Global Cybersecurity GRC Manager

Requisition Number: 27563

UGI Corporation (NYSE: UGI)

is a holding company that distributes and markets energy products and services through our subsidiaries and the company’s common stock is a balanced growth and income investment. UGI Corporation has paid common dividends for more than 135 consecutive years.

In addition to a challenging career and competitive compensation, our employees enjoy:

Generous and Family-friendly Health & Welfare Benefits Including:

- Medical, Vision, and Dental Plans

- Optional Health Savings Account

- Optional Dependent Care Savings Account

- Paid Maternity/Paternity Leave

- Work from home policy

- Employee Assistance Program

Additional Benefits Include:

- 401K with a generous company match

- Tuition Reimbursement

- Assistance with Professional Credentialing

- Referral Bonuses

- Employee Discount Programs

Job Summary

This position is a leadership position reporting to the CISO. The Global Cybersecurity Governance Risk & Compliance Manager role is responsible for growth and execution of the enterprise, wide UGI Information Security Governance & Risk Program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected through governance processes and adequate risk assessments. This hands-on role is also responsible for

identifying, evaluating, and reporting on cybersecurity risk for information assets, while supporting and advancing business objectives through qualitative and quantitative metrics, third party relationship due diligence, and mergers and acquisitions.

Duties and Responsibilities

 Govern the global information security program to ensure adequate controls are in place to

protect the confidentiality, integrity and availability of information owned, controlled or

processed by the Company via company policies and standards.

 Manage a global security compliance program based on UGI standards, industry standards,

applicable regulatory and compliance requirements (e.g., FISMA, PCI, SOX, GDPR,

CCPA,PUC, etc.).

 Accountable for reporting out the cybersecurity compliance of the company through

monthly metrics.

 Advise the CISO on emerging risks and trends developing within the company from metrics

and security exceptions and other forms of communications

 Accountable for tracking all third-party breaches and remediations that are not directly

supported by UGI’s technology team.

 Oversee technical assessments and processes of the effectiveness and design of

cybersecurity controls, including, application security controls, vendor security reviews,

security exceptions, mergers & acquisitions, technology projects, identity access

management, data loss prevention and artificial intelligence activities.

 Collaborate with key stakeholders (i.e. Information Technology, Cybersecurity Risk

Manager, Legal, HR , Procurement, etc.) regarding the development, implementation and

sustainability of programs that support the governance, risk and compliance processes.

 Lead the identification and development of talent and for managing performance to ensure

goals and objectives are met or exceeded.

 Ability to develop a mentoring culture with both experienced team members and junior staff

 Consistently measuring GRC talent performance to identify strengths and opportunities

through qualitative and quantitative metrics.

 Ensuring a continuous improvement process is embedded in the teams’ practices to further

advance the GRC program.

 Develop external relationships to keep a pulse on what is happening in the industry.

Knowledge, Skills And Abilities

This position requires keen external focus and avid learning given the rapid pace of change

globally.

 Resourcefulness, good judgment, persistence, the ability to influence others and strong

executive presence are some of the qualities of a successful candidate.

 Experience working with a diverse set of stakeholders across complex and diverse

organizational structures.

 Prior managerial experience leading security or compliance teams is required.

 Experience in energy, financial or other regulated industries is preferred.

 Bachelor’s degree in Computer Science, Information Systems, Cyber Security or

Information Technology.

 Master’s Degree (Preferred): in Cybersecurity, Risk Management or Business

Administration (MBA) with a Cyber or Risk focus can provide a deeper understanding of

strategic management and leadership.

 One or more Industry-standard security certifications (such as CISSP, CISM, CISA, CRISC)

is preferred.

 Experience working with a diverse set of stakeholders, including international across

complex and diverse organizational structures.

 Experience using various frameworks such as NIST, ISO/IEC 27000, NERC-CIP, FAIR, CSA,

COBIT, COSO, OCTAVE, PCI 27000 series, ITIL, COBIT.

Education and Experience

Bachelor’s degree in Computer Science, Information Systems, Cyber Security or Information Technology.

Master’s Degree (Preferred): in Cybersecurity, Risk Management or Business Administration (MBA) with a Cyber or Risk focus can provide a deeper understanding of strategic management and leadership.

One or more Industry-standard security certifications (such as CISSP, CISM, CISA, CRISC) is preferred.

Experience working with a diverse set of stakeholders across complex and diverse organizational structures.

Experience using various risk management frameworks such as NIST, ISO/IEC 27000, FISMA, FAIR, CSA, COBIT, COSO, OCTAVE, PCI 27000 series, ITIL, COBIT, NIST Cybersecurity.

Experience In Energy, Financial Or Other Regulated Industries.

Prior managerial experience leading security or compliance teams is a plus.

All offers of employment are contingent upon the successful completion of a background check and drug screen, subject to applicable laws and regulations.

UGI Corporation is an Equal Opportunity Employer. The Company does not discriminate on the basis of race, color, sex, national origin, disability, age, gender identity, sexual orientation, veteran status, or any other legally protected class in its practices.