Cyber Security Architect Lead

Job Purpose

The Cyber Security Architect Lead is responsible for designing, implementing, and maintaining robust security architectures that protect both IT and OT environments. This role involves developing comprehensive security strategies that address the unique challenges and requirements of both domains, including compliance with FANR regulations. The architect will work closely with cross-functional teams to identify vulnerabilities, assess risks, and implement effective security controls. Additionally, the role includes staying current with emerging threats and technologies and continuously improving the organization's security posture through proactive measures and innovative solutions.

Key Activities, Responsibilities & Accountability

Security Architecture Design

• Design secure IT and OT systems and networks using SABSA or TOGAF principles.
• Lead the identification of gaps and provide recommendations on how to close those gaps.
• Implement security controls and measures.
• Ensure the integration of security controls across both environments.
• Maintain the overall security posture of IT and OT environments.
• Assist in the evaluation of all modifications to Critical Digital Assets (CDAs) before implementation, ensuring that new/modified CDAs are reviewed and CDA assessments are performed accordingly.
• Design security solutions that align with business objectives and regulatory requirements.

Security Monitoring and Audits

• Perform security monitoring, data/log analysis, and compromise assessments of OT and IT systems to detect security incidents and root causes.
• Lead investigations and utilize new technologies and processes to enhance OT and IT security capabilities and implement improvements.
• Perform security audits and assessments to verify the effectiveness of security controls.
• Implement continuous monitoring solutions for OT and IT networks and systems.
• Regularly review and improve the OT security architecture to address new threats and vulnerabilities.
• Participate in OT security architecture reviews and audits.
• Implement lessons learned from OT and IT security incidents and assessments.

Risk Assessment and Management

• Conduct regular risk assessments using SABSA or TOGAF risk management processes.
• Lead mitigation strategies to address identified risks, ensuring alignment with SABSA or TOGAF's risk management framework.
• Provide regular reports on risk assessment findings to senior management.
• Update and maintain the risk registry.

Strategy and Planning

• Develop and implement the organization's cybersecurity strategy.
• Ensure the strategy aligns with regulations for the nuclear industry.
• Assist the Head of Information Security Assurance in preparing the annual section budget.

Responsibilities & Accountabilities (contd.)

• Develop and maintain security standards, guidelines, and best practices tailored to OT environments.
• Provide guidance on implementing security controls in OT and IT systems.
• Document OT and IT security architecture designs, decisions, and rationales.

Security Policies and Procedures

• Create and maintain security policies and procedures for OT and IT environments.
• Establish clear security policies governing access control, data protection, incident response, and compliance.
• Adopt industry standards and frameworks such as NIST, ISO/IEC 27001, NEI, and IEC 62443.
• Track and ensure compliance with FANR regulations.

Professional Certifications & Qualifications

Bachelor's Degree required.

Experience

6 to 7 years of relevant experience preferred. Candidates with a Bachelor's Degree and 7 years’ experience, Diploma, Military or Police Academy graduate with 10 years’ experience, or High School with 12 years’ experience are also considered.