National Grid Lead Analyst, Security Services in Syracuse, New York
Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry.
To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business
The Security Solution Architect serves as a security lead/visionary and will act as an expert in many areas of security, describing in business terms the impact of security policies, standards, technology standards and architecture on the business. This person will provide security direction to the program/project(s) based on the business requirements and focus areas (Enterprise, CNI and Operational Technology).
The Security Solution Architect must be able to interpret high level business requirements and communicate them to highly technical security engineers; conversely, they must also be able to articulate highly technical issues to a non-technical business audience.
The Security Solution Architect is to provide minimum security requirements and to ensure that the delivered solution is fit for purpose and effective when transitioned into service. The Security Solution Architect will identify security services to be integrated into the overall solution and work with the Security Tower teams to ensure implementation of the services.
• Providing a security service steer to the program, on security related matters.
o This includes formal requirements and technical standard input to projects during the pre-sanctioning, start-up, requirements, and design stages to ensure that security has been considered and is appropriate.
o Further security related guidance may be required during the build and testing stages of the projects.
o Provide technical security input as required by the security policy development team.
o Security review and design of complex application and technology architectures.
o Coordination of technical design/review activities with various segments within the Security team.
o Evaluation and maintenance of systems and procedures, providing requirements to safeguard information systems and databases.
o Researching and recommendation/implementation of changes to procedures and systems to enhance security aligned with corporate policies and controls.
o Representing the Security Team ensuring ease of engagement with Security during projects and major programs.
o Accountable for ensuring that key risks and issues are identified, addressed and resolved in a manner that satisfies the business.
o Accountable for ensuring residual risk is captured and owners are identified and accept the risks.
o Continuous view toward standardization and process improvement with a view toward automation where possible.
o Flexibility to occasionally travel as role requires (may include global responsibilities).
• Security Technology
o Appreciation of wider information security related principles, likely to be gained in industry or from a consultancy background.
o Familiar with TOGAF and SABSA.
o Skilled in creating technology standards. Experience with presenting security requirements and necessary security services to the security and/or enterprise governance boards for acceptance and approval.
o Ability to perform threat modelling, ensuring proper controls and services are identified and incorporated into the design.
• Security Services
o Experience with cloud based security controls (secure web gateway, next gen firewall, cloud access security broker)
o Knowledge and experience with technical security solutions such as IDS/IPS, secure remote access, firewalls, encryption, secure protocols, data protection, data loss prevention and identity management solutions.
o Strong background in IT network security (secure LAN, WAN, vLAN, MPLS, Netflow, SNMP and secure network zoning and restricted network design), database, operating system and application security.
o Strong knowledge of data and information flows, information governance, network protocols.
o Knowledge of security hardening techniques and policy development, particularly operating system hardening (e.g. Windows, UNIX, Oracle).
o Experience in integration with a SIEM, or working within a system monitoring environment.
o Experience in vulnerability and risk management processes.
• Project Engagement
o Experience of incorporating security controls at each stage of the software development lifecycle process (ITIL).
o Experience of designing and managing security controls within service providers and the cloud.
o Proven track record of successfully delivering business requirements to time and budget constraints.
o Familiar with contract management, ensuring security controls are referenced within the agreement.
• Collaborative Working
o Strong communication (Written and Verbal), leadership and partnering skills.
o Able to demonstrate a high degree of credibility and influence senior stakeholders within the Organization.
o Prepared to challenge the program and IS colleagues and have the “difficult conversations” where needed in the interests of National Grid
o Able to operate as a highly independent worker and as part of a strong team/collaborative approach.
• Prior Critical National Infrastructure (CNI) and utility industry experience preferred.
• Preferably somebody who has done hands on IT in the past and understands the pragmatic approach sometimes required.
• Educated to degree level (or equivalent combination of education and experience).
• Information Security Qualifications such as CISSP and MSc Information Security preferred.
• Security Qualifications such as SANs, CCNA, CCNP.
This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Internal candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.
National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team