Enterprise Architect - Cyber Security & TSOC

Join to apply for the Enterprise Architect - Cyber Security & TSOC role at First Energy

2 weeks ago Be among the first 25 applicants

Join to apply for the Enterprise Architect - Cyber Security & TSOC role at First Energy

Get AI-powered advice on this job and more exclusive features.

About the Opportunity
First Energy at a Glance

We are a forward-thinking electric utility powered by a diverse team of employees committed to making customers' lives brighter, the environment better and our communities stronger.
First Energy (NYSE: FE) is dedicated to integrity, safety, reliability and operational excellence. Headquartered in Akron, Ohio, First Energy includes one of the nation's largest investor-owned electric systems, more than 24,000 miles of transmission lines that connect the Midwest and Mid-Atlantic regions, and a regulated generating fleet with a total capacity of more than 3,500 megawatts.
Preferred work location is Wadsworth, OH

This is an open position with First Energy Service Company, a subsidiary of First Energy Corp. [SC00]

This position's base reporting location is in Wadsworth Township, Ohio, with flexible hybrid work arrangements, and reports to the Director of Cyber Security Operations. This Enterprise Security Architect is responsible for strategy, R&D, network segmentation and technical designs for the Cyber Security Technologies team who manages our firewall, VPN, endpoint protection, certificate management and multi factor authorization platforms. This role provides thought leadership and support across all cybersecurity teams to improve the overall security posture  Enterprise Security Architect maintains open communications with peers across the Cyber Security organization and IT.
Responsibilities include
- Provide overall security guidance and leadership in R&D, strategy, network segmentation and technical designs involving a variety of infrastructure, networking and security technologies tools.
- Guide and assist the Security Technologies team in the design, implementation, and operations of security solutions to protect the edge.
- Conduct risk assessments and threat modeling for network and access technologies in partnership with our security operations center.
- Ensure compliance with internal policies and regulatory requirements (NERC CIP, SOX).
- Manage requests for information (RFI) and requests for pricing (RFP) on new application services for cyber security operations
- Educate and influence IT, Cyber Security and Business stakeholders to better understand existing security risks, best practices, and infrastructure designs/changes required to support best-in-breed and the business objectives, while managing security risks.
- Drive technology strategy and enterprise architecture for Cyber Security Technologies which includes but not limited to our Zero Trust journey.
- Develop, document, and recommend plans for investing in IT security, including cost analysis and cost reduction opportunities. Identify gaps in overall IT Security and assist in driving future improvements for Zero Trust.
- Ensure encryption standards and authentication methods are in line with cybersecurity policies.
- Define and follow access control policies and ensure they follow the principle of least privilege.
- Participate in budgeting conversations and strategic planning around cost saving measures.
- Develop and present business cases and security architecture plans to management and executive council, when appropriate.
- Identify process improvements to further advance security operations. Participate in regular firewall rule audits.
- Develop, construct and improve standard operating procedures (SOP) and team documentation.
- Research and development of new security platforms to support business objectives.
- Assist to provide investigation services and coordinate mitigation efforts during an operational or cyber security incident.
- Assist with the day-to-day operations in Cyber Security Technologies when needed.
- Participate in incident response training and business continuity planning.
- Build and maintain relationships with key business unit areas within Cyber, IT, Transmission, Distribution, and Corporate Security.
Qualifications
- Bachelor's Degree in Computer Science, Information Security, or similar discipline with ten (10) years of significant experience in one or more of the key technical domains is required. In lieu of a degree twelve (12) years of industry experience in cyber/information security will be considered if other certifications are held.
- Demonstrated high level of technical acumen, with a strong understanding and knowledge of computer, network (IPv4, IPv6, TCP, UDP), and IT security systems (firewall, VPN, certificate management, endpoint security).
- Demonstrated understanding of best practices in cybersecurity encompassing strategies, policies, principles, procedures, compliance and standards; and how they relate and…