The Sr. Information Security Architect will report to the Director of Enterprise Security and will be responsible for supporting the Company’s Information and Operational Technology (IT/OT) cybersecurity programs for its corporate networks and industrial process control systems. This position will identify and evaluate security risks within the organization and drive the implementation of leading practices and solutions to mitigate exposures and adequately manage cybersecurity risks.

Job Title Senior Information Security Architect
Location Houston, TX, US

Detailed Description
• Develop, monitor and maintain an enterprise cybersecurity practice aligned to the NIST Cyber Security Framework
• Draft, implement, and maintain IT/OT security policies, standards, and procedures
• Collaborate with key stakeholders to scope and perform regular vulnerability assessments to evaluate cyber risks to the IT/OT environment
• Evaluate and implement cyber solutions and services required to manage risks
• Participate and actively collaborate with key internal and external stakeholders, industry groups and law enforcement to understand threats and leading practices
• Administer ongoing cybersecurity education and awareness programs for employees and 3rd parties
• Consult with IT and OT development and infrastructure teams to analyze business impact and exposure and establish standards based on emerging security threats, vulnerabilities and risks.
• Manage internal and 3rd party providers conducting periodic assessments and network penetration tests
• Lead cross-functional IT/OT security incident response team based on the incident response plan
• Conduct, support and/or assist investigations into security incidents and recovery efforts
• Develop and report on cybersecurity metrics and key security, risk, and compliance indicators
• Provide Subject Matter Expertise (SME) for security related issues and initiatives.
• Assist the Director of Enterprise Security with other duties as assigned or delegated.

Job Requirements

• Deep knowledge and experience within the cybersecurity domain including cyber defense, threat and vulnerability management, advanced security analytics, data security, identity management, security operations and managed security services
• Solid understanding of emerging technologies in IT such as a Cloud Platform, Internet of Things and Industrial Control Systems data platforms
• Assist in establishing an enterprise security strategy complemented by the required policies, procedures and tools to effectively manage cyber risks in the enterprise
• Strong written/verbal communication, presentation, and interpersonal skills with the ability to establish effective rapport with all levels of employees and provide professional customer services
• Participate fully in all Health, Safety, and Environment (HSE) initiatives and safety programs
• Perform other duties, as assigned
Demonstrated ability in the following competencies:
• Build and Maintain Effective Relationships
• Develop Self and Others
• Technical and Business Acumen
• Drive for Results
• Customer focus
• Decision Quality

Minimum Qualifications:
• Bachelor’s degree in Computer Science, Management Information Systems, Engineering, or other relevant field; or equivalent combination of education and experience required.
• 5+ years of experience in network security engineering and support in an enterprise environment
• Experience with security gateways, vulnerability scanning tools, cloud-based authentication systems and CASBs
• Demonstrated, hands-on experience evaluating and deploying end-to-end cybersecurity technical solutions, including end point protection, SIEM, DLP, IdM, MFA, encryption, monitoring and similar solutions and technologies
• 5+ years of experience in designing, developing, implementing cyber programs and solutions, including education and awareness, security incident response plans and reporting of key performance indicators

Preferred Qualifications:
• CISSP certification
• Experience supporting cybersecurity programs based on the NIST framework
• Technical knowledge and understanding of process control systems and data acquisition and analytics platforms
• Experience architecting security infrastructure in cloud platforms
• Strong interpersonal, verbal, and written communication skills, with the ability to communicate effectively with all levels within the organization, both technical and non-technical
• Ability to lead technical discussions and projects in an organized manner
• 2 or more years of experience securing industrial process controls networks/systems
• Oil and gas or energy services industry experience