The Sr Staff Cyber Security Architect works on highly complex projects that require in-depth domain knowledge in all dimensions of information and cybersecurity architecture. You are responsible for driving the architect, build out, and implementation efforts related to architecture, scalability, availability and performance alignment w/ the product roadmap focusing on security posture related to mergers and acquisitions. They may interact w/ functional leaders to support these technical initiatives.Essential Responsibilities:In this role, you will:
- Work on mergers and acquisitions due diligence activities, including assessing risk posture of organizations under consideration and residual risk posture post divestiture.
- Identify and prioritize risks
- Identify solutions and approaches to address prioritized risks, both technical and organizational
- Ensure compliance to applicable industry standards and regulations.
- Coordinate with cross functional teams to ensure architectural solutions effectively fulfill business needs
- Determining security requirements for cloud-based solutions by evaluating business strategies and requirements; researching cloud infrastructure security standards such as ISO 27000 series, NIST CSF, and CSA
- Communicate with management, senior leaders, teams and technical personnel on a continuous basis
- Developing security strategy plans and roadmaps based on architecting best practices and provide guidance and hands-on experience to project teams in design, development, and maintenance of security solutions
- Designing and developing security policies, standards and procedures e.g., account management, tenant management, proxy server management, firewall management, SSL/IPsec, security incident and event management (SIEM), data protection (DLP, encryption), user account management (SSO, SAML), and password/key management, vulnerability/threat assessment
- Coordinating security team members to conduct security analysis of BHGE platforms and environments using BHGE security requirements and security best practices. This can include prospective and existing workloads in IaaS, PaaS and SaaS cloud platforms.
- Assessing BHGE service providers' SSAE 16, SOC 1 and/or SOC 2 audit reports (or alternative sources) for security-related deficiencies and required "user controls" and suggest remediation controls
Eligibility Requirements: (Country Specific)
- 10 years overall technology experience
- Minimum 3 years of hands-on technical experience architecting, designing and implementing solutions across IaaS and PaaS models and environments (Public, Private, Hybrid)
- 2 years working experience designing architectures and strategies for enterprises
- 5 years of relevant consulting or industry experience
- 2 years in a technical or functional lead role
- 2 years working experience with Virtualization including security for at least one or more of the following: Compute, Network, Storage, End-point, Application
- 2 years working experience with Cloud technologies/vendors and/or providers a big plus
- Hands on experience in due-diligence activities related to mergers, acquisitions, and divestitures
- Hands on experience in drafting, modifying, reviewing, or managing technical Transition Service Agreements
- Strong working knowledge of Cloud security industry standards such as Cloud Security Alliance (CSA), ISO/IEC 27017 and NIST 500 291
- Strong working knowledge of Cloud orchestration and automation (Continuous Integration and Continuous Delivery CI/CD) in single and multi-tenant environments
- Strong working knowledge of IT service management (e.g., ITIL-related disciplines)
- Strong working knowledge of OT security and how it aligns and differs from Enterprise IT Security.
- Understanding of industry security standards, guidelines and regulatory/compliance requirements related to information security and cloud computing such as ISO 27001, NIST 800-53, IEC/ISA 62443, SOC2, PCI, SOX, etc.
- Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job
- Must be willing to travel as needed (less than 20%)
- Must be willing to work out of a BHGE facility location.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- Strong interpersonal skills, with an emphasis on the ability to effectively influence others
- A team-focused mentality with the proven ability to work effectively with diverse stakeholders
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
- Certifications: CISM, CISSP, ITIL
- Bachelors / master's degree in Computer Science, Cyber Security or similar discipline
Baker Hughes, a GE company is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. Learn more