Enterprise Cybersecurity Risk Architect

Position: Enterprise Cybersecurity Risk Architect

Location: 100 West Anderson Street, Orlando, FL 32801

Type: Temp-to-Hire (W2)

Contract Duration: 1 Year

Job Purpose:

Plays a critical lead role and serves as subject matter expert in the development, maintenance, and governance of a cybersecurity risk architecture that supports our premier Utility client's enterprise governance and business strategy. Defines, plans, and implements enterprise strategic cybersecurity initiatives to improve existing infrastructure and governance while shaping the long-term risk architecture vision. Safeguards the integrity and security of the enterprise by leveraging advanced data analytics to monitor, analyze, and report on cybersecurity compliance, specifically concerning security standards and frameworks.

• Develop, plan and maintain an enterprise cybersecurity risk management architecture that supports client's cybersecurity and while enabling business strategy.

• Partner with leadership to design the framework and guidelines to ensure data privacy and compliance.

• Participate in the development of a comprehensive cybersecurity strategy, with a focus on risk management, threat detection, and incident response.

• Create procedures and guidance for security risk assessments, testing, and vulnerability scanning to identify and address potential threats.

• Ensure that procedural framework for governance is in compliance with regulatory requirements.

• Work with applicable stakeholders to ensure business alignment of the enterprise cybersecurity controls with the business objectives.

• Define and document relationships between the components on the different architecture layers, providing traceability and justification.

• Collaborate with IT Security to successfully blend Information Security Management and Enterprise Risk Management.

• Identify key risks areas and recommends strategies to address and monitor risk.

• Partner with leadership on Risk Assessment, Business Impact Analysis, and Risk Mitigation activities.

• Interview leadership and other stakeholders to determine appropriate risk appetite to ensure risk management processes and plans are in line with client's risk appetite.

• Maintain and monitor the Enterprise Cybersecurity Risk Register and other audit/assessment documentation.

• Perform security reviews, flag compliance issues, identify gaps and trends in security architecture and recommend remediation strategies.

• Develop and implement a security risk management plan.

• Apply knowledge of security risk frameworks to guide the development of analytical routines and compliance checks.

• Preserve information security features by applying an enterprise risk management process and ensuring stakeholder confidence.

• Partner with manager in security policy development to ensure Information Security Management is integrated throughout the enterprise.

• Collaborate on enterprise cybersecurity planning, validation of controls, and development of security standards.

• Stay updated on changes to cybersecurity regulations and standards, incorporating relevant updates into existing routines and practices.

• Develop and implement data analysis routines to continuously monitor compliance with security standards, best practices, and frameworks.

• Create automated alerts and dashboards to flag potential compliance issues or security anomalies in technology environments.

• Develop and execute plans to assess security risk which includes periodic reviews of existing systems and devices, validation appropriate remediate is in place, and ongoing risk assessment.

• Collaborate with IT and business unit teams to investigate identified issues and develop actionable remediation plans.

• Ensure alignment of client's enterprise cybersecurity risk and governance architecture with the TOGAF architecture framework.

• Provide recommendations for improving cybersecurity measures and compliance practices based on data analysis and trend identification.

• May mentor, teach, coach, and instruct other team members on pertinent topics.

• Expert understanding of technology and security standards, enterprise risk architecture, cybersecurity frameworks, and regulatory requirements applicable to utilities.

• Strong grasp of IT and OT systems, including network architecture, industrial control systems, and cybersecurity controls.

• Proficiency in data analysis tools and programming languages (e.g., Python, R, SQL).

• Experience with cybersecurity information and event management (SIEM) systems and data visualization tools (e.g., Splunk, Tableau).

• Strong analytical and problem-solving skills with a keen eye for detail.

• Effective communication skills, both written and verbal, with the ability to present complex data insights to non-technical stakeholders.

• Working knowledge of all, but not limited to the following:

  • Systems architecture and design;

  • Standards and governance processes;

  • Technology presentations on emerging trends and adoption of new technology;

  • Technology standards;

  • Emerging technology;

  • IT Systems, applications, integrations, and standards;

  • Data analytics and reporting;

  • Project management.

• Familiarity with all, but not limited to the following:

  • Roadmaps and presentations for evolving systems architectures;

  • Documentation on current system architectures;

  • Documentation on future state architectures;

  • Cybersecurity practices;

  • Enterprise Architecture standards (TOGAF);

  • Related industry, organizational and departmental policies, practices, and procedures; legal guidelines, ordinances, and laws;

  • Ability to coach and mentor staff;

  • Ability to make arithmetic computations using whole numbers, fractions and decimals, and compute rates, ratios, and percentages;

  • Ability to use Microsoft Office Suite (Outlook, Excel, Word, etc.) and standard office equipment (computer, telephone, etc.).

• Experience with NERC CIP standards and NIST frameworks.

• Certifications including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), preferred.

• 5 - 7 years related work experience.

• Utility / Energy Cyber Experience.

• With significant experience and a CISSP certification, a formal degree is not required.

• With significant experience and a CISSP certification, a formal degree is not required.

• Candidates with a utility background are strongly preferred.