Enterprise Security IT/OT Architect
About the Position:
You will work closely with the Electric & Gas transmission, Distribution and Generation businesses specifically around the IT/OT (Information Technology/Operational Technology) area. The security architect will be responsible for defining the security of the end-to-end security architecture looking at the people, process and technology required for successful delivery and risk mitigation. The role will act as the security design authority for all matters of IT/OT providing governance, oversight and direction from a cyber security risk perspective, interpreting Enterprise Security Architecture, establishing or contributing to the relevant reusable solution artefacts and ensuring hand-off to operational management.
Position Responsibilities (including but not limited to):
- Develop and manage an IT/OT security architecture that addresses business needs holistically people, process & technology
- Develop security architectural patterns of the individual components of the end solution (Contextual, Conceptual, Logical, Physical, Component and Operational)
- Lead development of security architectures for IT/OT, ensuring consistency with specified requirements agreed with both external and internal customers.
- Ensure that design decisions align with the business vision and maintain security architectural flexibility
- Ensure compliance with enterprise security architecture, and grant dispensations that are in keeping with the Group strategy and LOS (Line of Sight) objectives
- Guide various business and IS teams as needed toward a common architecture and engage stakeholders as advocates of the vision
- Establish a mechanism for the formal acceptance and approval of the security architecture
- Identify cross-work stream dependencies and coordinate activities with other areas internal and external
- Will work and report within the Digital Risk & Security function as a dedicated resource representing the Security Architecture function
- Provide leadership in transforming the DR&S architecture function into a proactive value-added business-focused service provider, while ensuring that risks are identified and managed appropriately.
- Flexibility to travel as role requires
Qualifications
Knowledge & Experience Required:
- Educated to degree level (or equivalent combination of education and experience).
- Information Security Qualifications such as CISSP, SABSA and ISSAP preferred.
- Other Qualifications such as SANs, CCNA, CCNP preferred.
- Experience of working as an Engineer working closely with business stakeholders and Enterprise Architects.
- Knowledge of SCADA protocols like Modbus, IEC 60870-5-101 or 104, IEC 61850 and DNP3 and other major SCADA protocols
- Experience with the use of NIST, NERC-CIP v3/v5 standards and developing security architectural patterns
- Working experience of applying security architecture within a large global enterprise.
- Strong knowledge and experience designing and implementing technical security solutions such as IDS/IPS, secure remote access, firewalls, encryption, secure protocols, IT network security (secure LAN, WAN, vlan technology, MPLS, and secure network zoning and restricted network design) and database, operating system and application security, data protection, data loss prevention and identity management solutions.
- Experience of Experience working with a diverse team of people comprised of internal and external resources
- Demonstrated strength in relationship building with success influencing leaders at all levels
- Strong analytical and problem solving skills, negotiation, interaction management, and presentation skills are required with the ability to create consensus and understanding around security architecture
- Ability to multi-task, effectively structure work to handle multiple demands and competing activities
- Experience of designing and managing security controls within service providers and the cloud.
- Strong communication, leadership, influencing, and partnering skills to collaborate with, and influence business stakeholders to explore best in class, innovative solutions to business challenges
- Prepared to challenge business colleagues and have the difficult conversations where needed in the interests of National Grid.
- Previous experience of IT/OT technologies and utility industry experience preferred with an awareness of utility specific security threats
- Demonstrated experience in applying emerging technologies to develop secure solutions across diverse network/communication protocols.
- Must demonstrate strong ethics, influence and negotiation, leadership, interpersonal skills, communication, the ability to effectively manage stress and engage in continuous learning by staying current with relevant technology and innovation.
Main Interfaces:
- IS Enterprise Architecture teams
- DR&S internal teams
- Electric & Gas transmission, Distribution and Generation businesses
- Senior management from all business lines
- Internal compliance and assurance teams
- Third party suppliers or partners
- No direct reports
This position is one of National Grids career path roles which provide for promotional opportunities within and across salary bands as you develop and evolve in the position by gaining experience, expertise and acquiring and applying technical skills.
National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.
Job:
IS DIgital Security & Risk
Primary Location:
MA-Waltham
Organisation:
IS Digital Security & Risk
Schedule:
Full-time
Job Posting:
Feb 13, 2017, 1:
47:
28 PMUnposting Date:
Ongoing
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
