Job added in hotlist
Applied job
Contract job
90-day-old-job
part-time-job
Recruiter job
Employer job
Expanded search
Apply online not available
Similar Jobs
Principal Cyber Security Architect
Exelon Corporation
Owings Mills, MD
Apply Now >
Group Manager II - Chief Compliance and Policy Manager
The M&T Bank
Baltimore, MD
Apply Now >
Lead Manager, Investment Compliance
T. Rowe Price Group, Inc.
Baltimore, MD
Apply Now >
Senior Compliance Consultant " Retirement Plan Services
T. Rowe Price Group, Inc.
Owings Mills, MD
Apply Now >
Compliance Assistant
Aerotek, Inc
Hanover, MD
Apply Now >
View more jobs in Baltimore, MD
View more jobs in Maryland

Job Details

Principal Cyber Security Architect

Company name
Exelon Corporation

Location
Baltimore, MD
5 hit(s)  

Profile

Principal Cyber Security Architect

(211212)

PRIMARY PURPOSE OF POSITION

The Principal Cyber Security Architect (PCSA) partners with IT and business teams to provide expert leadership to drive security technology and security reference architecture solutions by weighing the advantages of security technology standards, market availability of products, and risks and benefits of security technology introduction into Exelon's computing environments. The PCSA provides comprehensive consultation to business units and IT management and staff at the highest technical level for all aspects of the security architecture domain. The PCSA develops and maintains business, systems, and IT/OT processes to support enterprise mission needs and requirements; translates technology and environmental conditions (e.g., law and regulation) into IT/OT rules and requirements that describe baseline and target security architectures. The PCSA designs enterprise and systems security throughout the development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into security designs and processes. The PCSA operates independently with little or no direct supervision.

PRIMARY DUTIES AND ACCOUNTABILITIES

- Provide technical and security expertise to IT and business teams to identify security technology solutions and develop security reference architectures and strategies to achieve business results. Ensure appropriate implementation of security technology and reference architectures within both the development and production environments. Analyze user needs and requirements to plan architecture.

- Design and develop enterprise-wide security architecture and strategy for all aspects of the security domain in alignment with the business strategy and goals. Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements. Provide input on security requirements to be included in statements of work and other appropriate procurement documents.

- Provide technical guidance and security expertise in the areas of secure application development, security architecture risk management and assessment, security policies and standards, security architectures and implementations.

- Provide technology and security expertise and advice to IT leadership in the development of strategic security technology and plans to support business strategies. Translate proposed capabilities into technical requirements.

- Establish, maintain, and enhance relationships with business and IT partners. Communicate status to key stakeholders on a regular basis.

- Maintain awareness of trends and issues in area of security expertise, evaluate new security technologies or technology opportunities, and provide analysis of their potential impact to advantage the business.

Qualifications

POSITION SPECIFICATIONS

Minimum:

- Bachelor's Degree in Computer Science, Information Technology (IT), or a related discipline, and typically 8 or more years of solid, diverse experience in cyber security architecture and design, or equivalent combination of education and work experience.

- Appropriate technical skills and in-depth knowledge of business unit functions and applications, including:

- Expert knowledge of authentication, authorization, and access control methods.

- Expert knowledge of computer algorithms

- Expert knowledge of encryption algorithms

- Expert knowledge of cryptography and cryptographic key management concepts

- Expert knowledge of database systems

- Expert knowledge of embedded systems

- Expert knowledge of system fault tolerance methodologies

- Expert knowledge of how system components are installed, integrated, and optimized

- Expert knowledge of human-computer interaction principle

- Expert knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

- Ability to design architectures and frameworks

- Skill in applying cybersecurity methods, such as firewalls, demilitarized zones, and encryption

- Expert knowledge of network access, identity, and access

- Expert knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services

- Expert knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs

- Expert knowledge of parallel and distributed computing concepts

- Expert knowledge of key concepts in security management (e.g., Release Management, Patch Management).

