Enterprise Security Policy Architect
This job is no longer active.
View similar jobs.
POST DATE 8/17/2016
END DATE 11/29/2016
JOB DESCRIPTIONJOB DESCRIPTION
ENTERPRISE SECURITY POLICY ARCHITECT
JOB ID 20162834 DATE POSTED 08/15/2016 Description
ABOUT THE POSITION:
The Security Policy Architect will be responsible for the Information Security Management function providing leadership and strategic direction for the Cyber Security Policy & Standard function. The purpose of the role in turn, is to bring the organization s information security risks under explicit management control through the Information Security Management System.
The Security Policy Architect serves as a subject matter expert in many areas of security, both in breadth and depth. The role is a highly visible position, where the candidate must have a deep and varied expertise of information security principles, practices, processes and technologies. In particular, previous experience of planning security architecture and implementing technical security solutions, such as identity and access management, data protection, secure partner connectivity, and application security controls, will be essential.
POSITION RESPONSIBILITIES (INCLUDING BUT NOT LIMITED TO):
* Security Policy: Leading in the development, maintenance and overall lifecycle management of security policy and standards, and co-ordinating and involving subject matter experts as necessary.
* Security Architecture Assisting in the development of an enterprise security architecture framework that addresses business needs. In particular, identifying, designing and implementing appropriate technical security solutions such as IDS/IPS, secure remote access, firewalls, encryption, data protection and data loss prevention. Leading in the development of selected security architectures for complex systems, ensuring consistency with specified requirements agreed with both external and internal customers.
* Security Strategy Assisting in the development of strategic security plans and supporting the investment planning process.
* Providing guidance to the business, as required, on the security implications, use and deployment of technologies.
* Being accountable for ensuring that key risks and issues are identified, addressed and resolved in a manner that satisfies the business.
* Flexible to travel as role requires (noting that responsibilities are global)
* Ensure that design decisions align with the business vision and maintain security architectural flexibility
* Ensure compliance with enterprise security architecture, and grant dispensations that are in keeping with the Group strategy and LOS (Line of Sight) objectives
* Guide various business and IS teams as needed toward a common architecture and engage stakeholders as advocates of the vision
* Will work and report within the Digital Risk & Security function as a dedicated resource representing the Security Policy Architecture function
* Provide leadership in transforming the DR&S architecture function into a proactive value-added business-focused service provider, while ensuring that risks are identified and managed appropriately.
* Leadership and strategic direction for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security
* Liaison with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
* Leads the design, implementation, operation and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including certification against ISO/IEC 27001 where applicable
* Forms a centre of excellence for information security policy management, for example offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization and promoting the commercial advantages of managing information security risks more efficiently and effectively
* Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations
KNOWLEDGE & EXPERIENCE REQUIRED:
* Extensive experience of full-time work experience in information security management and/or related functions (such as IT audit and IT Risk Management)
* Educated to degree level (or equivalent combination of education and experience).
* Information Security Qualifications such as: CISSP, SABSA and ISSAP preferred.
* Experience of working as an Information Security Policy expert working closely with business stakeholders and Enterprise Architects.
* Working experience of applying security architecture within a large global enterprise.
* Strong knowledge and experience designing and implementing technical security solutions such as IDS/IPS, secure remote access, firewalls, encryption, secure protocols, IT network security (secure LAN, WAN, vlan technology, MPLS, and secure network zoning and restricted network design) and database, operating system and application security, data protection, data loss prevention and identity management solutions.
* Experience with the use of the SABSA and ISO 27000 framework with the experience of developing security policies and standards at an enterprise level
* Strong knowledge of data and information flows, information governance, network protocols.
* Experience of writing security policy and standards, and of the policy development lifecycle process.
* Experience of security hardening techniques and policy development, particularly operating system hardening (e.g. Windows, UNIX, Oracle).
* Appreciation of wider information security related principles, likely to be gained in industry or from a consultancy background.
* Prior Critical National Infrastructure (CNI) and utility industry experience preferred
* Experience working with a diverse team of people comprised of internal and external resources
* Demonstrated strength in relationship building with success influencing leaders at all levels
* Strong analytical and problem solving skills, negotiation, interaction management, and presentation skills are required with the ability to create consensus and understanding around security policy
* Ability to multi-task, effectively structure work to handle multiple demands and competing activities
* Must demonstrate strong ethics, influence and negotiation, leadership, interpersonal skills, communication, the ability to effectively manage stress and engage in continuous learning by staying current with relevant technology and innovation.
* Strong communication, leadership, influencing, and partnering skills to collaborate with, and influence business stakeholders to explore best in class, innovative solutions to business challenges
* Absolutely trustworthy with high standards of personal integrity (demonstrated by an unblemished career history, complete lack of criminal convictions etc.), and willing to undergo vetting and/or personality assessments to verify this if necessary
* Typically a background in technical IT roles such as IT architecture, development or operations, with a clear and abiding interest in information security
National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer, committed to providing equal opportunity to employees and applicants for employment without regard to race, color, religion, creed, national origin, ancestry, alienage or