Cyber Security Architect lead

The Cyber Security Architect Lead is responsible for designing, implementing, and maintaining robust security architectures that protect both IT and OT environments. This role involves developing comprehensive security strategies that address the unique challenges and requirements of both domains, including compliance with FANR regulations. The architect will work closely with cross-functional teams to identify vulnerabilities, assess risks, and implement effective security controls. Additionally, the role includes staying current with emerging threats and technologies and continuously improving the organization's security posture through proactive measures and innovative solutions. Cyber Security Architect Lead it should be ISA/IEC 62443 Cybersecurity Expert, Certified Information Systems Security Professional - Industrial Control Systems (CISSP-ICS), GIAC Response and Industrial Defense (GRID).

Security Architecture design

Responsibilities and Accountabilities:

• Design secure IT and OT systems and networks using SABSA or TOGAF principles.
• Lead the identification of gaps and provide recommendations of how to close those gaps.
• Implement security controls and measures.
• Ensure the integration of security controls across both environments.
• Maintain the overall security posture of IT and OT environments.
• Assist in the evaluation of all modifications to Critical Digital Assets (CDAs) before implementation ensuring that new/modified CDAs are reviewed and CDA assessments are performed accordingly.

Design security solutions that align with business objectives and regulatory requirements.

Security monitoring and audits

Responsibilities and Accountabilities:

• Perform security monitoring, security and data/logs analysis and compromise assessments of OT and IT systems to detect security incidents and root causes of incidents.
• Lead investigations and utilize new technologies and processes to enhance OT and IT security capabilities and implement improvements.
• Perform security audits and assessments to verify the effectiveness of security controls.
• Implement continuous monitoring solutions for OT and IT networks and systems.
• Continuously review and improve the OT security architecture to address new threats and vulnerabilities.
• Participate in OT security architecture reviews and audits.

Implement lessons learned from OT and IT security incidents and assessments.

Risk Assessment and Management

Responsibilities and Accountabilities:

• Conduct regular risk assessments using SABSA or TOGAF risk management process.
• Lead mitigation strategies to address identified risks, ensuring alignment with SABSA or TOGAF's risk management framework.
• Provide regular reports on risk assessment findings to senior management.

Update and maintain the risk registry.

Security Policies and Procedures

Responsibilities and Accountabilities:

• Create and maintain security policies and procedures for OT and IT environments.
• Establish clear security policies that govern access control, data protection, incident response, and compliance.
• Adopt industry standards and frameworks such as NIST, ISO/IEC 27001, NEI and IEC 62443.