Key accountabilities will include:
- Supporting client site-based engineering teams with specialist cyber risk guidance, improvement planning, design and execution of cyber-security remediation activities for IT, communication and OT assets and industrial processes.
- Providing governance and oversight of vulnerability remediation activities, planning, controlling, monitoring, verifying and reporting on remediation tasks and risk posture
- Perform compensating controls analysis and validate efficacy of existing controls;
- Develop solution and business cases with technical and financial details for the implementation of mitigate controls within the I&OT environment; and
- Provide assistance in the acquisition/ deployment / execution of the solutions.
- Conducting assessments and providing assurance over the effectiveness of I&OT cyber security controls, identifying gaps and recommending pragmatic and risk-based controls for NIST CSF, IEC 62443 and related frameworks
- Developing OT Cyber Security strategy, governance, frameworks policies, procedures and checklist documents.
- Develop and deliver validation program for cyber security including FAT and SAT activities, checklists
- Conduct compliance assessments for IEC, ISO and NIST standards and prepare compliance statements for internal and external stakeholders within client environment
- Ensuring compliance with all applicable policies, configuration standards and best practice frameworks.
- Developing and Integrating patching with vulnerability, change, configuration and release management processes within industrial processes.
- Working with key stakeholders across multiple clients to manage continuous I&OT vulnerability assurance and analysis of threat intelligence sources
- Work with stakeholders to produce key performance metrics reporting to demonstrate effectiveness of the cyber security program within the I&OT environment.
- Monitoring operational security posture and, in conjunction with the security operations centre (SOC), identifying security issues and risks for escalation through various monitoring tools with service owners or management.
- Performing or supporting necessary Security Maintenance activities on I&OT systems.