job summary: IT Security Architect
The selected candidate will work as a member of the Information Technology (IT) Security & Network group as a Security Architect and is responsible for the security technology design and deliverables of the Grid Modernization project.
The Enterprise Security Architect (SA) will work closely with a project's Solution Architect, the Project Manager, the Corporate Information Security department, and OT Operations to complete, evaluate, and enact the Security Assessments and Vendor Security reviews. A Security Assessment is required for all new business initiatives containing electronic data. The term "initiative" encompasses all the servers, networks, and interfaces used for that project, and pre-existing weaknesses in infrastructure may be brought to light as part of a new initiative (i.e., need for security patching of servers, insecure interfaces, etc).
A Vendor Assessment is required for business initiatives where access to sensitive data is provided to external entities. The Vendor Assessment is used to identify potential Cyber Security risks for initiatives by analyzing the data used for the initiative, and then documenting and validating the security controls in place
location: Berlin, Connecticut
job type: Permanent
salary: $125,000 - 130,000 per year
work hours: 8am to 5pm
Primary Job Functions for the Security Architect
- drives the evaluation of security assessments for the Grid Modernization projects
- provide security architecture advice in support of application development, infrastructure, and enterprise technology projects to ensure the integrity of the client's environment
- define, document, and implement the application security architecture required for initiative, including (but not limited to):
- authentication and authorization
- account administration, provisioning, segregation of duties, validation, attestation, and more
- auditing of security related requirements and testing
- confidentiality, integrity, and availability of the systems and data
- Compliance to client and regulatory requirements
- Verifies security systems by developing and implementing test scripts
- Assess project requirements related to application security, including correlation with enterprise security policy and standards
- Identify architectural and other security risks associated with the solution, and compensating controls where necessary
- Identify any gaps in existing application security infrastructure to meet project requirements, work with the Manager(s) or Director of Corporate Information Security to identify and propose solutions
- determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates
- verifies compliance of security requirements by developing and implementing test scripts
- Researches possible solutions and alternatives for security implementation of the project; technology applications, business process problems, technical problems, performs an analysis of alternatives, and leads the recommendation to a security solution.
- Ensure that the project infrastructure is supportable and can be transitioned smoothly into production support organizations.
- Works with 3rd party vendors to ensure that deliverables are completed on-time and under budget.
- Documents the security and compliance aspects of the design through diagrams and written documents
- Candidate must have previous experience with IT security and in one or more of the following areas:
- SCADA networks
- Network security strategies for SCADA
- Experience with the selection, design, and implementation of solutions in IT security is required
- Practical experience in the Information Security Architecture field, with emphasis on application security architecture.
- Strong understanding of security architecture best practices, standards and frameworks
- Security background is a must - including prior technical security engineering experience
- This position requires a background in information technology along with excellent interpersonal, research, analysis, and communication skills
- The individual must be comfortable working across business and IT domains and be able to demonstrate the ability to easily shift between technical analysis and business value discussions
- Requires knowledge of systems development methodologies and systems integration methodologies
- Bachelor's degree in Information Systems or a related technical field.
- Security certification is preferred.
skills: What Experience/Skills would you like the candidate to have, but is not required?
- SCADA Security experience
- Experience working in large, geographically dispersed IT organizations
- Large IT project implementation experience
- Security certifications, such as CISSP, CCSP, CISM, or other, is desirable
- Experience working with an energy utility desired
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.