(Sr./Lead) Security Architect I (II)

About The Position

Requirements

• Bachelor's Degree in Computer Engineering, Computer Science, Information Technology or equivalent work experience
• At least 5 years of overall IT/IS experience
• At least 2 years of experience with security engineering and/or security architecture
• At least 2 years of experience with two or more of the following: networks, operating systems, DevSecOps or applications (on-prem or cloud-based)
• Ability to produce high-quality work products with attention to detail
• Ability to visualize complex system architectures and develop innovative, scalable solutions for multi-domain security challenges
• Experience with NERC Critical Infrastructure Protection (CIP) Standards
• Ability to collaborate with and influence diverse business units, bridging the gap between technical security requirements and organizational objectives.
• Comprehensive understanding of the security implications across the technology stack—including Operating Systems, networks, DevOps and software development
• Experience using effective verbal and written communication skills

Nice To Haves

• Master's Degree in Business Administration (MBA)
• Experience with PJM operations, markets, and planning functions
• Experience with securing containerized workloads and orchestration environments
• Experience developing and enforcing governance frameworks for Artificial Intelligence and Machine Learning, including the assessment of risks related to Large Language Models (LLMs)
• Experience in defining data security policies and implementing technical controls to prevent data loss (DLP) across the enterprise
• Experience implementing zero trust architecture solutions
• Cloud security experience such as implementing landing zone, encryption, identity and access management, security monitoring, infrastructure as code (IaC), cloud workload protection platform (CWPP) and cloud security posture management (CSPM) solutions
• Experience working in a regulated industry (especially NERC CIP)
• Experience with NIST Cybersecurity Framework (CSF)
• Certified Information Systems Auditor (CISA) Upon Hire
• Certified Information Systems Security Professional (CISSP) Upon Hire
• Certified Information Security Manager (CISM) Upon Hire

Responsibilities

• Researches and supports development and advancement of a comprehensive security strategy and strategic roadmap.
• Develops and maintains high quality documentation for cyber security policies, architectures, and standards.
• Works across the organization to communicate security approaches and that internal and external stakeholders support the changes.
• Supports cross-functional programs that advance security, such as zero-trust architecture, cloud security, data and analytics, artificial intelligence and machine learning, and security automation.
• Monitors technical advancements and makes recommendations to improve network, system and application security architectures.
• Supports enterprise architecture and application architecture initiatives and creates corresponding security design patterns.
• Consults with project teams to design secure architecture for new projects in alignment with agreed upon security design patterns.
• Supports application security assessments by developing improved tools and approaches for assessing security.
• Defines data security policies and processes to protect corporate data.
• Develops security solutions based on NIST Cybersecurity Framework (CSF) guidelines.
• Supports architectural guidance team to evaluate project proposals for architectural fit.
• Assists in prioritizing security efforts to balance security risks with operational and business risks.
• Assists team and department management in developing work plans, including scope, milestones, schedule, releases, resources and deliverables.
• Builds strong relationships with stakeholders by providing superior customer support as demonstrated by clearly owning, resolving and communicating issues and problems, and being responsive to needs, requirements, and deadlines.
• Supports the Cyber Security Incident Response Team (CSIRT) process by participating in various responder roles.

Benefits

• Medical, vision and dental insurance
• 401(k) plan with 100% employer match up to 5% of salary
• Non-elective 401(k) employer contribution
• Vacation and paid holidays
• Tuition reimbursement
• Life insurance
• Accidental death and dismemberment insurance
• Short-term and long-term disability coverage
• Business travel and accident insurance
• Child day care referral program
• Employee assistance program
• Adoption benefits recognized by the Dave Thomas Foundation for Adoption, which has named PJM one of the best adoption-friendly energy and utility companies in America.