Cybersecurity Engineering Senior Analyst
Sofia, Sofia City Province, Bulgaria
IT - others
For a client of ours - a company in the energy sector, that develops, acquires, and operates renewable and thermal power generation facilities around the world, we are looking for an experienced Security Engineering Analyst that could cover the following specification:
KEY RESPONSIBILITIES:
- Design and configure the company's cybersecurity infrastructure in accordance with cybersecurity architecture standards.
- Design and support deployment of cybersecurity controls for the company's IT and OT technology platforms and networks.
- Plan, implement, test, maintain, and upgrade cybersecurity infrastructure and technology platform cybersecurity controls.
- Troubleshoots cybersecurity infrastructure and control problems.
- Develop defined actionable cybersecurity controls implementation guidelines and required levels of protection that align with the company's enterprise level cybersecurity risk and control framework.
- Support cybersecurity incident response.
- Support IT and OT change management process.
- Testing and identifying network and system vulnerabilities.
- Develop defined actionable cybersecurity controls implementation guidelines, and required levels of protection that align with the company's enterprise level cybersecurity risk and control framework.
- Conduct periodic assurance reviews across all cybersecurity infrastructure and IT and OT platform controls to ensure that designs are built and implemented to the agreed cybersecurity architecture.
- Collaborate with the Cybersecurity GRC function to process and evaluate cybersecurity architecture and design exception requests.
OTHER ACTIVITIES:
- Collaborate with the cybersecurity leadership team to ensure appropriate enterprise level cybersecurity systems and tools align with cybersecurity strategy and are reflected in the cybersecurity program roadmap.
- Maintain a formal enterprise-wide required and preferred IT and OT security tools and architecture library.
- Advise corporate IT/OT functions, plant operational management and business stakeholders on cybersecurity vendor and tools selection, with emphasis on ensuring that tools address business entity requirements and maximize reusability.
- Develop action (project) plans for cybersecurity systems and controls within enterprise systems, aligned to the company's cybersecurity strategy and enterprise cybersecurity roadmap.
COMMIT TO LEAD WITH OUR VALUES:
- Commit to CG values as expressed in the Essential Information. Model the values in any interaction internally and externally
- Put Health and Safety First
- Embrace Timely Transparency
- Model the 3Cs Communication, Collaboration and Coordination
- Embrace Failure analysis and continuous improvement including Five Whys
- Seek out ways to incorporate technology and Artificial Intelligence into the company's legal practice
QUALIFICATION AND SKILLS:
- Minimum of 5 years in Cybersecurity operations ideally within Energy sector
- A degree in computer science, IT, systems engineering, or related qualification
- Highly collaborative with ability to articulate ideas and influence peers and senior leaders
- In-depth knowledge of cybersecurity design and implementation practices, ideally within the Electric Utilities or similar industry sectors with critical infrastructure OT environments
- Expertise with a wide variety of cybersecurity vendors and tools, and experience designing and managing vendor evaluation processes
- Knowledgeable about cyber attackers tactics, techniques and procedures (TTP)
- Strong analytical and critical thinking skills
- Proficiency in analyzing and solving problems
- Ability to interact effectively with stakeholders, including senior management, and representatives from other functions of the organization
- Team player, motivated to help others and comfortable giving and receiving feedback
- Flexible, resilient under pressure, and decisive, with a proven track record of delivering results to a high standard within tight deadlines
- Willingness to travel to company facilities as required (20%)
- Certified Information System Security Professional (CISSP) certification
- Experience with OT / ICS / SCADA environments
- SANS courses: Purple Team curriculum is desirable
- Global Industrial Cybersecurity Professional (GICSP) certification is desirable
- Certified SCADA Security Architect (CSSA) certification is desirable
This position reports hierarchically to Deputy Chief Information Security Officer