Requisition 33980 :

#LI-JK1

Job Description

The primary responsibilities of the Security Architect are to design, enhance, and implement information security systems with specific focus on the industrial control system (ICS) and positive train control (PTC) technologies; Develop security policies, standards, and procedures to enhance the overall posture of ICS and PTC information security; Conduct risk assessments to ensure the confidentiality, integrity, and availability of information assets across the Norfolk Southern enterprise.

Principal Duties

• Designs and implements information security systems that supports Information Security's roadmap for risk management in the ICS/PTC environment.
• Build security designs, standards, and procedures to support implementation of the security architecture strategic roadmap for ICS/PTC environments
• Develop, document, and enforce security policies, standards, procedures, and guidelines relative to the enterprise PTC/ICS landscape.
• Functions as subject matter expert for implementations of ICS/PTC Information Security systems
• Coordinate deeply technical and environment-specific solutions for numerous issues across IT Applications, Mechanical, Operations, and Communications & Signaling
• Lead asset discovery efforts in conjunction with business partners and vendors
• Collaborate with the Security Architecture team and perform Security Architecture duties as applied to ICS/PTC, including:
  • Review and approve security variances to established ISPPD policies
  • Review and approve requests for firewall changes
  • Conduct risk assessments of enterprise initiatives, including external service providers and suppliers
  • Monitor security updates, technologies, and best practices to improve corporate information security
  • Assists in the execution of, and response to, regulatory changes affecting information security
  • Follows up on developed compliance plans to ensure completion
  • Provide assistance to incident response team for threats for computer/network forensics investigation
• Participate in industry interoperable committees for standards and specifications development

Job Related Experience

Preferred Level: 3+ Years

Education

Preferred Level: Bachelor's Degree (BS)

Preferred Majors: Computer Science or Information Systems, Specialization in Information Security/Assurance is a plus

Licenses/Certifications:

Security certifications: GICSP, GRID, or equivalent

Skills Required
• ICS/OT experience
• Written Communication
• Communication Skills
• Customer Service
• Analytical Thinking
• Identifying and Considering Alternatives

Skills Desired
• Functional automation
• Connecting legacy systems
• Electo-mechanical migration to electronics
• Experience with Claroty tool

Work Conditions

Environment: Hybrid

Shift Work: No

On-Call: Yes

Weekend Work: As Required

Travel Required: 0-2 Days per Month

Work Location

GA-Atlanta

Company Overview

Norfolk Southern Corporation (NYSE: NSC) is a Fortune 300 organization and one of the nation's premier transportation companies. Its Norfolk Southern Railway Company subsidiary operates approximately 19,500 route miles in 22 states and the District of Columbia, serves every major container port in the eastern United States, and provides efficient connections to other rail carriers. Norfolk Southern is a major transporter of industrial products, including chemicals, agriculture, and metals and construction materials. In addition, the railroad operates the most extensive intermodal network in the East and is a principal carrier of coal, automobiles, and automotive parts.

At Norfolk Southern, we believe in celebrating our individuality. By leveraging the unique backgrounds and viewpoints of our employees, we can create a culture of innovation, respect, and inclusion. We know that employees thrive in a workplace where differing viewpoints, ideas, and experiences are freely shared and valued. As such, we encourage all employees to contribute their distinctive skills and capabilities to our organization.

Equal employment opportunities are available to all applicants regardless of race, color, religion, age, sex, national origin, disability status, genetic information, veteran status, sexual orientation, and gender identity. Together, we power progress.

Effective December 8, 2021, NS has paused its implementation of the COVID-19 vaccine mandate given the dynamic legal proceedings. The ultimate outcome of the federal contractor vaccine mandate is yet to be determined. It is still possible that the mandate, as it applies to NS, could be upheld in court in the near future. If the mandate is upheld, NS employees will be required to be vaccinated or have an approved medical or religious accommodation.