Principal IT Security Architect
At Exelon, we've got a place for you!
Join the nation's leading competitive energy provider, with one of the largest electricity generation portfolios and retail customer bases in the country. You will be part of a family of companies that strives for the highest standards of power generation, competitive energy sales, and energy delivery. Our team of outstanding professionals is focused on performance, thought leadership, innovation, and the power of ideas that come from a diverse and inclusive workforce.
Exelon will provide you the tools and resources you need to design, build and enhance a successful career. We are also dedicated to motivating the success of our employees through competitive base salary, incentives, and health and retirement benefits.
Join Exelon and share your passion at a forward-thinking Fortune 150 company. Establish yourself in a place where you can truly shine and create a brighter, more sustainable tomorrow. Energize your career at Exelon!
PRIMARY PURPOSE OF POSITION
Partner with IT and business teams to provide expert leadership to drive security technology and security reference architecture solutions by weighing the advantages of security technology standards, market availability of products, and risks and benefits of security technology introduction into Exelon's computing environments. Provide comprehensive consultation to business units and IT management and staff at the highest technical level for all aspects of the security architecture domain. Operates independently with little or no supervision.
PRIMARY DUTIES AND ACCOUNTABILITIES
- Provide technical and security expertise to IT and business teams to identify security technology solutions and develop security reference architectures and strategies to achieve business results. Ensure appropriate implementation of security technology and reference architectures within both the development and production environments.
- Design and develop enterprise-wide security architecture and strategy for all aspects of the security domain in alignment with the business strategy and goals.
- Provide technical guidance and security expertise in the areas of secure application development, security architecture risk management and assessment, security policies and standards, security architectures and implementations.
- Provide technology and security expertise and advice to IT leadership in the
development of strategic security technology and plans to support business strategies.
- Establish, maintain, and enhance relationships with business and IT partners. Communicate status to key stakeholders on a regular basis.
- Maintain awareness of trends and issues in area of security expertise, evaluate new security technologies or technology opportunities, and provide analysis of their potential impact to advantage the business.
- Bachelor's Degree in Computer Science, Information Technology (IT), or a related discipline, and typically 8 or more years of solid, diverse experience in cyber security architecture and design, or equivalent combination of education and work experience.
- Appropriate technical skills and in-depth knowledge of business unit functions and applications, including:
- Demonstrated experience and subject matter knowledge in cyber and information security for applications, web architectures, operating systems, databases, and networks.
- Demonstrated experience and subject matter knowledge of SCADA, ICS, Distribution Automation, Smart Grid, DMS, and ECS systems architecture.
- Experience and proven capabilities in application risk assessment, application security architecture development, web application security, and application security testing.
- Experience in security architecture risk assessment, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems.
- Extensive experience developing, evaluating, and implementing cyber and information security architectures, technologies, standards, and practices to secure applications and IT systems.
- Knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.
- Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, SOX, PCI DSS, and HIPAA.
- Solid understanding and experience with security development lifecycle (SDL) processes for internally developed applications, including the web-based and Internet facing components.
- Knowledge and experience in application security standards, methodologies, and technologies.
- Solid capability to assess application and web architectures and operating systems for vulnerabilities and develop appropriate security countermeasures.
- Solid knowledge and experience with IT security aspects of operating systems, Active Directory, database (SQL) access, LDAP, Microsoft SharePoint, and web server configurations.
- Experience in assessing, configuring, and testing security applications and systems, such as Cisco firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec, and web services security.
- Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
- Comprehensive understanding of change management techniques associated with new technology implementation.
- Demonstrated experience producing an economic business case.
- Demonstrated leadership ability.
- Proven analytical, problem solving, and consulting skills.
- Excellent communication skills and the proven ability to work effectively with all levels of IT and business management.
- Graduate degree in cyber security or related area of expertise.
- Relevant security certifications (CISSP, CISM, SABSA, GIAC)
Exelon is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law.
VEVRAA Federal Contractor
EEO is the Law Poster