Company Summary Statement

As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation. PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid. We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve. PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today.

Overview

PLEASE NOTE THIS ROLE IS HYBRID - IN OFFICE 3 DAYS A WEEK - TO ONE OF OUR LOCAL OFFICES IN: ALLENTOWN, PA; LOUISVILLE, KY OR PROVIDENCE, RI

PPL is looking for a Product Cybersecurity Lead to work closely with the Product, Architect and Engineering, and IT (Information Technology) Operations teams, acting as a Security Subject Matter Expert (SME) by providing technical advisory support to understand threats and vulnerabilities that might affect PPL products. The Product Cybersecurity Lead will work across teams to drive the adoption of cybersecurity through the entire lifecycle of product development in the organization to implement features according to product road maps. The ideal candidate for this role will be multi-disciplinary, blending their technical knowledge and cybersecurity acumen together to help protect PPLs product landscape. It will be key that the candidate for this role is a self-starter, organized, and willing to learn new technology.

This role will report to the Product Cybersecurity Manager.

LI-hy #INDPPL

Responsibilities

• Defines common security infrastructure configuration based on global industry security standards, such as NERC CIP, TSA, SOX, NIST (National Institute of Standards and Technology), and others, for PPLs products.

• Mentors and trains PPL teams on best practices and industry standards for secure software development, secure system architecture and design, and testing techniques to protect PPLs products and data.

• Drives the identification of vulnerability risk and remediation efforts, manage responses, and guide teams through the implementation of fixes for PPLs products.

• Facilitates secure design reviews and threat modeling of services and applications that tie to the risk and data associated with the service or application of PPLs products or third-party solution providers.

• Works across teams to establish a Scaled Agile Framework (SAFe) secure-by-design product development practice that prioritizes security from design to deployment and onwards.

• Supports assessments of critical security controls for the PPLs products and lead remediation of security gaps

• Defines and communicates product risk to all levels of the organization so that security stories and backlog can be properly prioritized alongside features and business needs.

• Stay current on industry cyber trends by monitoring news, reading standards, attending cyber conferences, etc.

• Establish a strong cybersecurity brand with Value Streams and the business.

Qualifications

Basic Qualifications

• Bachelor’s degree in computer science, information systems, cybersecurity or related degree and 5+ years of related work experience or 7+ years of related work experience without a degree.

• Possess an understanding of concepts related to information systems, information security, general IT controls, application controls, and technology risks.

• Experience in leading development teams and working with Agile methodologies.

• Knowledge of secure infrastructure architectures, application architectures, web applications, encryption, Cloud Security, and broader security technologies.

• Can explain complex security concepts and issues and their impacts to several different stakeholders.

• Familiarity with common product Security processes (Risk assessment, threat modeling, etc.)

• Good understanding of common vulnerabilities and attack vectors.

Preferred Qualifications

• Technology or Risk certifications: CASP, CISSP, CISA, CISM, CRISC etc.

• 2+ years of experience working with a Product Security team.

• Experience integrating security into products.

• Experience with secure product development and secure development lifecycles

• A track record of improving the security posture of complex SaaS products.

• Familiary with security automation in DevSecOps environment and CI/CD pipelines.

• Hands-on experience with security tooling such as SAST, DAST, and container security.

Basic Qualifications

• Bachelor’s degree in computer science, information systems, cybersecurity or related degree and 5+ years of related work experience or 7+ years of related work experience without a degree.

• Possess an understanding of concepts related to information systems, information security, general IT controls, application controls, and technology risks.

• Experience in leading development teams and working with Agile methodologies.

• Knowledge of secure infrastructure architectures, application architectures, web applications, encryption, Cloud Security, and broader security technologies.

• Can explain complex security concepts and issues and their impacts to several different stakeholders.

• Familiarity with common product Security processes (Risk assessment, threat modeling, etc.)

• Good understanding of common vulnerabilities and attack vectors.

Preferred Qualifications

• Technology or Risk certifications: CASP, CISSP, CISA, CISM, CRISC etc.

• 2+ years of experience working with a Product Security team.

• Experience integrating security into products.

• Experience with secure product development and secure development lifecycles

• A track record of improving the security posture of complex SaaS products.

• Familiary with security automation in DevSecOps environment and CI/CD pipelines.

• Hands-on experience with security tooling such as SAST, DAST, and container security.

• Defines common security infrastructure configuration based on global industry security standards, such as NERC CIP, TSA, SOX, NIST (National Institute of Standards and Technology), and others, for PPLs products.

• Mentors and trains PPL teams on best practices and industry standards for secure software development, secure system architecture and design, and testing techniques to protect PPLs products and data.

• Drives the identification of vulnerability risk and remediation efforts, manage responses, and guide teams through the implementation of fixes for PPLs products.

• Facilitates secure design reviews and threat modeling of services and applications that tie to the risk and data associated with the service or application of PPLs products or third-party solution providers.

• Works across teams to establish a Scaled Agile Framework (SAFe) secure-by-design product development practice that prioritizes security from design to deployment and onwards.

• Supports assessments of critical security controls for the PPLs products and lead remediation of security gaps

• Defines and communicates product risk to all levels of the organization so that security stories and backlog can be properly prioritized alongside features and business needs.

• Stay current on industry cyber trends by monitoring news, reading standards, attending cyber conferences, etc.

• Establish a strong cybersecurity brand with Value Streams and the business.

Remote Work

The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both. Assigned work location may change. In the case of remote work, physical presence in the office/on-site may be required to engage in face-to-face interaction and coordination of work among direct reports and co-workers.

Equal Employment Opportunity

Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.