Job Description
Job Specifications
Information Security Architect serves as a key member of the Black Hills Security team. The Information Security Architect provides thought leadership and expertise in information security system design to safeguard the Black Hills corporate network infrastructure and data as well as various industrial control system infrastructures included in the Gas and Electric utility industry.
The Information Security Architect will evaluate the existing information security strategy and program and apply these strategies to existing and prospective technology projects with responsibilities including the development/refinement of strategy, policy, regulatory compliance, risk identification and mitigation, security architecture and standards.
The Information Security Architect will provide security expertise to new IT projects, will identify applicable security controls, determine functional and non-functional security requirements, and identify design solutions that meet business objectives while meeting security standards. In addition, this person will implement and maintain systems and processes that protect business and client information.
SALARY / GRADE: 16 (Determined by the knowledge, skills, and abilities of the applicant.)
- Level II: $92,500 - $152,450 / Grade 17
- Senior: $100,650 - $166,050 / Grade 18
REPORTING RELATIONSHIP: Manager of Corporate and IT Security
LOCATION: Rapid City, SD
ESSENTIAL JOB FUNCTIONS:
- Design and document security solutions in compliance with the existing enterprise-wide information security strategy and policies. Including LAN, WAN, VPNs, firewalls, routers, and other related security solutions and functionality.
- Review existing architecture, identify design gaps, and recommend security enhancements.
- Serve as information security subject matter expert, trusted advisor; provide advisory and consulting services as needed to various department and project teams.
- Meet with project teams, architects, and other subject matter experts to develop system designs and project plans that include the appropriate security controls to meet security standards and regulations.
- Proactively review and analyze new or proposed business applications to evaluate appropriate security capabilities, assessing their risk and their value in support of corporate goals and security strategy.
- Understand current as well as emerging security threats and design security architecture to mitigate threats where possible.
- Conduct security reviews of vendor proposals, conduct process analysis, review information security architectures, and recommend modifications to the information security operation to evaluate risk, reduce costs, or improve service.
- Stay abreast of new security technologies and integrate into security architecture design when appropriate.
- Maintain an awareness of existing and proposed security standard setting groups as well as State and Federal legislation and regulations pertaining to information security.
ADDITIONAL RESPONSIBILITIES:
- Other duties as assigned.
QUALIFICATIONS:
Level II:
- Minimum of three (3) years of Information Security experience in a role as a security analyst, security engineer or security architect is required.
- Minimum of bachelor's degree in information technology, Computer Science, Information Assurance, or related technical field is required.
- Required: Current management or technical level Information Security certification (CISSP, CISM, CRISK, GIAC) etc.
Senior:
- Minimum of five (5) years of Information Security experience in a role as a security analyst, security engineer or security architect is required.
- Minimum of bachelor's degree in information technology, Computer Science, Information Assurance, or related technical field is required.
- Required: Current management or technical level Information Security certification (CISSP, CISM, CRISK, GIAC) etc.
KNOWLEDGE/SKILLS/ABILITIES:
- Strong understanding of network architecture, firewalls, Intrusion Detection Systems, web filtering, audit and log management, physical security control systems, real-time systems, and common operating systems.
- Understanding of emerging technologies in IT such as a Cloud Platform, Internet of Things and Mobile BYOD as well as the associated security risks.
- Working knowledge of common information technology management and security frameworks, such as ISO/IEC 27001, OWASP, ITIL, COBIT, CIS Top 20 and NIST
- Operating knowledge cyber security theory and practice as promoted by numerous security standards and certification entities desired.
- Understanding of advanced technical security topics such as Security Essentials; Ethical hacking; Auditing and monitoring networks, systems, and users; forensics and malware analysis; security incident response.
- Knowledge of physical and/or cyber security architecture.
- Experience with various Information Security technologies, including firewalls, IDS/IPS products, vulnerability assessment and management products, Windows operating systems, UNIX/Linux operating systems, networks (routing, switching, design, etc.), scripting/programming (shell, Perl, C, etc.)
- Excellent organizational skills with attention to details, accuracy and timeliness.
- Excellent communication skills Work effectively with security integrators, vendors, software manufacturers and application users to program, maintain and improve support for all security systems.
- Handle confidential and proprietary information with discretion.
- Ability to lead and mentor coworkers in security and job-related functions.
- Able to work independently, handle multiple projects simultaneously, assist with coordinating a variety of work functions and the ability to adapt to critical timelines.
- Ability to troubleshoot system and maintenance problems.
Black Hills Corporation
625 Ninth St
Rapid City
South Dakota United States
ir.blackhillscorp.com/
