Requisition ID # 163613
Job Category: Legal
Job Level: Attorney
Business Unit: Gen Counsel, Ethics, Risk & Compliance
Work Type: Hybrid
Job Location: Oakland; Washington D.C.
Department Overview
PG&E’s Law Department provides timely, efficient and business-focused legal services to the company. The Strategic Transactions and Customer Care (STACC) legal team provides regulatory, transactional and strategic support across a broad spectrum of matters, including (1) transactions pertaining to sourcing, energy procurement, and real estate; (2) customer issues; (3); cybersecurity, privacy and Artificial Intelligence (AI) issues; and (4) municipalization matters.
Position Summary
This is an exciting role that encompasses numerous responsibilities across the areas of cyber security, privacy, AI, and data management. The Senior Counsel (Cybersecurity, Privacy, and AI) will report to the Managing Counsel for STACC and will work primarily in the areas of cybersecurity, privacy, and AI. The Senior Counsel will be responsible for providing legal advice and representation to clients in various aspects of the company’s cybersecurity, privacy, AI, and data practices.
Reporting Relationship
Reports into the Managing Counsel – STACC.
Job Responsibilities

Cyber Security
Compliance and Risk-Management: Provide legal support regarding development of, maintenance of, and compliance with information security and information technology standards, policies, and procedures; and support the company’s NIST Cybersecurity Framework maturity model development. Assist in managing cybersecurity legal risk(s) in sourcing, utility transactions, regulatory proceedings, and with respect to critical infrastructure, including compliance with relevant state and federal energy regulations from such regulators as FERC, NERC, NRC, SEC and CPUC. Develop cross-functional cybersecurity risk management processes and policies involving third parties, including vendors, contractors, and regulators. Law Enforcement Engagement: Coordinate with law enforcement and intelligence community on cybersecurity risks and incident response. Incident Response: Support cybersecurity incident preparedness and response, including providing legal review and input on incident response policy development and management, table-top and functional exercises, and live incident response. Client Support: Lead and coordinate with key clients on cybersecurity incident disclosure obligations. Provide advice and counsel to clients, management and project teams on legal issues, as well as on federal and state policy, compliance and strategic matters Privacy