**Remote Local Opportunity – Must be within a commutable distance to Bethpage New York or OPEN to relocate
Job Summary
This position is responsible for formalizing the design & implementation of a robust information security architecture for Corporate IT, Operational Technology (OT), and Internet of Things (IoT) enabled systems. He/She will develop automated security and compliance capabilities in support of DevOps processes in an enterprise AWS cloud computing environment. He/she will be responsible for assisting the CISO in developing, managing, and implementing the IT and OT cybersecurity strategy and roadmap. IT Security Risk and Compliance (ITSRC) org requires dedicated resources in security architecture function to ensure secure delivery of cloud initiatives, devsecops and Energy Strong Program.
Job Responsibilities
-Lead and manage the development of Information Security Architecture, standards and design patterns
-Leverage DevOps tools to build, harden, maintain and instrument a comprehensive cloud-based security orchestration platform to be consumed in product CI/CD pipelines.
-Participate in and reviews risk assessments to ensure compliance with Security Architecture objectives and standards.
-Design and implement Cloud-native architectures that will allow business requirements to be met with a minimal degree of risk to the organization
-Design and implement security controls for Advanced Metering Infrastructure (AMI) and Customer Systems.
Job Specific Qualifications
Bachelor of Science in Computer Science, Information Systems, or related discipline.
At least 10 years of experience in cybersecurity field.
Minimum five years of experience in Security architecture function.
Proficiency in at least one scripting language
Experience in Advanced Metering Infrastructure (AMI), Meter Data Management (MDM or MDMS), Load Control, Demand Response, Smart Grid would be preferred
Strong leadership and influence skills
Ability to present to all levels of management & executive leadership
Excellent teamwork, facilitation, relationship building, and negotiation skills
Able to maintain positive working relationships both leading and as part of a team;
Effective time management skills and able to multitask effectively;
Able to communicate effectively with both technical and non-technical individuals;
Defines strategy and architecture for security solutions that protect company infrastructure and data, while incorporating applicable compliance standards.
Reviews new, and changes to existing, applications and infrastructure for security risk. Provides expert advice using existing and new security technologies to reduce risk and support implementation of new products and features needed by business.
Reviews/validates application configurations and code for security risks.
Understands threats to data and how to use encryption, access control, DRM, DLP, and other technologies to reduce risk.
Experienced in multiple platforms, including Windows, Unix, Network, Cloud, and End User/Mobile devices.
Experience with Identity and Access Management.
Reviews network architecture diagrams for various attack vectors and provides expert advice on mitigating threats via proper architecture design.
Focuses on cloud-based solutions that work in an existing hybrid cloud/on premise environment.
Understands and is capable of working within DevOps model, embracing guardrail model of security to support rapid development in an Agile framework.
NERC CIP position, requires NERC CIP background investigation prior to start security threats
Desired Skills:
Experience with the implementation of NIST Cyber Security Framework (CSF), North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)
Information Technology/Operational Technologies experience in Energy Management System (EMS), Advanced Distribution Management System (ADMS), Grid Intelligence & Security (GIS), Outage Management System (OMS), and Supervisory control and data acquisition (SCADA)
Previous experience of IT/OT technologies and utility industry experience preferred with an awareness of utility specific security threats.