Cyber Security Architect

Primary Functions:

• Develop, plan and maintain an enterprise cybersecurity risk management architecture that supports Client's cybersecurity and while enabling business strategy.
• Partner with leadership to design the framework and guidelines to ensure data privacy and compliance.
• Participate in the development of a comprehensive cybersecurity strategy, with a focus on risk management, threat detection, and incident response.
• Create procedures and guidance for security risk assessments, testing, and vulnerability scanning to identify and address potential threats.
• Ensure that procedural framework for governance is in compliance with regulatory requirements.
• Work with applicable stakeholders to ensure business alignment of the enterprise cybersecurity controls with the business objectives.
• Define and document relationships between the components on the different architecture layers, providing traceability and justification.
• Collaborate with IT Security to successfully blend Information Security Management and Enterprise Risk Management.
• Identify key risks areas and recommends strategies to address and monitor risk.
• Partner with leadership on Risk Assessment, Business Impact Analysis, and Risk Mitigation activities.
• Interview leadership and other stakeholders to determine appropriate risk appetite to ensure risk management processes and plans are in line with Client's risk appetite.
• Maintain and monitor the Enterprise Cybersecurity Risk Register and other audit/assessment documentation.
• Perform security reviews, flag compliance issues, identify gaps and trends in security architecture and recommend remediation strategies.
• Develop and implement a security risk management plan.
• Apply knowledge of security risk frameworks to guide the development of analytical routines and compliance checks.
• Preserve information security features by applying an enterprise risk management process and ensuring stakeholder confidence.
• Partner with manager in security policy development to ensure Information Security Management is integrated throughout the enterprise.
• Collaborate on enterprise cybersecurity planning, validation of controls, and development of security standards.
• Stay updated on changes to cybersecurity regulations and standards, incorporating relevant updates into existing routines and practices.
• Develop and implement data analysis routines to continuously monitor compliance with security standards, best practices, and frameworks.
• Create automated alerts and dashboards to flag potential compliance issues or security anomalies in technology environments.
• Develop and execute plans to assess security risk which includes periodic reviews of existing systems and devices, validation appropriate remediate is in place, and ongoing risk assessment.
• Collaborate with IT and business unit teams to investigate identified issues and develop actionable remediation plans.
• Ensure alignment of Client's enterprise cybersecurity risk and governance architecture with the TOGAF architecture framework.
• Provide recommendations for improving cybersecurity measures and compliance practices based on data analysis and trend identification.
• May mentor, teach, coach, and instruct other team members on pertinent topics.

Skills Required:

• Expert understanding of technology and security standards, enterprise risk architecture, cybersecurity frameworks, and regulatory requirements applicable to utilities.
• Strong grasp of IT and OT systems, including network architecture, industrial control systems, and cybersecurity controls.
• Proficiency in data analysis tools and programming languages (e.g., Python, R, SQL).
• Experience with cybersecurity information and event management (SIEM) systems and data visualization tools (e.g., Splunk, Tableau).
• Strong analytical and problem-solving skills with a keen eye for detail.
• Effective communication skills, both written and verbal, with the ability to present complex data insights to non-technical stakeholders.
• Working knowledge of all, but not limited to the following: - Systems architecture and design; - Standards and governance processes; - Technology presentations on emerging trends and adoption of new technology; - Technology standards; - Emerging technology; - IT Systems, applications, integrations, and standards; - Data analytics and reporting; - Project management. Familiarity with all, but not limited to the following: - Roadmaps and presentations for evolving systems architectures; - Documentation on current system architectures; - Documentation on future state architectures; - Cybersecurity practices; - Enterprise Architecture standards (TOGAF) - Related industry, organizational and departmental policies, practices, and procedures; legal guidelines, ordinances, and laws; - Ability to coach and mentor staff. - Ability to make arithmetic computations using whole numbers, fractions and decimals, and compute rates, ratios, and percentages; - Ability to use Microsoft Office Suite (Outlook, Excel, Word, etc.) and standard office equipment (computer, telephone, etc.).

Skills Preferred :

• Experience with NERC CIP standards and NIST frameworks

Experienced Required:

• Certifications including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), preferred.
• 5 - 7 years related work experience in Cybersecurity and Risk Management.
• Certified Information Systems Security Professional (CISSP) Needed.
• Minimum 3 Years into Utility Background needed.