Sempra: Where opportunity powers impact

At Sempra, we tackle the biggest energy challenges that face ourindustry. Our high-performing team leverages the full capabilities ofour organization to serve 40 million consumers across NorthAmerica. By collaborating and challenging one another acrossmultiple disciplines, we inspire our best work, ideas andinnovation. From increasing liquified natural gas (LNG) capacitiesto reducing carbon emissions to helping people prepare for therealities of climate change, we are committed to building a betterenergy future for all.

Primary Purpose

The Senior Cybersecurity Specialist runs cybersecurity capabilities and technologies with a core emphasis on Cybersecurity awareness and training. Develops, facilitates, implements, and communicates to the corporate audience Information Security goals, policies, and procedures to minimize security risks to the Company. Develops companywide awareness messaging regarding Information Security best practices with respect to business activities and security threat alerts. Advances Information Security and business operations. Leads information security awareness planning, including the development of corporate wide annual Information Security training and an annual communications and corporate outreach plan. Assesses and evaluates on an ongoing basis the
effectiveness of the awareness program against corporate and the Information Security goals. Works closely with IT and organizational leaders and technical experts, on a wide variety of security issues that require an in-depth understanding of the respective organizations, their practice and processes associated with security and information handling. Develop and/or maintain a Cybersecurity Advocacy group. Ability to work with technical vendors/partners from contract to implementation to that contribute to a successful Cybersecurity Awareness program. Develop companywide Cybersecurity events including booking of speakers, audio/visual, catering options and content. Proficiency in or the ability to learn to create/develop and execute Phishing campaigns for all employees as well as create & monitor Cybersecurity Risk-related data analytics & metrics and create data visualizations and reporting. Proficiency in the following tools(desired): Phish Alarm, Phish Analyzer, Proofpoint/Wombat, BOT (automation process) and SharePoint.

Duties and Responsibilities

• Develop strategies to reduce corporate risk by creating and implementing company-wide information security awareness and information security training programs, including the development of an annual Security Awareness Plan.
• Raise the general level of awareness of information security by providing ongoing outreach using all company communications methods (i.e., articles, town hall and lunch and learn events, presentations to employees, etc.), issue cybersecurity alerts as needed, and train employees in more depth on information
  security concepts by developing a corporate wide employee training program that consists of a web-based training module deployed annually. Create and execute monthly phishing campaigns. Produce monthly data/metrics driven phishing reports.
• Provide advanced support for area of responsibility by using knowledge of both Information Security concepts, communications and awareness concepts, overall corporate business goals as well as senior management Information Security goals.
• Foster growth in security awareness by investigating, researching and identifying new awareness areas for the program in order to enhance the company security practices with the goal of minimizing the overall security risk to the company; provide guidance and training to and act as a mentor for junior members of
  the team. Perform documentation review and enhancement, including the review Information Security team materials for external presentations and speaking engagements. Assist in monthly employee reward t-shirt mailing program.
• Performs other duties as required.