Energy Future Holdings Corp. is a Dallas-based, privately held energy company with a portfolio of competitive and regulated energy companies. TXU Energy, Luminant and Oncor, EFH's primary businesses, serve the high-growth Texas electricity market, which is one of world's largest and among the nation's most successful competitive markets. These businesses serve the high-growth Texas electricity market, which is one of the world's largest and among the nation's most successful competitive markets.
IT Security Architect
The IT Security Architect assists in the design, and implementation of enterprise information security architectures and solutions supporting the corporate Security program at TXU Energy (TXUE) business unit. Also serves as a security expert in various technologies and platforms that effect TXUE infrastructure (such as applications, SAP system, networks, data centers, computing devices, messaging, monitoring systems, etc.) as well as the TXUE specific areas (cyber security, data privacy compliance; protection of information assets and systems from security & privacy threats). The IT Security Architect contributes to the development and maintenance of information security strategy and architecture at the corporate level; and may provide support across other IT and business initiatives, ensuring the implementation and operation of the appropriate security controls across the organization are commensurate with systems and information risk and are aligned with IT security policies and standards.
• Responsible for the managing the IT security processes of the TXUE core environment.
• Ensures that IT Security controls meet the requirements of all regulatory requirements or contractual requirements; NACHA, PCI (Payment Card Industry) Security Standards, state and federal Privacy law, Sarbanes Oxley Act (SOX), and NERC, NEI, NRC, etc.
• Interprets information security policies, standards, and other requirements as they relate to specific internal and externally hosted IT systems, and assists or oversees the implementation of information security requirements.
• Operate the established risk management and IT asset classification processes and assists IT and business organization in the selection and requirement of security controls in accordance with business impact and risk.
• Participates in the security operations process and security policy and standards development such as incident response processes, monitoring, access control and provisioning, etc.
• Acts as a liaison for the internal or external parties performing security monitoring, and is an initial point of security event escalation within the organization.
• Supports security requirements and best practices for both EFH Core IT Security processes effecting TXUE (Data Center, Network and End User computing) as well as TXUE specific technologies.
• Quantifies and produces vulnerability and risk metrics that can be traced over time.
• Conducts selected tests of information security measures, including targeted penetration attacks and other configurable and administrative controls reviews on TXUE computing environments.
• Designs and Engineers internal information handling processes so that information is appropriately protected from a wide variety of problems including unauthorized disclosure, unauthorized use, inappropriate modification, premature deletion, and unavailability
• Serves as an active member of incident response teams and participates in security incident response efforts by having an in-depth knowledge of common security exploits, vulnerabilities and countermeasures. Acts as a technical consultant on information security incident investigations and forensic technical analyses.
Develop and maintain a deep understanding of value drivers for TXUE business units in order to inspire and achieve innovative value creation strategies.
Establishes and maintains strong working relationships with groups involved with information security matters such as the Legal Department, Internal Audit Department, Physical Security Department, Information Technology Department, Information Security Council, HR and all outsourced IT organizations.
Possess the relationship skills, cultural awareness, and organizational prowess required to work effectively in a large, highly-matrixed organization. Capable of delivering results through a position of influence, not authority.
This position will report to the Senior Manager, IT Security.
Adept at communicating complex concepts to diverse audiences with varying skills sets.
Communication skills are critical. Must be able to communicate with the technology providers as well as with business leaders. An ability to understand the technical details and communicate the essentials at a high level is essential
Education and Experience:
Minimum 5-8 years of experience is required and/or a Bachelors degree in technical related field or additional related experience.
A proven broad in-depth technical knowledge of Security principles and process is required.
Strong understanding of infrastructure, application and security appliance functionality using strong security practices
Professional certification(s) a plus (e.g CISSP, CISM, CISA, CCIE, etc.).
Experience interaction with a team of onshore and offshore resources.
Advanced technical capabilities in a wide array of platforms and systems (e.g., VMware, Windows, UNIX, SQL, etc.).
In-depth experience with IT audit/assessment/examination; SAS 70/SSAE practices; ITIL; ISO-standards; NIST, CobiT and Industry standard application development methodologies
Demonstrated experience teaming with business and IT stakeholders teaming on projects to deliver world class results
In-depth internal control knowledge of core IT technologies and processes (e.g., network systems, operating systems databases, change control tools and processes, computer system operations, application and system development, help desk and monitoring, information security, data backup/retention/recovery, IT vendor management, asset management, disaster recovery, etc.)
It is the policy of Energy Future Holdings, Luminant, and TXU Energy to comply with all employment laws and to afford equal employment opportunity to individuals in all aspects of employment without regard to race, color, religion, sex, pregnancy, national origin, age, disability, military service, veteran status, genetic information, or any other status protected under the law.