Senior Information Security Architect

Overview: Morgan IT is on a mission to strengthen Digital Capabilities by creating an Evergreen IT estate as a cornerstone of company success in the coming century. This means fit-for-purpose, always up-to-date IT services on a green footprint that maximises our people’s capabilities to drive business value. To do so, the OneIT team is currently executing a strategic roadmap to make significant modernization and globalization steps in its IT estate, IT performance and business value from IT. Morgan’s IT and security strategy is to leverage functionality and capability from our partnership with Microsoft, which will establish a secure and compliant IT environment.

SCOPE OF ROLE: As a Senior Security Architect, you will play a critical role in defining and implementing robust security architectures across both Operational Technology (OT) and Cloud (Azure) environments at Morgan Advanced Materials. You will collaborate with cross-functional teams to ensure security is embedded into architectural decisions while balancing operational efficiency and compliance requirements. Additionally, you will represent the security function in Change Control Boards (CCB), reviewing architecturally significant changes and providing security control recommendations.

Responsibilities:

• ESSENTIAL DUTIES & RESPONSIBILITIES: Your responsibilities will include overseeing the security architecture approach and working with the IT function and business units to promote security engineering practices and develop security reference architectures for new solutions. This includes defining security controls (document security requirements and applicable design options) to apply in delivering business value while reducing risk.

Key Responsibilities:

• OT Security Architecture & Design: Define and design OT security architecture patterns including network segregation and segmentation for industrial control systems (ICS), SCADA, and IIoT equipment. Develop and enforce network segmentation and secure remote access strategies in alignment with IEC 62443 and NIST 800-82. Evaluate and integrate security monitoring and threat detection solutions (e.g., Armis, Nozomi, Microsoft Defender for IoT). Assess risks and recommend security controls for legacy industrial systems with limited security capabilities. Work closely with OT working group of engineers and plant IT teams to ensure cybersecurity policies align with operational constraints.
• Cloud Security Architecture (Azure): Define and implement cloud security architectures for workloads hosted in Microsoft Azure, ensuring alignment with best practices such as Microsoft CAF and Zero Trust principles. Work with cloud engineering teams to enforce security configurations for Azure services, including Identity & Access Management (IAM), Secure Networking, Key Management (Azure Key Vault), and Data Protection (DLP, encryption). Design logging, monitoring, and incident response strategies for Azure workloads using Microsoft Defender for Cloud, Sentinel, and Log Analytics. Ensure compliance with relevant industry security frameworks (e.g., ISO 27001, NIST CSF, CIS Benchmarks) in cloud environments.
• Security Governance & Change Control Board (CCB): Represent the security team in the Change Control Board (CCB) and review architecturally significant changes from a security perspective. Provide security control recommendations for infrastructure, application, and cloud changes to mitigate risks while enabling business agility. Act as a trusted advisor to IT, OT, and cloud engineering teams on security design decisions. Ensure change management processes align with regulatory and security compliance requirements.
• Security Technology Evaluation & Continuous Improvement: Evaluate and recommend security technologies for network security, endpoint security, identity management, and threat detection across IT, OT, and cloud. Drive continuous improvement in security architecture by staying updated with emerging threats, security trends, and evolving regulatory requirements. Collaborate with vendors and external security consultants to enhance security capabilities.

Qualifications:

• EXPERIENCE & BACKGROUND: Strong knowledge of OT security, ICS/SCADA cybersecurity, and industrial networking protocols and OT asset discovery solutions. Deep expertise in Microsoft Azure security (Azure AD, Defender for Cloud, Sentinel, Key Vault, IAM). Proficiency in network security, segmentation strategies, firewalls, and IDS/IPS solutions for hybrid IT/OT environments. Excellent leadership skills with experience in managing high-performance teams and complex projects. Experience with Zero Trust Architecture (ZTA) and Secure Access Service Edge (SASE). Security Frameworks & Compliance Experience with IEC 62443, NIST 800-82, ISO 27001, NIST CSF, CIS Controls. Microsoft technologies including Defender for Cloud, M365 Defender, MS Sentinel.
• Collaboration & Leadership: Bachelor’s degree in information systems, Computer Science, Information Security, or related field. Ability to work cross-functionally with OT engineers, cloud architects, IT teams, and business stakeholders. Strong communication and advisory skills, particularly in engaging CCB and senior leadership on security risks. Experience with security governance, policies, and change management processes.
• Certifications (Preferred but Not Mandatory): Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), GIAC Global Industrial Cyber Security Professional (GICSP), Azure Security Engineer Associate (AZ-500), SABSA/TOGAF Enterprise Security Architecture Certification, ISA/IEC 62443 Design Specialist.

Morgan Advanced Materials is an EEO/AA/M/W/D/V Employer.