Principal Cyber Security Architect
PRIMARY PURPOSE OF POSITION ThePrincipal Cyber Security Architect (PCSA) partners with IT andbusiness teams to provide expert leadership to drive securitytechnology and security reference architecture solutions byweighing the advantages of security technology standards, marketavailability of products, and risks and benefits of securitytechnology introduction into Exelon s computing environments. ThePCSA provides comprehensive consultation to business units and ITmanagement and staff at the highest technical level for all aspectsof the security architecture domain. The PCSA develops andmaintains business, systems, and IT/OT processes to supportenterprise mission needs and requirements; translates technologyand environmental conditions (eg, law and regulation) into IT/OTrules and requirements that describe baseline and target securityarchitectures. The PCSA designs enterprise and systems securitythroughout the development lifecycle; translates technology andenvironmental conditions (eg, law and regulation) into securitydesigns and processes. The PCSA operates independently with littleor no direct supervision. PRIMARY DUTIES ANDACCOUNTABILITIES - Provide technical and securityexpertise to IT and business teams to identify security technologysolutions and develop security reference architectures andstrategies to achieve business results. Ensure appropriateimplementation of security technology and reference architectureswithin both the development and production environments. Analyzeuser needs and requirements to planarchitecture. -Design and develop enterprise-widesecurity architecture and strategy for all aspects of the securitydomain in alignment with the business strategy and goals.Develop/integrate cybersecurity designs for systems and networkswith multilevel security requirements or requirements. Provideinput on security requirements to be included in statements of workand other appropriate procurement documents. -Provide technical guidance and security expertise in the areas ofsecure application development, security architecture riskmanagement and assessment, security policies and standards,security architectures and implementations. -Provide technology and security expertise and advice to ITleadership in the development of strategic security technology andplans to support business strategies. Translate proposedcapabilities into technical requirements. -Establish, maintain, and enhance relationships with business and ITpartners. Communicate status to key stakeholders on a regularbasis. - Maintain awareness of trends and issuesin area of security expertise, evaluate new security technologiesor technology opportunities, and provide analysis of theirpotential impact to advantage thebusiness. Required Skills: POSITIONSPECIFICATIONS Minimum: -Bachelor s Degree in Computer Science, Information Technology (IT),or a related discipline, and typically 8 or more years of solid,diverse experience in cyber security architecture and design, orequivalent combination of education and workexperience. - Appropriate technical skills andin-depth knowledge of business unit functions and applications,including: - Expert knowledge of authentication,authorization, and access control methods. -Expert knowledge of computer algorithms - Expertknowledge of encryption algorithms - Expertknowledge of cryptography and cryptographic key managementconcepts - Expert knowledge of databasesystems - Expert knowledge of embeddedsystems - Expert knowledge of system faulttolerance methodologies - Expert knowledge of howsystem components are installed, integrated, andoptimized - Expert knowledge of human-computerinteraction principle - Expert knowledge ofcybersecurity principles and organizational requirements (relevantto confidentiality, integrity, availability, authentication,non-repudiation) - Ability to designarchitectures and frameworks - Skill in applyingcybersecurity methods, such as firewalls, demilitarized zones, andencryption - Expert knowledge of network access,identity, and access - Expert knowledge ofnetwork protocols such as TCP/IP, Dynamic Host Configuration,Domain Name System (DNS), and directoryservices - Expert knowledge of network designprocesses, to include understanding of security objectives,operational objectives, and tradeoffs - Expertknowledge of parallel and distributed computingconcepts - Expert knowledge of key concepts insecurity management (eg, Release Management, PatchManagement). - Expert knowledge of configurationmanagement techniques - Expert knowledge of cloudcomputing - Comprehensive understanding of changemanagement techniques associated with new technologyimplementation. - Demonstrated experienceproducing an economic business case. -Demonstrated leadership ability. - Provenanalytical, problem solving, and consultingskills. - Excellent communication skills and theproven ability to work effectively with all levels of IT andbusinessmanagement. Preferred: -Graduate degree in cyber security or related area ofexpertise. - Relevant security certifications(CISSP, CISM, SABSA, GIAC) - Appropriate technical skillsand in-depth knowledge of business unit functions and applications,including: Demonstrated experience and subjectmatter knowledge in cyber and information security forapplications, web architectures, operating systems, databases, andnetworks. Demonstrated experience and subjectmatter knowledge of SCADA, ICS, Distribution Automation, SmartGrid, DMS, and ECS systems architecture. Experience and proven capabilities in application risk assessment,application security architecture development, web applicationsecurity, and application security testing. Demonstrated experience in security architecture risk assessment,requirements development, secure design analysis, architectureassessment and development, and security testing of applicationsand systems. Extensive experience developing,evaluating, and implementing cyber and information securityarchitectures, technologies, standards, and practices to secureapplications and IT systems. Demonstratedknowledge and experience in the implementation of governanceframeworks and security risk management processes, such as NIST,ISO, and COBIT guidelines and standards. Demonstrated experience in addressing regulatory compliance for thesecurity requirements in applicable laws and regulations, such asNERC CIP, SOX, PCI DSS, and HIPAA. Solidunderstanding and experience with security development lifecycle(SDL) processes for internally developed applications, includingthe web-based and Internet facing components. Expert knowledge and experience in application security standards,methodologies, and technologies. Solidcapability to assess application and web architectures andoperating systems for vulnerabilities and develop appropriatesecurity countermeasures. Solid knowledge andexperience with IT security aspects of operating systems, ActiveDirectory, database (SQL) access, LDAP, Microsoft SharePoint, andweb server configurations. Experience inassessing, configuring, and testing security applications andsystems, such as Cisco firewalls, security appliances, IDS/IPS, SSLor TLS, IPSec, and web services security. Ability to demonstrate analytical skills, technical knowledge, andpractical application of cyber and information security principlesto business leaders and technicalstaff.