Hybrid Cybersecurity Senior Advisor: Risk & Remediation Lead

Join the Clean Energy Revolution

Become a Cybersecurity Senior Advisor at Southern California Edison (SCE). In this role, you’ll lead deep, hands‑on risk assessments across enterprise technology and critical operational environments (IT/OT). You’ll identify priority systems and threat scenarios, validate control effectiveness, and translate findings into practical risk treatment plans with clear owners and measurable outcomes. Exposure Team members collaborate with internal teams and trusted third parties to drive remediation through to closure and ensure risk is continuously managed.

• Partner with infrastructure teams to perform threat modelling and attack‑path analysis, recommending concrete platform and network changes (segmentation, identity controls, hardening, logging) that close gaps and reduce exposure.
• Lead deep‑dive cybersecurity assessments with IT and Quality partners: validate controls, perform vulnerability discovery and prioritization, review configuration baselines, and drive risk treatment plans; support investigations and root‑cause analysis for security incidents and policy violations.
• Drive delivery of complex security initiatives from design through rollout, defining success metrics, managing technical risks and dependencies, and coordinating internal teams and vendors to deliver on time.
• Define and maintain secure‑by‑default baselines across on‑prem and cloud environments, implementing hardening standards, access controls, key/secret handling, and automated guardrails to support repeatable secure build and deployment practices.
• Create and maintain hardened system profiles and compliance mappings, tracking posture, drift, and remediation progress across enterprise platforms.
• Establish repeatable assessment, evidence, and exception‑handling methods aligned to information security standards and regulatory requirements, ensuring findings translate into actionable remediation backlogs with clear owners and timelines.

• Lead cybersecurity project delivery by ensuring the team delivers on success criteria, addressing project issues and risks, and building commitment with delivery teams and external partners.
• Design, implement and maintain a secure posture and baseline across all components of the organization on‑premises and cloud IT environments, employing recognized security engineering practices and supporting secure build processes.
• Collaborate with IT and Quality teams to assess, remediate, and prevent information technology risks.
• Ensure that new and existing security applications and systems are integrated during implementations, updates, and patching.
• Collaborate with external managed security solution providers to enhance security solutions and reduce malicious activity.
• Work with the infrastructure team and security architect to analyze security threats and recommend technical changes.
• Shape procedures and methods for auditing and addressing risk and non‑compliance to information security standards.
• Build strong relationships with senior leaders and stakeholders to align security engagement with business priorities.
• Ensure the protection of all physical, financial, and cybersecurity assets and maintain the highest standards of conduct and integrity.

• Ten or more years of experience in information technology, information security and/or cybersecurity.
• US citizenship required.

• Bachelor’s degree in Engineering, Information Technology, Cybersecurity, Environmental or Physical Sciences, Business or related discipline.
• Familiarity with security frameworks (e.g., NIST CSF, NIST 800‑53, ISO 27001) and translating requirements into implementable controls and evidence.
• Hands‑on security assessment experience across enterprise environments (on‑prem + cloud) including control validation, configuration review, penetration testing, code review, and/or vulnerability triage.
• Relevant security certifications (CISSP, GSEC, GICSP, or others).
• Strong OS and network fundamentals (Windows/Linux internals, TCP/IP, DNS, PKI/TLS) applied to troubleshooting and security analysis.
• Operational Technology exposure (industrial…