Sr. Security Architect I (II)

Flexible Work Arrangement: Hybrid

Cyber threats change at a rapid pace, and cybersecurity approaches must transform to provide effective protection and enable business innovation. As part of the Security Engineering and Architecture department, the Sr. Security Architect I (II) plays a key role in development of the security strategy, defining roadmaps for achieving security objectives, architect secure solutions in partnership with enterprise architecture and application architecture, and build security into systems by collaborating with development teams and other internal technology groups. This individual will solve security challenges with implementing and integrating cloud-based services into PJM's business processes, implementing zero trust architecture principals, managing and controlling big data, and leveraging machine learning processes to solve complex business problems.

• Researches and supports development and advancement of a comprehensive security strategy and strategic roadmap.
• Develops and maintains high quality documentation for cyber security policies, architectures, and standards.
• Works across the organization to communicate security approaches and that internal and external stakeholders support the changes.
• Supports cross-functional programs that advance security, such as zero-trust architecture, cloud security, data and analytics, machine learning, and security automation.
• Monitors technical advancements and makes recommendations to improve network, system and application security architectures.
• Supports enterprise architecture and application architecture initiatives and creates corresponding security design patterns.
• Consults with project teams to design secure architecture for new projects in alignment with agreed upon security design patterns.
• Supports application security assessments by developing improved tools and approaches for assessing security.
• Defines data security policies and processes to protect corporate data.
• Develops security solutions based on NIST Cybersecurity Framework (CSF) guidelines.
• Supports architectural guidance team to evaluate project proposals for architectural fit.
• Assists in prioritizing security efforts to balance security risks with operational and business risks.
• Assists team and department management in developing work plans, including scope, milestones, schedule, releases, resources and deliverables.
• Builds strong relationships with stakeholders by providing superior customer support as demonstrated by clearly owning, resolving and communicating issues and problems, and being responsive to needs, requirements, and deadlines.
• Supports the Cyber Security Incident Response Team (CSIRT) process by participating in various responder roles.

• Bachelor's Degree in Computer Engineering, Computer Science, Information Technology or equivalent work experience
• At least 5 years of experience overall IT/IS experience
• At least 2 years of experience with security engineering/architecture
• Two or more of the following: applications (on-prem or cloud-based), networks, operating systems, or DevOps. Cloud security experience such as implementing landing zone, encryption, identity and access management, security monitoring, infrastructure as code (IaC), cloud workload protection platform (CWPP), control plane configuration and cloud security posture management (CSPM) solutions.
• Ability to produce high-quality work products with attention to detail
• Ability to visualize and solve complex problems
• Experience with NERC Critical Infrastructure Protection (CIP) Standards
• Ability to collaborate, influence, and partner with business units
• Experience using Microsoft Project
• Experience with Operating Systems, networks, storage technologies, software development, databases, and security concepts
• Experience using effective verbal and written communications skills

• Experience with PJM operations, markets, and planning functions
• Experience implementing zero trust architecture, data and analytics, machine learning, and security automation.
• Experience with defining data security policies and processes to protect corporate data as part of Data Security Governance.
• Experience working in a regulated industry (especially NERC CIP).
• Experience with NIST CSF.
• Experience working with varying levels of classified data.
• Knowledge and experience of importance of diversity and inclusion at workplace and its effective use to improve PJM's business functions as it relates to assigned responsibilities.
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)