Security Services Architect

Hydro Global Business Services (GBS) is an organizational area that operates as an internal service provider for the Hydro group. Its ultimate purpose is to deliver relevant IT, financial and HR business services to all business areas within the company.
 

Hydro is currently strengthening the organization within the area of Cyber Security Services. As a result, Cyber Security Services/Security Engineering is looking for a proficient Security Services Architect to lead the recently formalized security architecture capability/discipline for Hydro group.

The position will be responsible for implementing Security Architecture as the means to plan and design security consistently and coherently. Leading the efforts to translate cyber risks to executable security requirements along with designing and guiding implementation of security controls. This position will collaborate with a large network of stakeholders from enterprise domain architects, the professional cyber security functions, CISO, security solution architects, security engineers, security operation, SOC teams, risk managers, application and product owners. The position reports to the Manger of Security Engineering and is part of the Cyber Security Services.

Responsibilities:

• Own the Security Architecture capability/discipline and ensure it is operational as desired
• Lead the efforts of defining, prototyping and developing security reference architecture, methodology, models and security controls in alignment with requirements from the architecture teams, technology teams and CISO organization.
• Lead the adoption and implementation of relevant cyber security frameworks and standards
• Translate information security policies into a technical security control framework, security architecture blueprints and socialize across the organization.
• As a trusted advisor, you will be the security go-to-person on the relevant architecture boards and cyber security services/security engineering team.
• Develop security standards and drive improvements based on IT/Security strategy, Cyber Security related operation developments, project feedback and other sources.
• Oversee the life-cycle of security architectures/solutions from the conceptual, through logical, physical down to component and service management/operation layer.

Requirements:

• At least 8 years of technology and IT experience with a specialization in information security areas either in software and/or infrastructure including both architecture and operation (e.g.Logmanagement, Vulnerability management, OT/ICS security, Firewall)
• Experience in working in larger international environment and to deliver through virtual teams
• Leadership, facilitation and orchestration skills
• Strategic and result oriented with analytical mindset
• Familiar with agile approaches of digital product development
• Experience in security audit field
• Proven knowledge of ISO security standards (ISO27001, ISO22301 or equivalent).
• Proven knowledge of international security frameworks and methodologies (NIST, SABSA; TOGAF or equivalent).
• Experience of cloud-security (e.g. AWS or Azure certification).
• Strong track record of implementing IT security policies and controls through various departments and hierarchy levels
• Strong verbal and written skills in English
• Ability to communicate with technical and nontechnical stakeholders equally

Hydro offers

• Working at the world’s only fully integrated aluminum and leading renewable energy company
• Diverse, global teams
• Flexible work environment/home office
• We provide you the freedom to be creative and to learn from experts
• Possibility to grow with the company, gain new certificates
• Attractive benefit package

Applications from severely disabled and equally disabled people will be considered with equal suitability.
Please apply online in ONE with your CV and optionally a cover letter until: 04/22/2024 
If you have any questions, please contact:

Petra Rumpler
Petra.Rumpler@hydro.com