Manager, Information & Cybersecurity Strategy

Sempra: Where Opportunity Powers Impact

At Sempra, a better world begins with better energy—and with people who want to make a difference. That's why we're tackling the biggest challenges facing our industry while building a high-performance culture where you can do your best work. Together, our teams support nearly 40 million consumers across the U.S., strengthening the communities we serve and creating impact that extends far beyond the workplace. Here, collaboration, inclusivity and shared purpose empowers you to grow your passion, build a rewarding career and contribute to something bigger—helping shape a better energy future for all.

Primary Purpose

This position manages a section or multiple related sections and translates cyber security strategy into executable plans across products or platforms. It balances risk reduction, service quality, and cost by selecting appropriate controls, metrics, and supplier arrangements, and by aligning teams to an operating model that supports business outcomes. The Information & Cybersecurity Governance team establishes and advances the organization's cybersecurity governance framework: bridging strategy and business operations to quantify risk, translate it into executive-ready intelligence, drive policy adoption, enable integrated risk management, and equip operational teams for real-time risk decisions. This team focuses on governance, risk visibility, and cross-functional coordination.

Duties and Responsibilities

• Cybersecurity Risk Reporting & Governance - Structures and delivers enterprise-wide cyber risk reporting for executive leadership and the board; maintaining governance forums and decision-support mechanisms that enable leadership visibility into risk posture and decision making.
• Policy & Standards Development - Authors, deploys, and maintains cybersecurity policies, standards, and procedures aligned with regulatory requirements, industry frameworks, and organizational risk appetite.
• Policy Exception Management - Administers policy exception process, including intake, risk-based evaluation, approval workflows, and tracking through resolution or acceptance.
• Compliance & Cross-Functional Coordination - Partners with operational cyber teams, IT, legal, compliance, safety, audit, supply management, and business stakeholders to ensure cybersecurity governance requirements are integrated into enterprise processes and regulatory obligations are met.
• Integrated Risk Management (IRM) Platform Execution - Drives the evolution and operational effectiveness of enterprise IRM platforms (e.g., ServiceNow) to enable risk reporting, issue tracking, remediation management, and policy exception facilitation.
• Maturity Assessment & Executive Exercises - Plans and executes cybersecurity maturity assessments and executive-level tabletop exercises to evaluate organizational preparedness and identify capability gaps.
• Tool & Process Optimization - Continuously evaluates, streamlines, and enhances cybersecurity governance tools, platforms, and workflows to improve operational efficiency, reduce manual effort, eliminate redundancy, and accelerate program delivery. This includes identifying automation opportunities, rationalizing toolsets, and ensuring governance processes scale effectively with organizational growth and evolving threat landscapes.
• People Management & Team Development - Directly manages a team of professionals responsible for executing cybersecurity governance programs. This includes workforce planning, performance management, coaching and mentorship, workload balancing, succession planning, and fostering a culture of accountability and professional growth.
• Performs other duties as assigned.

Education

• Typically requires a 4-year degree in a relevant field, or equivalent combination of relevant education and experience.
• Bachelor's degree in Information Security, Cybersecurity, Computer Science, Information Technology, Information Systems, or a closely related discipline is preferred.

Experience

• Typically requires 8 years of related experience.
• Must reside in Southern California or be willing to relocate upon hire.

Preferred Experience

• 8+ years in cybersecurity governance, risk, or compliance with 3+ years managing teams.
• Proven ability leading enterprise risk reporting, policy enablement, IRM platform execution, and executive tabletop exercises.
• Experience engaging executive and board-level stakeholders.
• Experience in a regulated industry.

Skills and Abilities

Required skills and abilities:

• Project Lifecycle Execution – Demonstrates the ability to plan, monitor, and deliver IT projects across initiation, planning, execution, and closure while adhering to defined scope, schedule, and budget.
• Technical Requirements Analysis – Interprets business needs, system interdependencies, and technology constraints to produce actionable project requirements and translate them for technical and non-technical audiences.
• Agile Delivery Practices – Applies Scrum, Kanban, or hybrid Agile methods to manage backlogs, facilitate ceremonies, track progress, and ensure iterative delivery aligned with stakeholder expectations.
• Risk and Issue Management – Identifies, analyzes, and mitigates project risks and issues by developing contingency plans, escalating when necessary, and tracking resolution through completion.
• Stakeholder Alignment – Builds and maintains constructive relationships with sponsors, cross-functional teams, customers, and vendors, ensuring clarity of expectations, consistent communication, and shared understanding of project goals.
• Resource and Capacity Coordination – Allocates and balances resources effectively across project phases by evaluating workload, identifying constraints, and securing needed support to maintain project momentum.
• Performance Tracking and Reporting – Develops and maintains dashboards, status reports, and project metrics that provide accurate visibility into progress, risks, dependencies, and outcomes for diverse audiences.
• Change Control Governance – Implements structured change-management processes, evaluates impacts on schedule and scope, and gains approvals before integrating changes into project baselines.
• Vendor and Third-Party Coordination – Oversees supplier deliverables, ensures compliance with service agreements, and maintains alignment between internal teams and external partners throughout the project timeline.
• Continuous Improvement Mindset – Analyzes project outcomes, identifies recurring challenges, proposes enhancements to processes, and contributes to organizational learning through post-implementation reviews.

Licenses

• CISSP, CISM, or CRISC is preferred.