Enterprise Cybersecurity Risk & Governance Architect

OUC - The Reliable One, is presently seeking an Enterprise Cybersecurity Risk & Governance Architect to join our Security Governance division. We are searching for a forward thinking, detail oriented expert to lead the development and governance of OUC's cybersecurity risk architecture and support our long-term strategic goals.

This position is responsible for designing and maintaining the enterprise cybersecurity risk framework, conducting risk assessments and vulnerability testing, overseeing the Enterprise Cybersecurity Risk Register, and partnering with leadership to ensure strong alignment between cybersecurity, compliance, and business needs. We are looking for a strategic, collaborative professional who can identify risks early, provide clear guidance, and help shape OUC's evolving cybersecurity strategy.

Join a team of visionary Change Agents, Strategists, and Community Ambassadors who understand the vital role of diverse experiences in powering creativity and industry transformation. At OUC, each position contributes to the success and achievement of our goals. Click here to learn more about what we do.

The ideal candidate will have:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology Management, Information Systems, or a related field.
• Minimum of seven (7) years of experience in the development and oversight of a cybersecurity risk architecture with a focus on IT and OT environments, to include:
• Experience in data governance and cybersecurity frameworks.
• Experience with NERC CIP standards and NIST frameworks, preferred;
• Certifications including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), preferred.

OUC offers a very competitive compensation and benefits package. Our Total Rewards package includes, to cite a few:

Competitive compensation

Low-cost medical, dental, and vision benefits and paid life insurance premiums with no probationary period.

OUC's Hybrid Retirement Program includes a fully-funded cash balance account, defined contribution with employer matching along with a health reimbursement account

Generous paid vacation, holidays, and sick time

Paid parental leave

Educational Assistance Program, to include tuition reimbursement, paid memberships in professional associations, paid conference and training opportunities

Wellness incentives and free access to all on-site OUC fitness facilities

Access to family-oriented recreational areas

Paid Conference and Training Opportunities

Hybrid work schedule

Click here to view our Benefits Summary.

Salary Range: $120,700 - $150,875 annually - commensurate with experience

Location: Reliable Plaza

Applicants must be legally authorized to work in the United States at the time of application. This organization does not offer or sponsor employment visas for internship or full-time positions.

Please see below a complete Job description for this position.

Plays a critical lead role and serves as subject matter expert in the development, maintenance, and governance of a cybersecurity risk architecture that supports OUC's enterprise governance and business strategy. Defines, plans, and implements enterprise strategic cybersecurity initiatives to improve existing infrastructure and governance while shaping the long-term risk architecture vision. Safeguards the integrity and security of the enterprise by leveraging advanced data analytics to monitor, analyze, and report on cybersecurity compliance, specifically concerning security standards and frameworks.

Primary Functions:

• Develop, plan and maintain an enterprise cybersecurity risk management architecture that supports OUC's cybersecurity and while enabling business strategy.
• Partner with leadership to design the framework and guidelines to ensure data privacy and compliance.
• Participate in the development of a comprehensive cybersecurity strategy, with a focus on risk management, threat detection, and incident response.
• Create procedures and guidance for security risk assessments, testing, and vulnerability scanning to identify and address potential threats.
• Ensure that procedural framework for governance is in compliance with regulatory requirements.
• Work with applicable stakeholders to ensure business alignment of the enterprise cybersecurity controls with the business objectives.
• Define and document relationships between the components on the different architecture layers, providing traceability and justification.
• Collaborate with IT Security to successfully blend Information Security Management and Enterprise Risk Management.
• Identify key risks areas and recommend strategies to address and monitor risk.
• Partner with leadership on Risk Assessment, Business Impact Analysis, and Risk Mitigation activities.
• Interview leadership and other stakeholders to determine appropriate risk appetite to ensure risk management processes and plans are in line with OUC's risk appetite.
• Maintain and monitor the Enterprise Cybersecurity Risk Register and other audit/assessment documentation.
• Perform security reviews, flag compliance issues, identify gaps and trends in security architecture and recommend remediation strategies.
• Develop and implement a security risk management plan.
• Apply knowledge of security risk frameworks to guide the development of analytical routines and compliance checks.
• Preserve information security features by applying an enterprise risk management process and ensuring stakeholder confidence.
• Partner with manager in security policy development to ensure Information Security Management is integrated throughout the enterprise.
• Collaborate on enterprise cybersecurity planning, validation of controls, and development of security standards.
• Stay updated on changes to cybersecurity regulations and standards, incorporating relevant updates into existing routines and practices.
• Develop and implement data analysis routines to continuously monitor compliance with security standards, best practices, and frameworks.
• Create automated alerts and dashboards to flag potential compliance issues or security anomalies in technology environments.
• Develop and execute plans to assess security risk which includes periodic reviews of existing systems and devices, validation appropriate remediate is in place, and ongoing risk assessment.
• Collaborate with IT and business unit teams to investigate identified issues and develop actionable remediation plans.
• Ensure alignment of OUC's enterprise cybersecurity risk and governance architecture with the TOGAF architecture framework.
• Provide recommendations for improving cybersecurity measures and compliance practices based on data analysis and trend identification.
• May mentor, teach, coach, and instruct other team members on pertinent topics;
• Perform other duties as assigned.

• Expert understanding of technology and security standards, enterprise risk architecture, cybersecurity frameworks, and regulatory requirements applicable to utilities.
• Strong grasp of IT and OT systems, including network architecture, industrial control systems, and cybersecurity controls.
• Proficiency in data analysis tools and programming languages (e.g., Python, R, SQL).
• Experience with cybersecurity information and event management (SIEM) systems and data visualization tools (e.g., Splunk, Tableau).
• Strong analytical and problem-solving skills with a keen eye for detail.
• Effective communication skills, both written and verbal, with the ability to present complex data insights to non-technical stakeholders.
• Working knowledge of all, but not limited to the following:
  • Systems architecture and design;
  • Standards and governance processes;
  • Technology presentations on emerging trends and adoption of new technology;
  • Technology standards;
  • Emerging technology;
  • IT Systems, applications, integrations, and standards;
  • Data analytics and reporting;
  • Project management.
• Familiarity with all, but not limited to the following:
  • Roadmaps and presentations for evolving systems architectures;
  • Documentation on current system architectures;
  • Documentation on future state architectures;
  • Cybersecurity practices;
  • Enterprise Architecture standards (TOGAF)
• Related industry, organizational and departmental policies, practices, and procedures; legal guidelines, ordinances, and laws;
• Ability to coach and mentor staff.
• Ability to make arithmetic computations using whole numbers, fractions and decimals, and compute rates, ratios, and percentages;
• Ability to use Microsoft Office Suite (Outlook, Excel, Word, etc.) and standard office equipment (computer, telephone, etc.)

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology Management, Information Systems, or a related field.
• Minimum of seven (7) years of experience in the development and oversight of a cybersecurity risk architecture with a focus on IT and OT environments, to include:
• Experience in data governance and cybersecurity frameworks.
• Experience with NERC CIP standards and NIST frameworks, preferred;
• Certifications including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), preferred.

This job may be exposed to working in confined spaces.

Physical Requirements:

OUC-The Reliable One is an Equal Opportunity Employer who is committed through responsible management policies to recruit, hire, promote, train, transfer, compensate, and administer all other personnel actions without regard to race, color, ethnicity, national origin, age, religion, disability, marital status, sex, sexual orientation, gender identity or expression, genetic information and any other factor prohibited under applicable federal, state, and local civil rights laws, rules, and regulations.

EOE M/F/Vets/Disabled