Enterprise Sec Privacy Archit

Job Duties/Scope Of Work
This Enterprise Security and Privacy Architect position will provide support to the HMIS Information Management Services group and report to the Chief Enterprise Architect in designing, implementing, and maintaining a comprehensive security and privacy architecture(s) for The Hanford Field Office (HFO). Primary job duties include, but are not limited to the following:

• Develop, maintain and document the HFO enterprise security and privacy architecture(s), including network security, application security, data security, and cloud security. Including a general support and industrial control system operating environment.
• Design and implement a comprehensive Zero Trust Architecture (ZTA) strategy, including micro-segmentation, continuous authentication, and policy enforcement.
• Define and implement security standards and best practices in alignment with NIST Special Publications (e.g., SP 800-53, SP 800-82), FISMA, and other relevant federal regulations and directives.
• Evaluate and recommend security technologies and solutions to enhance the HFO's security posture.
• Create and maintain detailed security architecture design documentation, including diagrams, policies, procedures and reference architecture packages.
• Lead and/or participate in security audits and evaluations.
• Ensure compliance with federal privacy regulations, including the Privacy Act and other relevant statutes.
• Design and implement data protection strategies, including data encryption, data loss prevention (DLP), and data masking.
• Conduct privacy impact evaluations and develop privacy strategies to mitigate risks.
• Collaborate with cybersecurity, legal and privacy teams to address privacy-related architectural issues.
• Integrate Privacy Controls: Collaborate with cross-functional teams including cybersecurity to integrate privacy controls into the enterprise architecture, ensuring compliance with regulatory requirements and safeguarding sensitive data throughout its lifecycle.
• Participate in Governance Boards: Actively represent the EA program on governance boards, providing expert guidance on security and privacy matters to influence policy development and strategic decision-making.
• Engage in Project Teams: Serve as a key member of project teams, ensuring that security and privacy considerations are incorporated into project plans and deliverables, and that architectural standards are upheld.
• Lead Workgroups for Security Initiatives: Facilitate and lead workgroups focused on security and privacy initiatives, driving collaboration and consensus among stakeholders to achieve common objectives and enhance the organization's security posture.

Basic Qualifications
Intermediate Level:

• BA/BS degree in computer science, information security, or a related field or equivalent combination of education and experience.
• 8 plus years of experience in security architecture design and implementation, preferably in a federal government environment.
• 4 years' experience with cloud security and cloud service providers (e.g., AWS, Azure, GCP).
• Excellent communication, collaboration, and problem-solving skills.
• Ability to obtain and maintain a DOE "Q" security clearance.
• Ability to obtain and maintain a Personal Identity Verification (PIV) Credential badge.

Advanced/Senior Level: (in addition to Intermediate Level)

• BA/BS degree in computer science, information security, or a related field or equivalent combination of education and experience.
• 10 plus years of experience in security architecture design and implementation, preferably in a federal government environment.
• 6 years' experience with cloud security and cloud service providers (e.g., AWS, Azure, GCP).

Desired Qualifications
*Relevant security certifications (e.g., [CISSP] Certified Information Systems Security Professional, [CISM] Certified Information Security Manager, [CCSP] Certified Cloud Security Professional, [TOGAF] The Open Group Architecture Framework) are highly desirable.

• Master's degree in computer science, information security, or a related field
• Extensive knowledge of federal security frameworks and regulations, including FISMA, NIST, and OMB memorandums.
• Proven experience in designing and implementing Zero Trust Architecture (ZTA), Identity and Access Management (IAM), and Multi-Factor Authentication (MFA) solutions.

Compensation & Benefits
Intermediate Level:
Grade 18: $109,013 - $137,538
Grade 19: $119,813 - $151,038

Advanced/Senior Level:
Grade 20: $131,888 - $166,263
Grade 21: $145,150 - $183,050
Grade 22: $162,863 - $214,288

HMIS offers a comprehensive benefits package that includes medical/dental/vision, short-and long-term disability, life insurance, 401(k) plan, and paid time off. For a full list of benefits please visit our benefits website: https://hmis.hanford.gov/hr/page.cfm/employeebenefits

In accordance with the HMIS salary determination process, offers will be made by taking into consideration the level of assigned job duties, responsibilities, and the candidate's qualifications relative to internal peers and the external labor market. A candidate's salary history will not be used in compensation decisions. The salary range listed represents the full range of salary that may be offered.

In compliance with Homeland Security Presidential Directive 12 (HSPD-12) and Department of Energy (DOE) Hanford Field Office (HFO) direction, employees issued initial badges on or after September 1st, 2025, are required to obtain and maintain a HSPD-12 Personal Identity Verification (PIV) Credential. To obtain this credential, new employees must successfully complete and pass a federal background check investigation. This investigation encompasses multiple areas of eligibility and includes a declaration of illegal drug activities, including use, supply, possession, or manufacture within the last year. This includes marijuana and cannabis derivatives, which are still considered illegal under federal law, regardless of state laws.