Security Compliance Architect Rochester, New York Competitive
Security Compliance ArchitectLocation: Rochester, New York | Salary: Competitive | Posted: 28 Nov 2018 | Closes: 28 Feb 2019 | Job Type: Permanent & Full-time | Business Unit: US - G4S Secure Integration | Region / Division: G4S Technology
G4S Secure Integration is looking for a quality-focused Cyber Security and Compliance Manager to work closely with our Project Management Office, ICS Engineers, and QA Test Teams to oversee the design, implementation, and operations of NERC-CIP/NIST 800-53 Cyber Security Controls and Framework in the Avangrid® Private Cloud Infrastructure. In this position you will work directly with the brightest technical minds in the business as we build a brand-new network and systems infrastructure to support state-of-the-art security operations centers in the Northeast. The position is located at Rochester, NY.
- The candidate will work closely with the Electric & Gas transmission, Distribution and Generation businesses specifically around the IT/OT (Information Technology/Operational Technology) area, PMO, SNC-Lavalin Engineers, IT and OT. The security architect will be responsible for defining the security of the end-to-end security architecture looking at the people, process and technology required for successful delivery and risk mitigation. The role will act as the security design authority for all matters of IT/OT providing governance, oversight and direction from a cyber security risk perspective, interpreting Enterprise Security Architecture, establishing or contributing to the relevant reusable solution artifacts and ensuring hand-off to operational management.
- The Security Architect must be able to interpret high level business requirements and communicate them to highly technical security engineers; conversely, they must also be able to articulate highly technical issues to a non-technical business audience.
- The Security Architect is to produce reference architectures and to ensure that the delivered architecture is fit for purpose and effective when transitioned in to service.
Position Responsibilities (including but not limited to):
- Develop and manage an IT/OT security architecture that addresses business needs holistically – people, process & technology
- Develop security architectural patterns of the individual components of the end solution (Contextual, Conceptual, Logical, Physical, Component and Operational)
- Lead development of security architectures for IT/OT, ensuring consistency with specified requirements agreed with both external and internal customers.
- Ensure compliance with enterprise security architecture, and grant dispensations that are in keeping with the Group strategy and organization objectives.
- Guide various business and IS teams, specifically the “IT Compliance Organization” as needed toward a common architecture and engage stakeholders as advocates of the vision.
- Ensure that design decisions align with the business vision and maintain security architectural flexibility
- Accountable for ensuring that key risks and issues are identified, addressed and resolved in a manner that satisfies the business.
- Enhancement of security policies in alignment with changing IT OT landscape
- Coordination of technical design/review activities with various segment and corporate groups and security assurance activities.
- Engaging risk& compliance, Enterprise Architecture and Operational Security (RAC – Risk Analytics Center) at appropriate stages in the project.
- Researching and recommendation/implementation of changes to procedures and systems to enhance security aligned with corporate policies
- This role has a significant impact on defining technical security requirements and ensuring that the program meets these requirements, or that exceptions and issues are noted and remediated as appropriate.
- Indirect support (influence) of budget across the entire IS organization and specific set of Business Systems (e.g. Customer Systems, Corporate Systems, etc. specific to project/s design).
- No. of direct reports – At least one.
The Ideal Candidate:
- ITIL/ITSM and CISSP certified; Industry recognized certification in security (e.g., CISSP, CISA, CISM, etc.)
- 10+ years of information technology systems design and planning experience; in systems, applications, or architecture
- 10+ years of working in risk assessments, risk management, controls monitoring, controls audits.
- 10 years’ experience working, Cloud Security or Third Party / Cloud Security Assessments including AWS or Azure; Or 5 years’ experience in cloud security and 5+ years of experience securing cloud services
- 10 years of policy, procedures, standards, work instructions, report generation and managing projects.
