Get Into Energy Jobs

Job Information

Sacramento Municipal Utility District Program Manager, Cybersecurity in Sacramento, California


Posting/Working Title:

Program Manager, Cybersecurity


Information Technology Security

No. of Openings:



The Program Manager, Cybersecurity applies knowledge of cybersecurity, data, information, processes, organizational interactions, skills, and analytical expertise, as well as systems, networks, and information exchange capabilities to manage vital enterprise information security programs. Executes duties governing SMUD’s information security for hardware, software, and information system procurement and other program administrative policies and management procedures. Provides direct cybersecurity support for business areas that use information technology (IT) and Operational Technology (OT), applying cybersecurity-related laws and policies, and provides cybersecurity-related guidance throughout the total system development life cycle (SDLC).

Leads, coordinates, communicates, integrates, and is accountable for the overall success of a cybersecurity program. Ensures alignment with enterprise cybersecurity program for a SMUD information system or network, cybersecurity capability, including managing information security implications within the organization, or other area of responsibility, to include strategic, personnel, infrastructure, requirements, policy enforcement, emergency planning, incident response and recovery, security awareness, and other resources.

Job Code:


Desirable Qualifications:

  • Master’s degree in a relevant area, such as business, computer science, information technology, cybersecurity, or a similar relevant degree.

  • Additional licenses or certifications: GIAC Certified Project Manager (GCPM), GIAC Critical Infrastructure Protection (GCIP), GIAC Information Security Professional (GISP), GIAC Security Essentials Certification (GSEC), GIAC Continuous Monitoring Certification (GMON), EC-Council Disaster Recovery Professional (EDRP), or EC-Council Certified Ethical Hacker (CEH).

  • 1-3 years experience in a regulatory compliance (or NERC CIP specific experience).

  • Project management experience.

Base Salary Annual Low:


Base Salary Annual High:


Selection Process:

Initial Review, Qualifications Interview, Follow-Up Interview, Reference Check, Background Check

Pay Scale Group:


Minimum Qualifications:


Bachelor’s degree in a relevant area, such as business, computer science, information technology, cybersecurity, or a similar relevant degree. OR at least 10+ years professional experience with a focus on information security capabilities: security operations, security engineering, governance, risk, and compliance.


At least seven (7) years relevant professional experience, with at least 1 year in a regulatory compliance, corporate compliance, privacy compliance or workplace safety compliance role; project management experience desirable.

Knowledge Of:

  • Knowledge of computer networking concepts and protocols, and network security methodologies.

  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.

  • Knowledge of cybersecurity and privacy principles.

  • Knowledge of cyber threats and vulnerabilities.

  • Knowledge of specific operational impacts of cybersecurity lapses.

  • Knowledge of information technology (IT) architectural concepts and frameworks.

  • Knowledge of Risk Management Framework (RMF) requirements.

  • Knowledge of resource management principles and techniques.

  • Knowledge of system life cycle management principles, including software security and usability.

  • Knowledge of supply chain risk management standards, processes, and practices.

  • Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes).

  • Knowledge of risk/threat assessment.

  • Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.

  • Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.

  • Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

  • Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems.

  • Knowledge of information technology (IT) acquisition/procurement requirements.

  • Knowledge of the acquisition/procurement life cycle process.

  • Knowledge of information security program management and project management principles and techniques.

  • Knowledge of enterprise incident response program, roles, and responsibilities.

  • Knowledge of current and emerging threats/threat vectors.

  • Knowledge of system administration, network, and operating system hardening techniques.

  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

  • Knowledge of Personally Identifiable Information (PII) data security standards.

  • Knowledge of Payment Card Industry (PCI) data security standards.

  • Knowledge of Personal Health Information (PHI) data security standards.

  • Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.

Skill To:

  • Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.

  • Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.

  • Skill in creating policies that reflect system security objectives.

  • Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

  • Skill in evaluating the trustworthiness of the supplier and/or product.


Certified Information Systems Security Professional (CISSP) or Associate CISSP, Certified Information Security Manager (CISM), or GIAC Security Leadership Certification (GSLC).

