Accessibility Links

Senior Manager IT and OT Assurance Engineering

  • Job reference: 933940
  • Location: Houston, Texas
  • Salary: Negotiable
  • Job type: Permanent
  • Sector: Building, Construction & Infrastructure
  • Date posted: 19/02/2021

The Senior Manager, Control Systems and Digital Security is the leader of the team who will provide company Design, Build, and Test functions for both Information and Digital Services (IDS) and Operating Technologies (OT).

Responsibilities include:

  • Develop and maintain cybersecurity architecture and engineering principles for on premise and cloud solutions including the cybersecurity solutions roadmap.
  • Review and analyze existing enterprise cybersecurity solutions for effectiveness and efficiency and develop strategies for improving or leveraging these systems.
  • Primary Industrial Automation Controls Systems (IACS) cybersecurity liaison for business product lines containing IACS, manufacturing environments, and vessels.
  • Develop cybersecurity technology implementation strategies with the business for IACS environments with clear understanding of the differences between IT and OT environments (e.g. Anti-virus on HMIs, application whitelisting, security policies on firewalls, etc.)
  • Develop an Application Security (AppSec) program to support all application development
  • Provide application security assurance through developer training, requirements definition, threat modeling, static testing, dynamic testing, penetration testing, and protection technologies.
  • Manage and coordinate the testing, identification and remediation of vulnerabilities
  • Works with other security teams identifying emerging threats and develop strategies to mitigate
  • Guide development of IAM architecture and direct IAM engineering and governance teams
  • Implementation of the identity management strategies and enterprise solution delivery for Authentication, Provisioning/Deprovisioning, Role Management, Session Management, Password Vaulting, Privileged Account Management, Access Governance, Single Sign On, Adaptive Authentication, Analytics, PKI and Certificate Management, User Experience, and API Management.
  • Partner with IDS Enterprise Architecture to design and deliver cybersecurity solutions for the enterprise in a highly complex environment with a blend of legacy, cloud and innovation platforms
  • Support the IT Project Portfolio and provide cybersecurity requirements and architecture oversight.
  • Develop, improve and implement cybersecurity standards and best practices.
  • Oversee projects that are assigned to the cybersecurity teams and as directed by the CISO.
  • Report to the CISO on architecture, assurance, and engineering strategic objectives and operational run metrics, key performance indicators, and outcomes.
  • Lead a global team across diverse geographical regions and time zones.
  • Build and lead exceptional teams through collaboration, mentoring and skill training.
  • Set employee goals and objectives, monitor performance and provide constructive feedback.
  • Excellent verbal and written communication skills including presenting to business leadership
  • Prepare, establish, and manage a budget.

Education Requirements:

  • Bachelor's Degree in Computer Science or related discipline
  • Security Certifications required. Examples include ICS-related certification (e.g. SANS GICSP), CISSP, CISM. GSEC a plus

Work Experience:

  • 10+ years Information Security Experience, with a minimum of 3 years in Industrial Automation & Control Systems.
  • Must have a good understanding of the following security domains: Audit and Monitoring, Risk Response & Recovery, Cryptography, Data Communications, Malicious Code, Computer Operations Security, Telecommunications & Network Security, Security Architecture & Models, Security Management Practices, Investigation & Ethics.
  • Proven experience with Microsoft O365, Azure Active Directory and Microsoft Azure.
  • Knowledge of information and industrial control systems security standards (ISO 27001, IEC 62443, NIST Cybersecurity Framework)
  • Experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS)
  • Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.)
  • Proven experience with risk assessment methodologies.
  • Understanding of cyber threats, vulnerabilities, and exploits specific to ICS (BlackEnergy, IronGate, Havex)
  • Able to work effectively in a matrix-management environment.
  • Excellent interpersonal, analytical, organizational, and problem-solving skills.
  • Understanding of project management knowledge areas.
  • Advanced oral and written communication skills.

Our role in supporting diversity and inclusion
As an international workforce business, we are committed to sourcing personnel that reflects the diversity and values of our client base but also that of Orion Group. We welcome the wide range of experiences and viewpoints that potential workers bring to our business and our clients, including those based on nationality, gender, culture, educational and professional backgrounds, race, ethnicity, sexual orientation, gender identity and expression, disability, and age differences, job classification and religion. In our inclusive workplace, regardless of your employment status as staff or contract, everyone is assured the right of equitable, fair and respectful treatment.