Senior Manager IT and OT Assurance Engineering / US

The Senior Manager, Control Systems and Digital Security is the leader of the team who will provide company Design, Build, and Test functions for both Information and Digital Services (IDS) and Operating Technologies (OT).

Responsibilities include:

• Develop and maintain cybersecurity architecture and engineering principles for on premise and cloud solutions including the cybersecurity solutions roadmap.
• Review and analyze existing enterprise cybersecurity solutions for effectiveness and efficiency and develop strategies for improving or leveraging these systems.
• Primary Industrial Automation Controls Systems (IACS) cybersecurity liaison for business product lines containing IACS, manufacturing environments, and vessels.
• Develop cybersecurity technology implementation strategies with the business for IACS environments with clear understanding of the differences between IT and OT environments (e.g. Anti-virus on HMIs, application whitelisting, security policies on firewalls, etc.)
• Develop an Application Security (AppSec) program to support all application development
• Provide application security assurance through developer training, requirements definition, threat modeling, static testing, dynamic testing, penetration testing, and protection technologies.
• Manage and coordinate the testing, identification and remediation of vulnerabilities
• Works with other security teams identifying emerging threats and develop strategies to mitigate
• Guide development of IAM architecture and direct IAM engineering and governance teams
• Implementation of the identity management strategies and enterprise solution delivery for Authentication, Provisioning/Deprovisioning, Role Management, Session Management, Password Vaulting, Privileged Account Management, Access Governance, Single Sign On, Adaptive Authentication, Analytics, PKI and Certificate Management, User Experience, and API Management.
• Partner with IDS Enterprise Architecture to design and deliver cybersecurity solutions for the enterprise in a highly complex environment with a blend of legacy, cloud and innovation platforms
• Support the IT Project Portfolio and provide cybersecurity requirements and architecture oversight.
• Develop, improve and implement cybersecurity standards and best practices.
• Oversee projects that are assigned to the cybersecurity teams and as directed by the CISO.
• Report to the CISO on architecture, assurance, and engineering strategic objectives and operational run metrics, key performance indicators, and outcomes.
• Lead a global team across diverse geographical regions and time zones.
• Build and lead exceptional teams through collaboration, mentoring and skill training.
• Set employee goals and objectives, monitor performance and provide constructive feedback.
• Excellent verbal and written communication skills including presenting to business leadership
• Prepare, establish, and manage a budget.

Education Requirements:

• Bachelor's Degree in Computer Science or related discipline
• Security Certifications required. Examples include ICS-related certification (e.g. SANS GICSP), CISSP, CISM. GSEC a plus

Work Experience:

• 10+ years Information Security Experience, with a minimum of 3 years in Industrial Automation & Control Systems.
• Must have a good understanding of the following security domains: Audit and Monitoring, Risk Response & Recovery, Cryptography, Data Communications, Malicious Code, Computer Operations Security, Telecommunications & Network Security, Security Architecture & Models, Security Management Practices, Investigation & Ethics.
• Proven experience with Microsoft O365, Azure Active Directory and Microsoft Azure.
• Knowledge of information and industrial control systems security standards (ISO 27001, IEC 62443, NIST Cybersecurity Framework)
• Experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS)
• Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.)
• Proven experience with risk assessment methodologies.
• Understanding of cyber threats, vulnerabilities, and exploits specific to ICS (BlackEnergy, IronGate, Havex)
• Able to work effectively in a matrix-management environment.
• Excellent interpersonal, analytical, organizational, and problem-solving skills.
• Understanding of project management knowledge areas.
• Advanced oral and written communication skills.