Cloud Security Architect Lead

Job Purpose

The Cyber Security Architect Lead is responsible for designing, implementing, and maintaining robust security architectures that protect both IT and OT environments. This role involves developing comprehensive security strategies that address the unique challenges and requirements of both domains, including compliance with FANR regulations. The architect will work closely with cross-functional teams to identify vulnerabilities, assess risks, and implement effective security controls. Additionally, the role includes staying current with emerging threats and technologies and continuously improving the organization's security posture through proactive measures and innovative solutions.

Key Activities, Responsibilities & Accountability

Security Architecture Design

• Design secure IT and OT systems and networks using SABSA or TOGAF principles.
• Lead the identification of gaps and provide recommendations to close those gaps.
• Implement security controls and measures.
• Ensure the integration of security controls across both environments.
• Maintain the overall security posture of IT and OT environments.
• Assist in evaluating modifications to Critical Digital Assets (CDAs) before implementation, ensuring reviews and assessments are performed.
• Design security solutions aligned with business objectives and regulatory requirements.

Security Monitoring and Audits

• Perform security monitoring, logs analysis, and compromise assessments of OT and IT systems to detect incidents.
• Lead investigations and utilize new technologies to enhance security capabilities.
• Perform security audits and assessments to verify control effectiveness.
• Implement continuous monitoring solutions for networks and systems.
• Review and improve OT security architecture to address new threats.
• Participate in security reviews and audits.
• Apply lessons learned from security incidents and assessments.

Risk Assessment and Management

• Conduct regular risk assessments using SABSA or TOGAF frameworks.
• Lead mitigation strategies aligned with risk management processes.
• Report risk findings to senior management.
• Maintain the risk registry.

Strategy and Planning

• Develop and implement the organization's cybersecurity strategy.
• Ensure alignment with nuclear industry regulations.
• Assist in budget preparation for security initiatives.
• Develop security standards, guidelines, and best practices for OT environments.
• Guide the implementation of security controls.
• Document security architecture designs and rationales.

Qualifications & Experience

• Bachelor's Degree required.
• 6 to 7 years of relevant experience.
• Preferred: Bachelor’s Degree with 7 years’ experience, Diploma, Military or Police Academy graduate with 10 years’ experience, or High School with 12 years’ experience.
• Certifications: CISSP, CISSP-ICS, TOGAF 9, SABSA Chartered Security Architect, ISO/IEC 27001 Lead Implementer, GIAC GRID, IEC 62443 Cybersecurity Expert.