, and education.

SDG&E offers a competitive total rewards package that goes beyond base salary. This position is eligible for an annual performance-based incentive (bonus) as well as other merit-based recognition. Company benefits include health and welfare (medical, dental, vision), employer contributions to retirement benefits, life insurance, paid time off, as well as other company offerings such as tuition reimbursement, paid parental leave, and employee assistance programs.