National Grid Security Architect - Cloud Security in Waltham, Massachusetts

_About the Position:_

*_

_*

The Security Architect serves as a security lead/visionary and will act as an expert in many areas of security, and is able to describe in business terms the impact of security policies, standards, and architecture. This person will provide security direction to the cyber security programme to ensure that security is a key focus for the deliverable.

The Security Architect must be able to interpret high level business requirements and communicate them to highly technical security engineers; conversely they must also be able to articulate highly technical issues to a non-technical business audience.

The Security Architect is to produce reference architectures and to ensure that the delivered architecture is fit for purpose and effective when transitioned in to service

_Position Responsibilities (including but not limited to):_

  • Security Architecture, Advisory and Consulting for Business Projects

  • Accountable for ensuring that key risks and issues are identified, addressed and resolved in a manner that satisfies the business.

  • Developing an architectural solution that are both fit-for-purpose and cost-effective

  • Enhancement of security policies in alignment with changing cloud security landscape

  • Develop / derive architecture patterns and standards

  • Coordination of technical design/review activities with various segment and corporate groups and security assurance activities

  • Engaging risk & compliance, Enterprise Architecture and Operational Security (SOC) at appropriate stages in the project

  • Researching and recommendation/implementation of changes to procedures and systems to enhance security aligned with corporate policies

*Job dimensions*:

  • This role has a significant impact on defining security requirements and ensuring that the program meets these requirements, or that exceptions and issues are noted and remediated as appropriate.

  • Indirect support (influence) of budget across the entire IS organisation and specific set of Business Systems (e.g. Customer Systems, Corporate Systems, etc. specific to project/s design.

  • No. of direct reports – None.

  • Budget - None

_Knowledge & Experience Required:_

  • Bachelor's Degree or equivalent experience

  • 0-4 years experience within relevant roles

  • Experience of designing and managing security controls within service providers and the cloud.

  • Strong background in security architecture including a good knowledge of Cloud Security (perimeter defense, end-point security, Cloud service contracts, ) across a variety of technology stacks in various cloud environments (Azure, AWS, Oracle and Salesforce, cloud API integration, IAM, Mobile Device Management, CASB, Secure Web Gateway).

  • Strong knowledge and experience designing and implementing technical security solutions such as IDS/IPS, secure remote access, firewalls, encryption, secure protocols, data protection, data loss prevention and identity management solutions within Cloud environments

  • Ability to work with cross-functional teams and act as a trusted advisor to secure cloud deployments that are planned across business projects.

  • Experience in integrating with a SIEM, or working within a system monitoring environment.

  • Experience of incorporating security controls at each stage of the software development lifecycle process (ITIL).

  • Experience of security hardening techniques and policy development aligned to Cloud Security standards (e.g. CSA Cloud Control Matrix).

  • Experience in risk management processes with ability to evaluate third-party suppliers offering SaaS based cloud solutions.

  • Knowledge with Enterprise Architecture (E.g.: TOGAF) and Security Architecture frameworks (E.g.: O-ESA, SABSA). Certifications preferred.

  • Experience of developing security reference architectures and patterns.

  • Appreciation of wider information security related principles, likely to be gained in industry or from a consultancy background.

  • Prepared to challenge the program and IS colleagues and have the “difficult conversations” where needed in the interests of National Grid.

  • Strong communication (Written and Verbal), leadership and partnering skills.

  • Able to demonstrate a high degree of credibility and influence senior stakeholders within the organization.

  • Proven track record of successfully delivering business requirements to time and budget constraints.

  • Able to operate as a highly independent worker and as part of a strong team/collaborative approach.

  • Prior Critical National Infrastructure (CNI) and utility industry experience preferred.

  • Preferably somebody who has actually done hands on IT in the past and understands the pragmatic approach sometimes required.

*_

_*

/National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team./

Job: *IS DIgital Security & Risk

Organization: *IS Digital Security & Risk

Title: Security Architect - Cloud Security

Location: MA-Waltham

Requisition ID: 20181296