Title:Security Services architect

Location:Waltham, MA

Duration: Full Time

Duties:

    Business and Project Consulting:
        Project engagement during the initiation, requirements, and design stages to ensure that security has been considered and is included into the design at the appropriate level based on the risks.
        Further security related guidance may be required during the build and testing stages of the projects.
        Security review and design of complex application and technology architectures.
        Coordination of technical design/review activities with various IS and project stakeholders.
        Evaluation and maintenance of security system plans and procedures to safeguard internal information systems and databases.
        Researching and recommendation/implementation of changes to procedures and systems to enhance security aligned with corporate policies
        Partner with LoB and IS during project engagement in the development of strategic and tactical business plans.
        Manage demand of working on multiple projects and leverage IS security technologies and services  to meet business goals and objectives.
        Accountable for ensuring that key risks and issues are identified, addressed and resolved in a manner that satisfies the business.
        Flexibility to travel as role requires (may include global responsibilities)

Skills:

    Strong background in security architecture including a deep knowledge of IT network security (secure LAN, WAN, vLAN, MPLS, and secure network zoning and restricted network design), database, operating system and application security.
    Strong knowledge and experience designing and implementing technical security solutions such as secure remote access, firewalls, encryption, secure protocols, data protection, data loss prevention and identity management solutions.
    Able to translate business and non-functional requirements to identify the security design and to document the security solutions for communications and enduring documentation.
    Strong knowledge of data and information flows, information governance, and network protocols.
    Experience of designing and incorporating technical security controls, including for SAP.
    Experience of incorporating security controls at each stage of the software development lifecycle process.
    Experience of designing and managing security controls within service providers and the cloud.
    Experience of security hardening techniques and policy development, particularly operating system hardening (e.g. Windows, UNIX, Oracle).
    Appreciation of wider information security related principles, likely to be gained in industry or from a consultancy background.
    Prepared to challenge business and IS colleagues and have the “difficult conversations” where needed in the interests of National Grid
    Strong communication, leadership and partnering skills.
    Proven track record of successfully delivering business requirements to time and budget constraints.
    Able to operate as a highly independent worker and as part of a strong team/collaborative approach.
    Prior utility industry experience preferred, including knowledge of Critical National Infrastructure (CNI).  Familiar with security application lifecycle process frameworks including NIST 800-64.

Education:

    Educated to degree level (or equivalent combination of education and experience).
    Information Security Qualifications such as CISSP, ISSAP, and SABSA practitioner preferred.
    Security Qualifications such as SANs, CCNA, CCNP.
    Familiar with various controls including NIST and NERC CIP