Job Summary

This position is responsible for formalizing the design & implementation of a robust information security architecture for Corporate IT, Operational Technology (OT), and Internet of Things (IoT) enabled systems.  He/She will develop automated security and compliance capabilities in support of DevOps processes in an enterprise AWS cloud computing environment.  He/she will be responsible for assisting the CISO in developing, managing, and implementing the IT and OT cybersecurity strategy and roadmap.  IT Security Risk and Compliance (ITSRC) org requires dedicated resources in security architecture function to ensure secure delivery of cloud initiatives, devsecops and Energy Strong Program.

Job Responsibilities

-Lead and manage the development of Information Security Architecture, standards and design patterns
-Leverage DevOps tools to build, harden, maintain and instrument a comprehensive cloud-based security orchestration platform to be consumed in product CI/CD pipelines.
-Participate in and reviews risk assessments to ensure compliance with Security Architecture objectives and standards.
-Design and implement Cloud-native architectures that will allow business requirements to be met with a minimal degree of risk to the organization
-Design and implement security controls for Advanced Metering Infrastructure (AMI) and Customer Systems.
 

Job Specific Qualifications

Required Skills:

• Bachelor of Science in Computer Science, Information Systems, or related discipline.
• At least 10 years of experience in cybersecurity field.
• Minimum five years of experience in Security architecture function.
• Proficiency in at least one scripting language
• Experience in Advanced Metering Infrastructure (AMI), Meter Data Management (MDM or MDMS), Load Control, Demand Response, Smart Grid would be preferred
• Strong leadership and influence skills
• Ability to present to all levels of management & executive leadership
• Excellent teamwork, facilitation, relationship building, and negotiation skills
• Able to maintain positive working relationships both leading and as part of a team;
• Effective time management skills and able to multitask effectively;
• Able to communicate effectively with both technical and non-technical individuals;
• Defines strategy and architecture for security solutions that protect company infrastructure and data, while incorporating applicable compliance standards.
• Reviews new, and changes to existing, applications and infrastructure for security risk.  Provides expert advice using existing and new security technologies to reduce risk and support implementation of new products and features needed by business.
• Reviews/validates application configurations and code for security risks.
• Understands threats to data and how to use encryption, access control, DRM, DLP, and other technologies to reduce risk.
• Experienced in multiple platforms, including Windows, Unix, Network, Cloud, and End User/Mobile devices.
• Experience with Identity and Access Management.
• Reviews network architecture diagrams for various attack vectors and provides expert advice on mitigating threats via proper architecture design.
• Focuses on cloud-based solutions that work in an existing hybrid cloud/on premise environment.
• Understands and is capable of working within DevOps model, embracing guardrail model of security to support rapid development in an Agile framework.
• NERC CIP position, requires NERC CIP background investigation prior to start security threats
 
Desired Skills:
Experience with the implementation of NIST Cyber Security Framework (CSF), North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)
 
Information Technology/Operational Technologies experience in Energy Management System (EMS), Advanced Distribution Management System (ADMS), Grid Intelligence & Security (GIS), Outage Management System (OMS), and Supervisory control and data acquisition (SCADA)
Previous experience of IT/OT technologies and utility industry experience preferred with an awareness of utility specific security threats.

Minimum Years of Experience

Education

Certifications

Disclaimer

Certain positions at the Company may require you to have access to Part 810-Controlled Information.  Under the law, the Company is limited in who it can share this information with and in certain circumstances it is necessary to obtain specific authorization before the Company can share this information.  Accordingly, if the position does require access to this information, you must complete a 10 CFR Part 810 Export Control Compliance Nationality Request Form, a copy of which will be provided to you by Talent Acquisition if an offer is made.  If there is a need for specific authorization, due to the time it takes to obtain authorization from the government, we will likely not be able to further proceed with an offer.