Utility Security Architect/Lead Analyst IT

Job Description

Job Title: Utility Security Architect/Lead Analyst IT
Job ID: 3005051
Location: PA - Philadelphia
Full/Part Time: Full-Time
Regular/Temporary: Regular
Job Family: Information Systems




Company Highlights
At Exelon, we've got a place for you. Exelon is developing sustainable energy to provide for the communities of today and planning for a brighter tomorrow. Exelon knows the future of energy is you.Exelon Corporation is one of the nation's largest electric utilities, with more than $32 billion in annual revenues. The company has one of the industry's largest portfolios of electricity generation capacity, with a nationwide reach and strong positions in the Midwest and Mid-Atlantic. Exelon distributes electricity to approximately 6.6 million customers in northern Illinois, central Maryland and southeastern Pennsylvania and natural gas to more than 1.1 million customers in the Baltimore and Philadelphia areas. Exelon is headquartered in Chicago and trades on the NYSE under the ticker EXC.We know that before we can generate more than 34,000 megawatts of electricity and deliver electric and gas service safely to millions of families and businesses, we need to recognize that each of our employees plays an integral part in the process. Join Exelon and you can share your ideas at a forward-thinking company and the next big idea could be yours. You've just found Exelon, a place where you can truly shine.

Business Unit Overview

Business Services provides Exelon and its subsidiaries with financial, human resource, legal, information technology, supply management and corporate governance services.

Job Description

PRIMARY PURPOSE OF POSITION
The Utility Security Architect (USA) provides cyber and information security architecture expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, and networks. The USA develops security architecture requirements, conducts security architecture risk assessments, designs security solutions, evaluates application and system architectures, and develops and reviews appropriate security architecture policies and standards. The USA leads and manages the cyber and information security architecture aspects of IT and business initiatives and projects to assist in mitigating security risks for operational applications and systems. This role serves as a senior technical staff member who provides technical cyber and information security architecture expertise and guidance to team members and collaborates with other IT teams to address and resolve security issues. This role focuses primarily on Utility security architecture and will be locally Embedded at each Exelon Utility. MAJOR ACCOUNTABILITIES

Item Accountability
1. Serves as a lead cyber and information security architecture consultant to the Cyber Security Architecture and Design Services (CSADS) team by conducting security architecture risk assessments and providing guidance on securing Utility information systems, applications, and networks.
2. Delivers consulting services to the utility in developing security control recommendations for IT systems, applications, networks, and databases. Provides technical guidance and expertise in the areas of secure application development, security architecture risk management and assessment, security policies and standards, security architectures and implementations.
3. Performs application and technology design reviews, requirements analysis, security testing oversight, risk remediation planning, and security project management.
4. Provides subject matter expertise in the development and implementation of Utility information security strategies, governance, and plans.
5. Defines security and policy compliance requirements in supporting the acquisition and deployment of security software, systems, and services.
6. Provides guidance on the development and integration of a security development lifecycle (SDL) to include secure development, testing, and configuration of application and web architectures.
7. Provides technical guidance and expertise in the areas of secure application development, security architecture risk management and assessment, security policies and standards, security architectures and implementations. POSITION SPECIFICATIONS
- Demonstrated experience and subject matter knowledge in cyber and information security for applications, web architectures, operating systems, databases, and networks.
- Demonstarted experience and subject matter knowledge of SCADA, ICS, Distribution Automation, Smart Grid, DMS, and ECS systems architecture.
- Experience and proven capabilities in application risk assessment, application security architecture development, web application security, and application security testing.
- Experience in security architecture risk assessment, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems.
- Extensive experience developing, evaluating, and implementing cyber and information security architectures, technologies, standards, and practices to secure applications and IT systems.
- Knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.
- Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, SOX, PCI DSS, and HIPAA.
- Solid understanding and experience with security development lifecycle (SDL) processes for internally developed applications, including the web-based and Internet facing components.
- Knowledge and experience in application security standards, methodologies, and technologies.
- Solid capability to assess application and web architectures and operating systems for vulnerabilities and develop appropriate security countermeasures.
- Solid knowledge and experience with IT security aspects of operating systems, Active Directory, database (SQL) access, LDAP, Microsoft SharePoint, and web server configurations.
- Experience in assessing, configuring, and testing security applications and systems, such as Cisco firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec, and web services security.
- Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
- Prior Utility security experience highly desireable.
- Knowledge of current industry standard security architecture frameworks (eg SABSA).
- Prior vendor and security assessment testing management experience.
- Proven analytical and problem solving skills.
- Strong written and verbal communications skills.
- Bachelor's Degree in Computer Science, Information Technology (IT), or a related discipline.
- Minimum 8 years of cyber and information security experience.
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or other equivalent security certifications preferred.
- Must maintain the highest level of confidentiality and discretion regarding all corporate matters
- Must meet the requirements of Company's candidate screening policies and/or regulations
- Must satisfactorily complete required background checks
- Some local travel to multiple sites may be required with periodic travel outside of the state. POSITION SCOPE
. Maintains deep knowledge of technology and its application across Exelon
. Promotes knowledge via seminars, presentations and publications within IT and Exelon
. Knowledge of appropriate theories, practices and principles that relate the technology to Exelon's business
. Participates in technological innovation to drive new business opportunities and solve complex business problems

.CB