G4S

About G4S

 

Job Category:

Engineering

Country:

United States

Postal Code:

14649

Approximate Salary:

Not Specified

Position Type:

Full Time

Security Compliance Architect

G4S - Rochester, New York

Posted: 11/27/2018

  • The candidate will work closely with the Electric & Gas transmission, Distribution and Generation businesses specifically around the IT/OT (Information Technology/Operational Technology) area, PMO, SNC-Lavalin Engineers, IT and OT. The security architect will be responsible for defining the security of the end-to-end security architecture looking at the people, process and technology required for successful delivery and risk mitigation. The role will act as the security design authority for all matters of IT/OT providing governance, oversight and direction from a cyber security risk perspective, interpreting Enterprise Security Architecture, establishing or contributing to the relevant reusable solution artifacts and ensuring hand-off to operational management.
  • The Security Architect must be able to interpret high level business requirements and communicate them to highly technical security engineers; conversely, they must also be able to articulate highly technical issues to a non-technical business audience.
  • The Security Architect is to produce reference architectures and to ensure that the delivered architecture is fit for purpose and effective when transitioned in to service.

Position Responsibilities (including but not limited to):

  • Develop and manage an IT/OT security architecture that addresses business needs holistically – people, process & technology
  • Develop security architectural patterns of the individual components of the end solution (Contextual, Conceptual, Logical, Physical, Component and Operational)
  • Lead development of security architectures for IT/OT, ensuring consistency with specified requirements agreed with both external and internal customers.
  • Ensure compliance with enterprise security architecture, and grant dispensations that are in keeping with the Group strategy and organization objectives.
  • Guide various business and IS teams, specifically the “IT Compliance Organization” as needed toward a common architecture and engage stakeholders as advocates of the vision.
  • Ensure that design decisions align with the business vision and maintain security architectural flexibility
  • Accountable for ensuring that key risks and issues are identified, addressed and resolved in a manner that satisfies the business.
  • Enhancement of security policies in alignment with changing IT OT landscape
  • Coordination of technical design/review activities with various segment and corporate groups and security assurance activities.
  • Engaging risk& compliance, Enterprise Architecture and Operational Security (RAC – Risk Analytics Center) at appropriate stages in the project.
  • Researching and recommendation/implementation of changes to procedures and systems to enhance security aligned with corporate policies

Job dimensions:

  • This role has a significant impact on defining technical security requirements and ensuring that the program meets these requirements, or that exceptions and issues are noted and remediated as appropriate.
  • Indirect support (influence) of budget across the entire IS organization and specific set of Business Systems (e.g. Customer Systems, Corporate Systems, etc. specific to project/s design).
  • No. of direct reports – At least one.

  • ITIL/ITSM and CISSP certified; Industry recognized certification in security (e.g., CISSP, CISA, CISM, etc.)
  • 10+ years of information technology systems design and planning experience; in systems, applications, or architecture
  • 10+ years of working in risk assessments, risk management, controls monitoring, controls audits.
  • 10 years’ experience working, Cloud Security or Third Party / Cloud Security Assessments including AWS or Azure; Or 5 years’ experience in cloud security and 5+ years of experience securing cloud services
  • 10 years of policy, procedures, standards, work instructions, report generation and managing projects.
  • 10 years of managing teams of 3 or more resources
  • 10 years’ experience with Cloud Security vendors
  • 10 years’ experience Enterprise IT security risk assessments and related frameworks (e.g., ISO 27000 series, NIST 800 Series, COBIT, IT General Controls, etc.)
  • 10 years’ experience: NERC-CIP, NIST 800-53, PCI, Sarbanes-Oxley, HIPAA, GLBA, FISMA
  • 10 years’ Experience with multiple, simultaneous vendor management
  • Experience in IT Security Testing (e.g., penetration testing, web application security assessments, vulnerability assessments and technical security assessments
  • Secure SDLC, Agile, or DevOps experience
  • Experience in Identity and Access Management
  • Experience in virtualized security environments
  • Experience with Cloud Security vendors in the IAM, Data Protection, Monitoring, SaaS providers
  • Experience with Linux and Windows operating systems
  • Experience with application development
  • Proven ability to work creatively and analytically in a problem-solving environment
  • Desire to work in an information systems environment
  • Excellent communication (written and oral) and interpersonal skills
  • Excellent leadership and management skills
  • Strong project management and communication skills.
  • Demonstrated ability in right-sized process development and improvement.
  • Experience with build and release processes for a PaaS, IaaS, and SaaS.
  • Technical orientation and strong understanding of system/infrastructure development; including access control devices & video surveillance technologies such IP video cameras, video management software (VMS), and video storage devices and systems (NAS, NVR, etc.)
  • Familiar with change and release management tools;
  • Experience working with physical security implementations and cyber security technologies. 
  • Exposure to platform certification processes and data center architecture/design. 
  • Exposure to physical security concepts/design such as AMAG physical access controls for SOC and Data Center.
  • Exposure to network equipment and other technologies such as (CISCO, Checkpoint, Nokia PIVOT3 – Hyper-Converged Infrastructure)

Minimum or Preferred Qualifications

BA/BS in computer science or similar. Required minimum 10 years of cyber security experience in a large corporation.

Apply Now