Enterprise Security and IAM Architect

The Enterprise Security and IAM Architect is a combined practical and strategic position that involves establishing technical strategy, defining enterprise security and IAM architectures and leading solution implementations from a technology perspective. The position provides technical guidance and training to the implementation teams, serves as technology and best practices evangelist and ensures that implementations follow the finest of implementation standards and principles.

This position advises technical management and business areas on key architectural decisions regarding platforms and supporting technologies. This position produces technical architectures (documented by deliverables) that are scalable, maintainable, dependable, secure, and meet performance requirements. This position represents the Enterprise Information Technology (EIT) organization across CPS Energy and works across the company to deliver technical solutions, including providing continuity on major solution decisions, communicating technology solution value across all levels of the company and ensuring solutions are implemented according to the defined solution architecture and technical standards.

Enterprise Security and IAM Architect

Grade: 18

Qualifications may warrant placement in a different job level.

Deadline to apply: Open until filled

• Responsible for enterprise security architectural design and planning in a hybrid cloud environment.
• Designing data-centric security architectures to ensure appropriate control over data use and protection.
• Responsible for the strategy and enablement of identity and security solutions that include DLP, Encryption, Key Management, Identity Management, Secure Data Transport, audit, event detection, CASB, Intrusion Prevention, Remote Access, Firewall and more.
• Understanding the Enterprise's Identity Management current requirements, future state and industry best practices to plan and implement Identity & Access Management (IAM) solutions.
• Responsible for architecting IAM in a hybrid cloud environment, user/service/device authentication & authorization, managing enterprise identities and entitlements.
• Architecting the security posture of enterprise Operational Technology (OT) environments to help ensure compliance with NERC and other regulatory bodies.
• Should have a solid understanding of general IT application structures, the supporting components to the network, and general overall wholistic IT functions, operations and general dataflows of the enterprise to enable planning and implementation of best practice security measures.
• Must be knowledgeable of past, present, and upcoming security technologies, standards, and best practices to properly plan and implement solutions in the most effective way
• Develop enterprise security architectural patterns, approaches and design solutions, research new technologies and approaches
• Plan on how security controls are used (CASB, CSMP, CNAPP, CWPP and so on) and how they are deployed
• Create security standards and roadmaps, develop recommendations for migrating to future standards.
• Responsible for the security design, architecture and automation designs of on premise, wide area and Cloud solutions.
• Partner with vendors to select appropriate technical solutions.
• Collaborate with stakeholders to develop consensus, drive results, and execute projects across the organization on time and within budget.
• Manage several simultaneous initiatives from conception through implementation.
• Contribute to security standards and design patterns. Deliver solutions tailored to internal business requirements.
• Articulate design rationale, flexibly adapt solutions, and iterate designs when required.
• Provide 3rd level support and input as required to teams diagnosing reported issues, providing root cause analysis to management and the business teams.
• Work closely with Senior management, Architecture, Application managers and IT Security, BTE and operations teams.
• Enhances efficiency via automation when and wherever possible. Cross train other team members on projects, and network technologies.

• Enterprise securityarchitecture experience in a complex, multi-platform distributed environment
• Strong experience with On-Prem / Private, Public Cloud network, identity and application security services.
• Experience and knowledge of security methods and solutions to support: DLP, Encryption, Key Management, Fine Grained Access Control, Audit Trail, Detection, CASB, Micro segmentation, Cybersecurity Mesh, Secure Access Service Edge (SASE) and others.
• Knowledge of industry security standards and frameworks such as Payment Card Industry (PCI), HIPAA NIST, ISO 27001 and Cybersecurity Framework (CSF).
• Familiar with principles of cloud security and solutionsincluding native cloud provider security, Office 365 security and Cloud Security Posture Management (CPSM)
• Specific experience securing Microsoft Azure hosted services.
• Experience with Identity Management Solutions and leading products in the marketplace.
• CISSPor equivalent technical certification will be beneficial
• Experience architecting and implementing network security & QoS technologies.
• Able to develop opportunities, pitch and deliver security related projects