Position Type:

Regular - Full Time

Physical Requirements:

Applicants must be able to perform the essential job functions with or without a reasonable accommodation.

Major Duties & Responsibilities:

  • Develop and maintain strategic plans.

  • Develop methods to monitor and measure risk, compliance, and assurance efforts.

  • Perform needs analysis to determine opportunities for new and improved business process solutions.

  • Resolve conflicts in laws, regulations, policies, standards, or procedures.

  • Review or conduct audits of information technology (IT) programs and projects.

  • Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.

  • Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.

  • Identify alternative information security strategies to address organizational security objective.

  • Identify information technology (IT) security program implications of new technologies or technology upgrades.

  • Interface with external organizations (e.g., public affairs, law enforcement) to ensure appropriate and accurate dissemination of incident and other computer network defense information.

  • Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program.

  • Oversee the information security training and awareness program.

  • Participate in the development or modification of the cybersecurity program plans and requirements.

  • Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.

  • Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.

  • Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.

  • Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.

  • Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.

  • Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.

  • Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.

  • Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).

  • Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.

  • Forecast ongoing service demands and ensure that security assumptions are reviewed as necessary.

  • Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.

  • Develop contract language to ensure supply chain, system, network, and operational security are met.

  • Gather feedback on internal and external business unit satisfaction and internal service performance to foster continual improvement.

  • Manage the internal relationship with information technology (IT) process owners.

  • Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.

  • Lead and/or oversee budget, staffing, and contracting.

Additional Posting Info for Candidate:

Sacramento Municipal Utility District (SMUD) - Who We Are

As the nation's sixth-largest community-owned electric service provider, we're proud of our reputation as one of the best places to work in Sacramento. Our employees tell us in our engagement surveys they're "Happy, satisfied and engaged" which helps create a workplace that best serves our customers.

Sacramento was named as the 2nd happiest place to work in America by Forbes Magazine. Lake Tahoe, San Francisco and the world-renowned Napa Valley are within easy driving distance of our locations.

Our Commitment to Diversity & Inclusion

SMUD respects, values and celebrates the unique attributes, characteristics and perspectives that make each person who they are. Diversity and inclusion are guiding principles to deliver a culture that reflects the broader values of the community and our customers. Our Board's policy for Employee Relation sets our commitment to developing and maintaining a high quality, inclusive workplace that engages and inspires employees to commit to SMUD's purpose, vision and values.

SMUD is committed to ensuring we're a workplace where diversity, equity and inclusion (DE&I), are part of who we are and how we do things. Supporting efforts that promote pay equality is part of that. Salary placement for the selected candidate will be determined in alignment with the California Equal Pay Act.

Why Sacramento, California?

The capitol of California, Sacramento is the state's sixth-largest city, and the 35th largest in the U.S. Local universities include California State University, University of the Pacific's McGeorge School of Law, and the University of California, Davis and several competitive community colleges. The UC Davis Medical Center, a world-renowned research hospital, is one of more than a dozen hospitals and shared services centers in the Sacramento region. Part of the agriculturally-rich Central Valley, Sacramento is at the forefront of the farm-to-fork food movement. Northern California is home to some of the country's top technology companies, including Google and LinkedIn, and a multitude of startups in many industries. Sacramento is home to the NBA Kings, the River Cats (AAA baseball), the Republic FC (soccer) and the San Francisco Giants, NBA Warriors and NFL 49er's aren't far away. Sacramento offers an affluent liberal arts community with Broadway, Mondavi Center, Crocker Museum and summer musical theater to name a few.


SMUD’s Cybersecurity employees are a team of innovative professionals with a passion for doing what SMUD does best - keeping the lights on for our community, and we’re looking for people who want to come operate in an inclusive atmosphere where collaboration and continuous improvement are our core to how we operate.

The Program Manager position in the Governance, Risk & Compliance space will help support staff, as well as formalize and mature programs aligned to the cybersecurity GRC team. Capabilities of the team include Cybersecurity Risk, Compliance, Policy, Privacy, and Awareness Training & Education.