Black Hills Corporation Senior Information Security Architect in Rapid City, South Dakota

Description :

Job Specifications

SALARY RANGE: $87,650 - $121,820

Base salary is determined by the knowledge, skills and abilities of the applicant.

CLOSING DATE: This position will close on September 9, 2018.

LOCATION: Rapid City, SD

PRIMARY FUNCTION:

Senior Information Security Architect serves as a key member and leader of the Black Hills Security team. The Senior Information Security Architect provides thought leadership and expertise in a variety of information security topics to safeguard the Black Hills corporate network infrastructure and data as well as various industrial control system infrastructures included in the Gas and Electric utility industry.

The Senior Information Security Architect will evaluate the existing information security strategy and program, with responsibilities including the development/refinement of strategy, policy, regulatory compliance, risk identification and mitigation, security architecture and standards.

The Senior Information Security Architect will work as an individual and in a multi-disciplinary team environment to identify security gaps, develop controls, determine functional and non-functional security requirements and design solutions that meet business objectives while complying with security standards.

The Senior Information Security Architect will act in an internal consultant role and will analyze, recommend, develop, implement and maintain systems and processes that protect business and client information.

REPORTING RELATIONSHIP: Manager or Director of Information Security

ESSENTIAL JOB FUNCTIONS:

  • Manage the development, documentation, implementation, and communication of enterprise-wide information security strategies, practices and policies.

  • Lead and/or manage multi-disciplinary team reviews of existing architecture, identify design gaps, and recommend security enhancements.

  • Lead and/or manage multi-disciplinary team reviews of new products, business applications, and/or vendors to identify security design gaps to evaluate appropriate security capabilities, assessing their risk and their value in support of corporate goals and oval security strategy.

  • Conduct individual, independent security reviews of vendor proposals, review security architectures and recommend modifications to the information security operation to evaluate risk reduce costs or improve service.

  • Serve as information security subject matter expert, trusted advisor/inside consultant; provide advisory and consulting services as needed to various department and project teams.

  • Meet with project teams and other system architects to develop system designs and project plans that include the appropriate security controls and meet security standards

  • Understand current as well as emerging security threats and design security architecture to mitigate threats where possible

  • Stay abreast of new information systems and security technologies and integrate into security architecture design when appropriate

  • Manage multi-disciplinary incident response team in response to current or potential threats, incidents.

  • Lead and/or participate in security risk assessments using NIST based risk methodology.

  • Prepare specific security status reports by developing, collecting, analyzing, and summarizing security related data and trends.

  • Present specific security status reports to various levels of management, including Senior Management Team.

  • Identify and develop regular and emergency security-related communications as needed.

  • Actively promote security and risk related campaigns for information security awareness among all staff.

  • Maintain an operational understanding of existing and proposed security standards as well as State and Federal legislation and regulations pertaining to information security.

ADDITIONAL RESPONSIBILITIES:

  • Identify, track and report information security metrics on a monthly basis. Design and provide metrics reports for various audiences including IT staff, IT leadership, Senior Management and the Board of Directors.

  • Acts as information security liaison with all levels of the IT organization and with the lines of business and other internal departments and organizations.

  • Participate as part of the contract review team for those contracts with IT or IT security implications. Make recommendations for standard contract language related to security functions and/or requirements.

WORKING RELATIONSHIPS:

  • Maintain strong working relationships with all levels of personnel within in the Security team, IT department, and the business. Work effectively with Project teams to support the incorporation of security into projects.

  • Work effectively with security integrators, vendors, software manufacturers and application users to program, maintain and improve support for all security systems.

EXPERIENCE:

  • Minimum of five to seven years of Information Security experience is required.

  • Experience in a Security Analyst, Security Engineer or Security Architect role is required.

  • Experience in a converged cyber and Physical Security department desired.

  • Experience in business/industry (beyond IT), and experience in business beyond the electric and gas utility space desired.

  • Experience managing cross-functional teams or projects, and influencing senior-level management and key stakeholders desired.

EDUCATION:

  • Minimum of Bachelor’s Degree in Information Technology, Computer Science, Information Assurance or related technical field is required.

KNOWLEDGE:

  • Must have a strong understanding of network architecture, firewalls, Intrusion Detection Systems, web filtering, audit and log management, physical security control systems, real-time systems, and common operating systems.

  • Must have a strong understanding of emerging technologies in IT such as a Cloud Platform, Internet of Things and Mobile BYOD as well as the associated security risks.

  • Must have a solid working knowledge of common information technology management and security frameworks, such as ISO/IEC 27001, OWASP, SANS, ITIL, COBIT, and NIST.

  • Must have a strong knowledge cyber security theory and practice as promoted by numerous security standards and certification entities.

  • Must have a strong understanding of advanced technical security topics such as Security Essentials; Ethical hacking; Auditing and monitoring networks, systems, and users; forensics, malware analysis; and security incident response.

  • Knowledge of physical security controls and concepts desired

  • Project Management fundamentals desired.

SKILLS/ABILITY/OTHER CHARACTERISTICS:

  • Experience with various Information Security technologies, including: firewalls, IDS/IPS products, vulnerability assessment and management products, Windows operating systems, UNIX/Linux operating systems, networks (routing, switching, design, etc.), scripting/programming (shell, Perl, C, etc.)

  • Excellent organizational skills with attention to details, accuracy and timeliness.

  • Good presentation skills and able to conduct user training for all security applications.

  • Work effectively with security integrators, vendors, software manufacturers and application users to program, maintain and improve support for all security systems.

  • Handle confidential and proprietary information with discretion.

  • Ability to lead and mentor coworkers in security and job-related functions.

  • Able to work independently, handle multiple projects simultaneously, lead a varied team in a variety of security related work functions and the ability to adapt to critical timelines.

CERTIFICATIONS/CREDENTIALS:

  • Required: Current management or technical level Information Security certification (CISSP, CISM, CRISK, GIAC) etc.

  • Preferred: ITIL, PMI

SPECIAL REQUIREMENTS:

  • A willingness to travel, including overnight stays.

PHYSICAL REQUIREMENTS:

  • Applicant must be able to perform the essential job functions of the position with or without accommodation.

The information contained in this position description describes the general nature and level of work being performed in this job. This description is not intended to be an all-inclusive list of responsibilities, duties, and requirements for employees in this position. The incumbent is responsible for performing all duties in a safe and efficient manner in compliance with safe work procedures and safety regulations. This job description is not intended to constitute an offer or contract of employment. Job descriptions may and do change periodically. Where positions are covered by a collective bargaining unit agreement, the terms and conditions of the collective bargaining unit agreement will apply.

We are an EEO Employer