Pacific Gas & Electric Company Principal Privacy Specialist, San Francisco, CA in San Francisco, California

Requisition ID # 17110

Job Category : Compliance / Risk / Quality Assurance

Job Level : Manager/Principal

Business Unit: Customer Care and CRE

Job Location : San Francisco


Based in San Francisco, Pacific Gas and Electric Company, a subsidiary of PG&E Corporation (NYSE:PCG), is one of the largest combined natural gas and electric utilities in the United States. And we deliver some of the nation's cleanest energy to our customers in Northern and Central California. For PG&E, Together, Building a Better California is not just a slogan. It's the very core of our mission and the scale by which we measure our success. We know that the nearly 16 million people who do business with our company count on our more than 24,000 employees for far more than the delivery of utility services. They, along with every citizen of the state we call home, also expect PG&E to help improve their quality of life, the economic vitality of their communities, and the prospect for a better future fueled by clean, safe, reliable and affordable energy.

Pacific Gas and Electric Company is an Affirmative Action and Equal Employment Opportunity employer that actively pursues and hires a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, sex, age, religion, physical or mental disability status, medical condition, protected veteran status, marital status, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic information or any other factor that is not related to the job.

Department Overview

In Customer Care we are focused on delivering the desired customer experience for each of our customers. Everything we do starts with the customer and our information about the customer. That information is collected and managed by our Customer Experience Strategy group. Each of our organizations, though completely dependent upon each other, are the experts in their area and will further drive PG&Es alignment around the customer.

The Customer Care Regulatory Policy & Compliance team is a Customer Care department that is responsible for regulatory policy and strategy across Customer Care and, in some instances, across PG&E overall. Key functional groups include Risk & Compliance, General Rate Case (GRC), Privacy, Tariff Interpretation, Records and Project Management, and Regulatory Policy.

Position Summary

This position is in the Privacy team and provides subject-matter guidance and support to the enterprise to ensure the understanding of risks, threats, appropriate controls, effective business processes, and important strategies related to customer and employee privacy and data. The focus is on safeguarding data privacy through comprehensive privacy and data access governance, training and awareness activities, control enhancement and monitoring, risk assessments, data loss investigations, and policy development. This position will work across the enterprise to generate awareness of privacy requirements and PG&E standards, solicit input on how data is used (access, collection, storage, use, disclosure, and disposal), and provide guidance to departments during business process development and reviews. This role will support the CPO in development of executive strategies and activities designed to ensure the security of personal information.


  • Work independently to provide guidance on complex policy issues with enterprise impact, leveraging internal/external contacts to pressure test and refine solutions to mitigate risk and to drive privacy and data incident response and innovative resolution

  • Review and/or create internal and external procedures and controls for access to enterprise customer data to ensure compliance with all relevant privacy and data protection laws and contractual commitments.

  • Maintain and create internal privacy policy documents including but not limited to PG&E’s Customer Privacy Standard and other privacy-related policies, standards, and procedures.

  • Identify continuous improvement opportunities.

  • Identify and analyze relevant privacy and data protection issues including required privacy notices, regulatory filings, relevant process and infrastructure requirements, and industry trends and best practices.

  • Develop and maintain relationships with other industry professionals.

  • Work closely with the Law Department on review and negotiation of applicable privacy and data protection language for affiliate, vendor, and customer agreements.

  • Mentor developing team members.

  • Take on delegated management task to develop management skills.

  • Provide subject-matter expert guidance to department leaders.



  • Bachelor’s degree in business administration or job-related field or equivalent work experience

  • 10 years of relevant business experience, including four years of data privacy experience


  • Master’s or advanced degree

  • Privacy Professional Certification (CIPP/US; CIPP/IT; CIPM)

  • Resolution of complex regulatory and business problems

  • Prior utility or other highly regulated industry experience

  • Acts as a thought leader, applying extensive unique subject matter expertise in the development of strategy or resolution of complex issues

  • Passion for/interest in privacy/data policy/strategy

  • Experience with project management

  • Strong analytic capabilities

  • Excellent written and verbal communication skills with ability to explain complex issues in clear and concise terms

  • Superior time management, planning, and organizational skills

  • Exceptional interpersonal skills, including teamwork, facilitation and negotiation

  • Highly collaborative, with ability to work cross-functionally and possessing the ability to forge relationships and partner effectively

  • Ability to work on complex regulatory and business problems