Lead Cybersecurity Engineer

Company Summary Statement

As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation. PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid. We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve. PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today.

Overview

The Cybersecurity organization advances the overall state of security at PPL through critical initiatives and coordination of large security and customer-focused projects. The organization builds and procures technologies, tools, and processes to better enable teams at PPL to develop secure platforms and protect data and systems with appropriate security controls. IT Cybersecurity also develops systems to monitor and respond to attacks against our systems, provides educational awareness to the corporation on security best practices, and ensures data sharing relationships with third parties securely protect PPL information.

PPL is seeking a highly skilled Data Protection Lead Engineer to join our Cybersecurity organization. In this role, you will work closely within our engineering team as well as cross functionally with other teams within Information Technology to ensure PPL’s data is secure. You will have direct responsibility for the usage, monitoring, and maintenance of the cyber technology used for data security purposes to ensure data is being identified and classified, solution configurations are set up in accordance with expectations, and data is being protected. If you are passionate about setting up data security infrastructure, completing assessments to identify vulnerabilities, working on a team to respond and mitigate the risk, this position is ideal for you. #LI-Hybrid

Responsibilities

• Develop and maintain policies, procedures, and/or standards for data protection activities.

• Configure and manage data protection and monitoring tools to identify both security and operational related issues

• Integrate data protection techniques within existing infrastructure and data flows.

• Create and/or Improve Data Flow Mapping and System Interface Tracking in conjunction with the Product Development and Enterprise Architecture teams.

• Maintain and support data security infrastructure (e.g. application, database, server, etc)

• Implement data protection measurements and standards within cloud environments, including Cloud Access Security Broker (CASB).

• Complete security assessments to identify data vulnerabilities and establish remediation/mitigation processes.

• Integrate data protection measures into the software development pipeline using secure software development lifecycle processes.

• Ensure compliance with relevant data privacy regulations, if applicable.

• Collaborate with cross-functional teams to establish and/or advance data governance, data dictionary, and data quality controls and monitoring processes.

• Identify and apply strategies to optimize resource utilization and minimize cost

• All other duties and projects as assigned.

Qualifications

Education

• Bachelor’s degree in Computer Science, Information Security, and/or a related field or an equivalent level of work related experience.

Experience

• A minimum of 7+ years of cybersecurity experience in data governance, data security, and/or data protection

• Background in data engineering and is familiar with one or more cloud-based data solutions/frameworks such as DataBricks, Spark, or Snowflake

• Experience in establishing data security governance and establishing applicable policies, procedures, and/or standards.

• Expertise with data security and classification tools

• Experience in developing data flow mapping

• Strong understanding of cloud security and data protection in cloud environments

• Understanding of data privacy regulations and compliance frameworks

• Experience in participating in Incident Response activities and exercises

• Experience in conducting investigations and communicating results to management

• Strong leadership, communication, and interpersonal skills

• Collaborative and effective in cross-function team environments

• Strong analytical skills to assess risks and vulnerabilities in complex systems.

Preferred Qualifications

• Certification in Cybersecurity or data privacy (e.g., CISSP, CISM, CDPSE, CIPP).

• Experience working in Agile teams and have knowledge of Agile principles and practices.

• Experience utilizing the Scaled Agile Framework (SAFe)

• Working knowledge in one or more of emerging technologies (e.g., Microservices, DevOps, Multi-Cloud technologies, IoT, Intelligent Automation, RPA, Test automation, artificial intelligence, etc.)

• Proficiency in scripting and automation for security testing.

Education

• Bachelor’s degree in Computer Science, Information Security, and/or a related field or an equivalent level of work related experience.

Experience

• A minimum of 7+ years of cybersecurity experience in data governance, data security, and/or data protection

• Background in data engineering and is familiar with one or more cloud-based data solutions/frameworks such as DataBricks, Spark, or Snowflake

• Experience in establishing data security governance and establishing applicable policies, procedures, and/or standards.

• Expertise with data security and classification tools

• Experience in developing data flow mapping

• Strong understanding of cloud security and data protection in cloud environments

• Understanding of data privacy regulations and compliance frameworks

• Experience in participating in Incident Response activities and exercises

• Experience in conducting investigations and communicating results to management

• Strong leadership, communication, and interpersonal skills

• Collaborative and effective in cross-function team environments

• Strong analytical skills to assess risks and vulnerabilities in complex systems.

Preferred Qualifications

• Certification in Cybersecurity or data privacy (e.g., CISSP, CISM, CDPSE, CIPP).

• Experience working in Agile teams and have knowledge of Agile principles and practices.

• Experience utilizing the Scaled Agile Framework (SAFe)

• Working knowledge in one or more of emerging technologies (e.g., Microservices, DevOps, Multi-Cloud technologies, IoT, Intelligent Automation, RPA, Test automation, artificial intelligence, etc.)

• Proficiency in scripting and automation for security testing.

• Develop and maintain policies, procedures, and/or standards for data protection activities.

• Configure and manage data protection and monitoring tools to identify both security and operational related issues

• Integrate data protection techniques within existing infrastructure and data flows.

• Create and/or Improve Data Flow Mapping and System Interface Tracking in conjunction with the Product Development and Enterprise Architecture teams.

• Maintain and support data security infrastructure (e.g. application, database, server, etc)

• Implement data protection measurements and standards within cloud environments, including Cloud Access Security Broker (CASB).

• Complete security assessments to identify data vulnerabilities and establish remediation/mitigation processes.

• Integrate data protection measures into the software development pipeline using secure software development lifecycle processes.

• Ensure compliance with relevant data privacy regulations, if applicable.

• Collaborate with cross-functional teams to establish and/or advance data governance, data dictionary, and data quality controls and monitoring processes.

• Identify and apply strategies to optimize resource utilization and minimize cost

• All other duties and projects as assigned.

Remote Work

The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both. Assigned work location may change. In the case of remote work, physical presence in the office/on-site may be required to engage in face-to-face interaction and coordination of work among direct reports and co-workers.

Equal Employment Opportunity

Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.