Job Title:  Cloud Security Architect Lead

Posting Date:  19 Mar 2025
Requisition ID:  2615
Company:  NAWAH
Location:  Barakah
Posting Status:  Active Recruitment

Job Purpose

The Cyber Security Architect Lead is responsible for designing, implementing, and maintaining robust security architectures that protect both IT and OT environments. This role involves developing comprehensive security strategies that address the unique challenges and requirements of both domains, including compliance with FANR regulations. The architect will work closely with cross-functional teams to identify vulnerabilities, assess risks, and implement effective security controls. Additionally, the role includes staying current with emerging threats and technologies and continuously improving the organization's security posture through proactive measures and innovative solutions.
 

Key Activities, Responsibility & Accountability

Security Architecture design
Responsibilities and Accountabilities:  
•    Design secure IT and OT systems and networks using SABSA or TOGAF principles.
•    Lead the identification of gaps and provide recommendations of how to close those gaps.
•    Implement security controls and measures.
•    Ensure the integration of security controls across both environments.
•    Maintain the overall security posture of IT and OT environments.
•    Assist in the evaluation of all modifications to Critical Digital Assets (CDAs) before implementation ensuring that new/modified CDAs are reviewed and CDA assessments are performed accordingly.
•    Design security solutions that align with business objectives and regulatory requirements.Security monitoring and audits
Responsibilities and Accountabilities: 
•    Perform security monitoring, security and data/logs analysis and compromise assessments of OT and IT systems to detect security incidents and root causes of incidents.
•    Lead investigations and utilize new technologies and processes to enhance OT and IT security capabilities and implement improvements.
•    Perform security audits and assessments to verify the effectiveness of security controls.
•    Implement continuous monitoring solutions for OT and IT networks and systems.
•    Continuously review and improve the OT security architecture to address new threats and vulnerabilities.
•    Participate in OT security architecture reviews and audits.
•    Implement lessons learned from OT and IT security incidents and assessments.Risk Assessment and Management
Responsibilities and Accountabilities:
•    Conduct regular risk assessments using SABSA or TOGAF risk management process.
•    Lead mitigation strategies to address identified risks, ensuring alignment with SABSA or TOGAF's risk management framework.
•    Provide regular reports on risk assessment findings to senior management.
•    Update and maintain the risk registry.Strategy and planning
Responsibilities and Accountabilities: 
•    Develop and implement the organization's cyber security strategy.
•    Ensures the strategy aligns with regulations for the nuclear industry.
•    Assists the Head of Information Security Assurance in the preparation of the annual section budget.
•    Develop and maintain security standards, guidelines, and best practices tailored to OT environments.
•    Provide guidance on the implementation of security controls in OT and IT systems.
•    Document OT and IT security architecture designs, decisions, and rationales.Security Policies and Procedures 
 

Responsibilities & Accountabilities (contd.)

Professional Certifications

Qualifications

Bachelor's Degree

Experience

6 to 7 years of relevant experience.

Pref - 

Bachelor’s Degree with 7 years’ experience, Diploma, Military or Police Academy graduate with 10 years’ experience, or High School with 12 years’ experience
Certified Information Systems Security Professional (CISSP), Certified Information Systems Security Professional - Industrial Control Systems (CISSP-ICS), TOGAF 9 Certification, SABSA Chartered Security Architect, ISO/IEC 27001 Lead Implementer, GIAC Response and Industrial Defense (GRID), IEC 62443 Cybersecurity Expert