Cyber Security Architect

Seeking an experienced Cybersecurity Risk Architect to lead the development and governance of the enterprise cybersecurity risk architecture. This role is crucial for protecting critical infrastructure by shaping strategy, advancing compliance, and driving continuous security improvements across IT and OT environments. Key responsibilities include conducting security risk assessments, threat detection, incident response, vulnerability management, developing and managing the Cybersecurity Risk Register, building automated compliance monitoring routines, and partnering across departments to mitigate security risks. The ideal candidate will stay current on evolving cybersecurity regulations, frameworks, and technologies, and mentor team members.

Must Have

• 5+ years of cybersecurity risk management experience
• CISSP certification
• Expertise in cybersecurity frameworks (NIST, NERC CIP)
• Hands-on experience with SIEM platforms
• Deep knowledge of IT/OT environments
• Strong communication skills

Good to Have

• Experience in utilities or critical infrastructure
• CISA certification
• Experience with data analytics tools (Python, R, SQL)
• Experience with enterprise architecture (TOGAF)
• Utility/energy sector cybersecurity experience

• Lead the design, maintenance, and governance of company enterprise cybersecurity risk architecture.
• Align cybersecurity initiatives with business strategy and regulatory requirements (e.g., NIST, NERC CIP).
• Conduct security risk assessments, threat detection, incident response, and vulnerability management.
• Develop and manage the Cybersecurity Risk Register and audit documentation.
• Build automated compliance monitoring routines and security dashboards.
• Partner across IT, operations, and leadership to drive security risk mitigation.
• Stay current on evolving cybersecurity regulations, frameworks, and technologies.
• Mentor and coach team members on cybersecurity and risk management best practices.

• 5+ years of cybersecurity risk management experience, preferably in utilities or critical infrastructure.
• CISSP certification required; CISA certification preferred.
• Strong expertise in cybersecurity frameworks (NIST, NERC CIP), risk architecture, and governance.
• Hands-on experience with SIEM platforms (Splunk preferred) and data analytics tools (Python, R, SQL).
• Deep knowledge of IT/OT environments, security controls, and enterprise architecture (TOGAF).
• Strong communication skills with the ability to simplify technical concepts for business audiences.
• Utility/energy sector cybersecurity experience highly preferred.

• Degree not required with significant relevant experience and CISSP certification.