Why work at AltaGas?
We’re a leading energy infrastructure company with a footprint in some of North America’s most strategic energy markets. Our strategy is simple: to leverage the strength of our assets and expertise along the energy value chain to connect customers with premier energy solutions – from the well sites of upstream producers to the doorsteps of homes and businesses, and to new markets around the world.
To make this happen, we have a talented team of people who are safely and reliably operating our assets in every corner of North America. We’re incredibly proud of our team and their commitment to act with integrity, strive for operational excellence, and go the extra mile for our customers and the communities we serve. Learn more about our team, vision and strategy.
How do you fit in?
Reporting to the Senior Manager, IT Governance, Risk, and Compliance, the Cyber Architect will work closely with the Enterprise Architect, Infrastructure and Operations, and Governance, Risk and Compliance to ensure that new and existing systems are designed securely, and risks are managed appropriately. The Cyber Architect will be the primary security representative on new projects and initiatives, including several new and exciting cyber initiatives.
What you’ll be doing:
- Create candidate security architectures, allocate security services, and select security mechanisms and tools
- Develop and integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data
- Document and address organization's information security and cybersecurity architecture requirements throughout the application and system life cycle
- Employ secure configuration management processes
- Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines
- Perform security reviews, identify gaps in architecture, and develop a security risk management plan
- Provide input on security requirements to be included in statements of work and other appropriate procurement documents
- Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment
- Write detailed functional specifications that document the security architecture development process
- Analyze user needs and requirements to plan security architecture
- Define appropriate levels of system availability based on critical system functions and ensure that system requirements identify appropriate disaster recovery and continuity of operations requirements
- Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately
- Translate proposed capabilities into technical requirements
- Communicate effectively when writing
- Conduct vulnerability scans and recognize vulnerabilities in security systems
- Apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
- Design architectures and frameworks
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
- In close coordination with risk management and information security leadership, advise on a range of security-related issues (e.g. establishing system boundaries; assessing the severity of weaknesses and deficiencies in the system; plans of action and milestones; risk mitigation approaches; security alerts; and potential adverse effects of identified vulnerabilities)
What you must have:
- 5-9+ year security architecture (or equivalent) experience
- Bachelor’s degree in Computer Science, Information Systems, Computer Engineering, or similar
- Certifications: CISSP, CISM, CBCP, GISCP
- Frameworks: NIST, ISO 27001/2, ISF, NERC-CIP
- Skill in the following:
- Designing countermeasures to identified security risks
- Determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
- Using Virtual Private Network (VPN) devices and encryption
- Writing security test plans
- Configuring and utilizing software-based computer protection tools (e.g., software firewalls, antivirus software, anti-spyware)
- Applying security models
- Translating operational requirements into protection needs (i.e., security controls)
- Configuring and utilizing computer protection components (e.g., hardware firewalls, servers, routers, as appropriate)
- Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
- Identifying cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations
- Knowledge of the following:
- Risk management processes (e.g., methods for assessing and mitigating risk)
- Cybersecurity and privacy principles
- Cyber threats and vulnerabilities
- Specific operational impacts of cybersecurity lapses
- Authentication, authorization, and access control methods
- Application vulnerabilities
- Cyber defense and vulnerability assessment tools and their capabilities
- Business continuity and disaster recovery continuity of operations plans
- Organization's enterprise information security architecture
- Network access, identity, and access management
- New and emerging information technology (IT) and cybersecurity technologies
- Remote access technology concepts
- Key concepts in security management (e.g., Release Management, Patch Management)
- Critical infrastructure systems with information communication technology that were designed without system security considerations
- The application firewall concepts and functions
- Confidentiality, integrity, and availability requirements
- Risk Management Framework Assessment Methodology
- Organization's information classification program and procedures for information compromise
- Enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.)
Where you’ll be working:
This position will be located in our Head Office in downtown Calgary, AB. To learn more about our organization please visit AltaGas 101.
Ready to join our team?
If you’d like to be part of a company that invests in its people, always creates opportunities to help them grow and fosters an environment where everyone feels welcome, AltaGas is the place for you!
To apply, submit your resume in confidence to our Human Resources team by clicking on the button below or visiting www.altagas.ca/careers .
We appreciate your interest in working with us, but only those applicants selected for interviews will be contacted. At this time, we are not accepting agency referrals or telephone inquiries.