Sr. Cybersecurity Architect
West Monroe isn’t a start-up consulting firm, but we act like one.
From day one, our people have the opportunity to make a definitive personal impact for their clients and their careers. What does this mean? It means we seek out the best of the best, and then we challenge them to make us better.
If you are looking to be a “behind the scenes” technologist, this isn’t the place for you. We celebrate driven professionals who thrive in a collaborative environment. Our consultants work on front lines – partnering with clients to deliver game changing solutions in the most dynamic industries. Sound interesting? Then West Monroe Partners just might be the place for you.
Think you’re up to the challenge?
West Monroe Partners is seeking a Cybersecurity Architect with relevant experience in securing Operational Technology, Process Control System technology or Industrial Control System technology to join our Cybersecurity consulting team. The role will be responsible for advising WMP’s clients in the Energy & Utilities (E&U) and Consumer & Industrial Products (C&IP) verticals on how to enhance the resilience of those platforms to withstand Cybersecurity attacks.
What will you be doing?
The Cybersecurity Architect will serve in the capacity of a subject matter specialist across multiple clients in various industries and geographic locations. As a member of the Cybersecurity practice, the Cybersecurity Architect will also partner with practice leaders across the C&IP and E&U teams on setting direction for the security offerings associated with those industry verticals, growth initiatives, industry specific cybersecurity concerns and thought leadership.
· Serve as part of an integrated team of C&IP, E&U and Cybersecurity specialists helping to expand the firm’s OT, PCN and ICS Cybersecurity capabilities.
· Speak to the security landscape, architectural models and solutions credibility, and present technical OT, PCN and ICS security solutions to senior executives across WMP’s clients.
· Consult with clients and act as the Subject Matter Expert in
o the secure design of OT, PCN or ICS environments,
o performing Cybersecurity risk assessments across OT, PCN or ICS environments
o developing security documentation to support OT, PCN or ICS environments
o the selection, design and implementation of Cybersecurity monitoring solutions to support OT, PCN or ICS environment.
o providing an independent review of organization's risk, compliance, and security frameworks supporting the OT, PCN or ICS environment
· Translate business and technical requirements into projects proposals including detailed work plans and cost estimates.
· Assist sales efforts by supporting initial scoping conversations and performing needs analyses to help drive business development efforts. Identify additional opportunities within existing client base.
- Manage client relationships and meet with clients to determine business and functional requirements.
- Take the responsibility for the creation, growth, and measurement of a client’s OT, PCN and ICS information security program
- Manage security strategy, budget and success of risks and regulatory programs
- Manage information security programs across C&IP, and E&U verticals
· Coach and develop members of the Cybersecurity consulting team.
· Promote thought leadership in OT, PCN and ICS emerging technologies;
We need someone with real world experience in the following:
- 7-10 years of experience helping organizations with OT, PCN or ICS environments, develop, define, deploy and manage Cybersecurity solutions across those environments
· Minimum 5 years supporting PLC, RTU, DCS, SIS, MES, Historians, HMI or SCADA systems.
· Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, HART, Foundation Fieldbus, PROFINET, etc.), and Windows and Unix platforms.
· Experience with industrial control regulations, including IEC 62443, NIST SP 800-82, NERC CIP, or other industrial control regulations.
· Experience in leading and delivering end-to-end solutions, which could include strategy, design, development, testing and training, and implementation.
· Experience deploying or supporting security practices and technologies such as risk or vulnerability assessments, antivirus software, firewalls, intrusion detection/prevention systems, deep packet inspection, SIEM, and centralized alert logging and monitoring in ICS environments.
o Ability to author technical and non-technical documents for varying audiences from technical automation personnel to senior security or operations personnel.
· Ability to work with senior business leaders to understand business objectives, identify risk factors.
· Global Industrial Cybersecurity Professional (GICSP), Certified SCADA Security Architect (CSSA), or Certified Information Systems Security Professional (CISSP) certification preferred.
What else do you need to bring to the table?
- Proactive desire to continue to broaden and deepen business and consulting skills
· Have excellent communication skills (written and verbal) allowing them to communicate with both technical and non-technical audiences from the plant floor up to the boardroom.
· Excellent organizational, verbal, presentation/facilitation, and written communication skills
· Ability to convey complex technical security concepts to technical and non-technical audiences including executives required
· Bachelor’s degree in Information Technology, Computer Science, Business or equivalent industry experience
· Willingness to travel for out of town client engagements, up to 80%.