(Sr./Lead) Security Architect I (II)

Flexible Work Arrangement: Hybrid

Cyber threats change at a rapid pace, and cybersecurity approaches must transform to provide effective protection and enable business innovation. As part of the Security Engineering and Architecture department, the Security Architect plays a key role in development of the security strategy, defining roadmaps for achieving security objectives, architect secure solutions in partnership with enterprise architecture and application architecture, and build security into systems by collaborating with development teams and other internal technology groups. This individual will solve security challenges with implementing and integrating cloud-based services into PJM's business processes, implementing zero trust architecture principals, managing and controlling big data, and leveraging Artificial Intelligence and Machine Learning to solve complex business problems.

Essential Functions:
• Researches and supports development and advancement of a comprehensive security strategy and strategic roadmap.
• Develops and maintains high quality documentation for cyber security policies, architectures, and standards.
• Works across the organization to communicate security approaches and that internal and external stakeholders support the changes.
• Supports cross-functional programs that advance security, such as zero-trust architecture, cloud security, data and analytics, artificial intelligence and machine learning, and security automation.
• Monitors technical advancements and makes recommendations to improve network, system and application security architectures.
• Supports enterprise architecture and application architecture initiatives and creates corresponding security design patterns.
• Consults with project teams to design secure architecture for new projects in alignment with agreed upon security design patterns.
• Supports application security assessments by developing improved tools and approaches for assessing security.
• Defines data security policies and processes to protect corporate data.
• Develops security solutions based on NIST Cybersecurity Framework (CSF) guidelines.
• Supports architectural guidance team to evaluate project proposals for architectural fit.
• Assists in prioritizing security efforts to balance security risks with operational and business risks.
• Assists team and department management in developing work plans, including scope, milestones, schedule, releases, resources and deliverables.
• Builds strong relationships with stakeholders by providing superior customer support as demonstrated by clearly owning, resolving and communicating issues and problems, and being responsive to needs, requirements, and deadlines.
• Supports the Cyber Security Incident Response Team (CSIRT) process by participating in various responder roles.

Characteristics & Qualifications:

Required:

• Bachelor's Degree in Computer Engineering, Computer Science, Information Technology or equivalent work experience
• At least 5 years of overall IT/IS experience
• At least 2 years of experience with security engineering and/or security architecture
• At least 2 years of experience with two or more of the following: networks, operating systems, DevSecOps or applications (on-prem or cloud-based)
• Ability to produce high-quality work products with attention to detail
• Ability to visualize complex system architectures and develop innovative, scalable solutions for multi-domain security challenges
• Experience with NERC Critical Infrastructure Protection (CIP) Standards
• Ability to collaborate with and influence diverse business units, bridging the gap between technical security requirements and organizational objectives.
• Comprehensive understanding of the security implications across the technology stack-including Operating Systems, networks, DevOps and software development
• Experience using effective verbal and written communication skills

• Master's Degree in Business Administration (MBA)
• Experience with PJM operations, markets, and planning functions
• Experience with securing containerized workloads and orchestration environments
• Experience developing and enforcing governance frameworks for Artificial Intelligence and Machine Learning, including the assessment of risks related to Large Language Models (LLMs)
• Experience in defining data security policies and implementing technical controls to prevent data loss (DLP) across the enterprise
• Experience implementing zero trust architecture solutions
• Cloud security experience such as implementing landing zone, encryption, identity and access management, security monitoring, infrastructure as code (IaC), cloud workload protection platform (CWPP) and cloud security posture management (CSPM) solutions
• Experience working in a regulated industry (especially NERC CIP)
• Experience with NIST Cybersecurity Framework (CSF)
• Certified Information Systems Auditor (CISA) Upon Hire
• Certified Information Systems Security Professional (CISSP) Upon Hire
• Certified Information Security Manager (CISM) Upon Hire