- Expert knowledge of configuration management techniques

- Expert knowledge of cloud computing

- Comprehensive understanding of change management techniques associated with new technology implementation.

- Demonstrated experience producing an economic business case.

- Demonstrated leadership ability.

- Proven analytical, problem solving, and consulting skills.

- Excellent communication skills and the proven ability to work effectively with all levels of IT and business management.

Preferred:

- Graduate degree in cyber security or related area of expertise.

- Relevant security certifications (CISSP, CISM, SABSA, GIAC)

- Appropriate technical skills and in-depth knowledge of business unit functions and applications, including:

- Demonstrated experience and subject matter knowledge in cyber and information security for applications, web architectures, operating systems, databases, and networks.

- Demonstrated experience and subject matter knowledge of SCADA, ICS, Distribution Automation, Smart Grid, DMS, and ECS systems architecture.

- Experience and proven capabilities in application risk assessment, application security architecture development, web application security, and application security testing.

- Demonstrated experience in security architecture risk assessment, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems.

- Extensive experience developing, evaluating, and implementing cyber and information security architectures, technologies, standards, and practices to secure applications and IT systems.

- Demonstrated knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.

- Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, SOX, PCI DSS, and HIPAA.

- Solid understanding and experience with security development lifecycle (SDL) processes for internally developed applications, including the web-based and Internet facing components.

- Expert knowledge and experience in application security standards, methodologies, and technologies.

- Solid capability to assess application and web architectures and operating systems for vulnerabilities and develop appropriate security countermeasures.

- Solid knowledge and experience with IT security aspects of operating systems, Active Directory, database (SQL) access, LDAP, Microsoft SharePoint, and web server configurations.

- Experience in assessing, configuring, and testing security applications and systems, such as Cisco firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec, and web services security.

- Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.

Company Profile
Headquartered in Chicago, Exelon has operations and business activities in 47 states, the District of Columbia and Canada. The company is one of the largest competitive U.S. power generators, with approximately 34,700 megawatts of owned capacity comprising one of the nation’s cleanest and lowest-cost power generation fleets. Its Constellation business unit provides energy products and services to approximately 100,000 business and public sector customers and approximately 1 million residential customers. Exelon’s utilities deliver electricity and natural gas to more than 6.6 million customers in central Maryland (BGE), northern Illinois (ComEd) and southeastern Pennsylvania (PECO).

Similar Jobs:
Compliance Assistant
Location : Hanover, MD
Compliance Assistant in Hanover Maryland Aerotek has an immediate opening for a Temporary Compliance Assistant at the corporate office in Hanover, MD. This is a temporary position with the possibility of converting to a permanent ...
Senior Legal Compliance Testing Manager
Location : Owings Mills, MD
Senior Legal Compliance Testing Manager Sub Sector: Traditional Asset Manager Risk Type: Regulatory/Compliance Expertise: Regulatory/Compliance Our mission as a leading investment management firm is to help our clients achieve the...
Compliance Program Manager
Location : Baltimore, MD
Job Profile: Communicates effective business unit compliance programs to prevent or identify illegal, unethical, or improper business practices. Trains and monitors junior staff and raises issues to senior team members. Demonstrat...
What I liked about the service is that it had such a comprehensive collection of jobs! I was using a number of sites previously and this took up so much time, but in joining EmploymentCrossing, I was able to stop going from site to site and was able to find everything I needed on EmploymentCrossing.
John Elstner - Baltimore, MD
  • All we do is research jobs.
  • Our team of researchers, programmers, and analysts find you jobs from over 1,000 career pages and other sources
  • Our members get more interviews and jobs than people who use "public job boards"
Shoot for the moon. Even if you miss it, you will land among the stars.
ComplianceCrossing - #1 Job Aggregation and Private Job-Opening Research Service — The Most Quality Jobs Anywhere
ComplianceCrossing is the first job consolidation service in the employment industry to seek to include every job that exists in the world.
Copyright © 2018 ComplianceCrossing - All rights reserved. 21