Expert Cybersecurity Technology ArchitectI'm Interested Date posted 09/15/2020
Requisition ID # 65761
Job Category : Information Technology
Job Level : Individual Contributor
Business Unit: Customer Care
Job Location : Sacramento; San Francisco; San Ramon
The PG&E Cybersecurity organization is a dynamic group of security professionals, working to protect our critical assets, highest risks, adapting and growing to meet the challenges from ever-evolving adversaries. The Cybersecurity Risk Management department within the boarder organization focuses on identifying risks, helping partners reduce or mitigate risks, developing initiatives to protect PG&E from cyber-attacks, and engaging with other stakeholders to continually improve PG&E’s security posture. The department provides governance and direction of initiatives to safeguard PG&E’s cyber-assets, working hand in hand with key partners, as well as technical and engineering experts in PG&E’s lines of business. The department performs projects, vendor, and production systems risk assessments to ensure PG&E deploys and manages technology platforms that meet our security standards and regulatory requirements.
As a Cybersecurity Technology Architect, Expert in the Cybersecurity Architecture & Engineering (CARE) team, you will be responsible for the development of repeatable and practical architecture to support the secure design and delivery of technology platforms to protect PG&E against cyberattacks. In this position, you will be contributing to design of interoperable platforms to implement effective security controls and to meet compliance requirements. You will also be an expert in working with other Cybersecurity Architects to define strategy, roadmaps, reference architecture and governance for the major functions needed to support the identification of security controls, the detection of cybersecurity events and issues, and the prevention of cyberattacks. Important deliverables include technology roadmaps, domain reference architectures, and design patterns that support the deployment of interoperable platforms to implement effective security controls and meet compliance requirements. You will be expected to ensure that security requirements are met in an efficient, sustainable, adaptable, and reusable manner. You will need to maintain a focus on both the present and the future, keeping in mind that cyberattacks against PG&E’s critical infrastructure are constantly evolving. You will be collaborating with multiple teams, both within the Security department and with other PG&E lines of business.
The work location is currently from your home office due to the current COVID 19 landscape. Once a responsible return to the office is identified, the work location is flexible and can be located in the Sacramento, San Ramon, or San Francisco areas.
Your roles and responsibilities will encompass three broad areas – strategic cybersecurity architecture and design, interfacing with Information Technology architects, and governance of cybersecurity solutions. Strategy and tactics are complementary and equally important, with both top-down and bottom-up analysis required depending upon individual circumstances. You will be exposed to all levels of architecture and design in this role.
Strategic Cybersecurity Architecture
- You will contribute and collaborate with other team architects to define and refine capabilities and architectural domains for cybersecurity services.
- You will contribute and collaborate with other team architects to develop and revise design patterns and roadmaps for cybersecurity domains.
- You will develop and update service menus for cybersecurity domains.
- You will model threats and identify controls to mitigate the risk that a successful attack will occur.
- You will ensure that architectural deliverables are properly documented and kept up-to-date.
- You will provide peer review and support for Cybersecurity’s organizational deliverables.
- You will engage with risk consultants to ensure that design patterns will mitigate cyberattack risks.
- You will work with solution architects to ensure that design patterns are realistic and effective, revising those patterns as needed to keep pace with evolving technology and constantly shifting cyberattacks.
- You will engage with vendors, consultants, and others to identify trends in cybersecurity solutions and to develop strategies to ensure that PG&E will continue to be protected against constantly evolving cyberattacks.
- You will be a key participant in the company’s integrated planning processes, identifying and prioritizing cybersecurity projects for funding and deployment, maintaining or improving PG&E’s ability to protect against cyberattacks.
Interface with Information Technology
- You will be an important interface with IT domain architects and IT solution architects.
- You will be the voice of cybersecurity for key IT and operational technology initiatives, ensuring that controls against cyberattack are built into platforms from the very initial phases of those initiatives.
- You will engage with technology governance processes in IT and the lines of business.
- You will ensure that technology solutions align with and integrate regulatory requirements such as HIPAA, SOX, NERC-CIP, CCPA, etc.
- You will be one of PG&E’s cybersecurity subject-matter experts providing critical and timely insight into security best practices and the security controls required for the secure deployment of all platforms.
Governance of Cybersecurity Solutions
- You will participate in processes to govern the introduction and lifecycle of cybersecurity technology platforms.
- You will establish requirements to ensure that cybersecurity technology platforms are interoperable and effective.
- You will work with engineering and operations teams to identify issues and problems with cybersecurity technology platforms and solutions to those issues and problems.
- You will determine when cybersecurity technology platforms need to be refreshed or replaced, identifying and selecting new and next-generation platforms as needed.
To be successful in this role, you will need to demonstrate the following skills and attributes:
- Foremost, a collaborative and mutually supportive attitude toward architecture team members.
- Collaboration with stakeholders such as Enterprise Architecture, Cybersecurity Services (engineering), the Security Information and Operations Center, and the Cloud Center of Excellence.
- Technical foresight and leadership in the selection and planning of cybersecurity technologies and their deployment.
- Flexibility within numerous changing situations, working with individuals and groups.
- Willingness to coach and mentor other team members, particularly those with less experience.
- The ability to change ideas or perceptions in response to changing circumstances.
- Focus on customer service with the attitude of delivering excellent outcomes.
- Thinking strategically and tactically about business, product, and technical challenges.
- Courage to speak up to identify gaps and problems.
- Comfort with ambiguity and large, complex technology environments.
- Ability to prioritize, multi-task, and plan around deadlines.
- Striking the right balance between operating independently and following established standards and procedures.
- Effective analysis and problem-solving skills, often under deadline pressure.
- Effective and polished verbal and written communication.
- Commitment to quality design and implementation.
- 6 + years of combined IT, intelligence, cybersecurity architecture and/or cybersecurity technology with deep understanding of one or more of the areas including but limited to cloud-based security, network security, operational technology, industrial control systems security
- B.S. degree or equivalent work experience in computer Science, computer engineering, business administration, or related field; or equivalent experience.
- M.S. degree in computer science, computer engineering, or equivalent.
- At least one relevant certification such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or equivalent
- Process design, information modeling and/or system architecture development with project or portfolio focus in at least one of the following: application architecture, network architecture, service-oriented architecture (SOA), information architecture, data management, or security technologies.
- Experience with operational support for applications, systems, databases or network infrastructure.
- Expertise in protecting critical infrastructure.
- Expertise in data-protection mechanisms and cryptographic algorithms.
- Demonstrated knowledge of technological trends and developments in cybersecurity.
- Knowledge of cybersecurity technologies and products deploying those technologies.
- Knowledge of cybersecurity risk management and associated metrics.
- Knowledge of regulatory requirements (including but not limited to HIPAA, SOX, NERC-CIP, TSA, CCPA, other privacy legislation).
- Experience with industrial-control system (ICS) technologies commonly used in utilities.
- Experience with enterprise architecture tools.
- Experience providing direction to design and engineering staff.
- Experience providing direction to one or more architects.
- Strong communication skills, tailored for and appropriate to multiple audiences.