- 10 years of managing teams of 3 or more resources
- 10 years’ experience with Cloud Security vendors
- 10 years’ experience Enterprise IT security risk assessments and related frameworks (e.g., ISO 27000 series, NIST 800 Series, COBIT, IT General Controls, etc.)
- 10 years’ experience: NERC-CIP, NIST 800-53, PCI, Sarbanes-Oxley, HIPAA, GLBA, FISMA
- 10 years’ Experience with multiple, simultaneous vendor management
- Experience in IT Security Testing (e.g., penetration testing, web application security assessments, vulnerability assessments and technical security assessments
- Secure SDLC, Agile, or DevOps experience
- Experience in Identity and Access Management
- Experience in virtualized security environments
- Experience with Cloud Security vendors in the IAM, Data Protection, Monitoring, SaaS providers
- Experience with Linux and Windows operating systems
- Experience with application development
- Proven ability to work creatively and analytically in a problem-solving environment
- Desire to work in an information systems environment
- Excellent communication (written and oral) and interpersonal skills
- Excellent leadership and management skills
- Strong project management and communication skills.
- Demonstrated ability in right-sized process development and improvement.
- Experience with build and release processes for a PaaS, IaaS, and SaaS.
- Technical orientation and strong understanding of system/infrastructure development; including access control devices & video surveillance technologies such IP video cameras, video management software (VMS), and video storage devices and systems (NAS, NVR, etc.)
- Familiar with change and release management tools;
- Experience working with physical security implementations and cyber security technologies.
- Exposure to platform certification processes and data center architecture/design.
- Exposure to physical security concepts/design such as AMAG physical access controls for SOC and Data Center.
- Exposure to network equipment and other technologies such as (CISCO, Checkpoint, Nokia PIVOT3 – Hyper-Converged Infrastructure)
Minimum or Preferred Qualifications
BA/BS in computer science or similar. Required minimum 10 years of cyber security experience in a large corporation.
About the Company:
Why work for G4S Secure Integration?
- Global experts in the assessment, design, construction, maintenance and management of communication networks and electronic security systems
- Over 20 Years of proven experience as an established large-scale systems integrator providing unified communications and security solutions
- Financially Sound Company, Highly Regarded by Customers & Industry Peers
- Highly Competitive Compensation Plan & Comprehensive Benefits Package
G4S Secure Integration is a systems integrator that brings innovative, flexible and cost efficient thinking to the design, construction and maintenance of stand-alone or integrated communication networks and electronic security systems. For over two decades, we have offered commercial, industrial and governmental clients an efficient single point of contact for all their project issues. A trusted partner to customers and suppliers around the world, G4S Secure Integration takes great pride in delivering outstanding technology, superior customer service and a great return on investment.
G4S Secure Integration has deployed over 2 million fiber miles in more than 200 metropolitan and rural areas and completed over 1,500 large-scale, electronic security systems projects in the United States, Europe, Asia, Central America, and the Middle East.
Headquartered in Omaha, Nebraska, G4S Secure Integration is managed by executives from the telecommunications, construction and security industries. For more information, visit the company’s website at www.g4s.us or call (866) 221-5641.
We offer an attractive, competitive compensation plan, an outstanding comprehensive benefits package, and significant opportunity for professional growth and advancement in the rapidly expanding security/telecommunications industry. We strongly encourage inquiries from qualified women and minority candidates. While interest from all applicants for employment with G4S Secure Integration is genuinely appreciated, we can respond only to those candidates with qualifications closest to the job requirements. For confidential consideration, please visit http://technologycareers.g4s.com/ and apply on-line. No phone calls please.
Equal Opportunity Employer/Minorities/Female/Disabled/Veteran
VEVRAA Federal Contractor
Jobs that might be of interest:Systems Engineer I
Location: Rochester, New York
Apply now Cleaner
Location: Dublin - Calmount, Ireland
Apply now Systems Engineer - Reigate
Location: Remote Worker covering the Reigate area
Apply now Systems Engineer
Location: Remote worker London East area
Apply now Service Engineer