EXPERIENCE
Essential skills and experience
- Have 7 years proven track record of Leading the delivery of information security strategy in the industrial cybersecurity space, policy & process development and implementation
- Have 7 years proven track record of leading the delivery of information security programmes and projects dealing mainly with industrial control systems
- Clear evidence of a track record of successful project engagements covering a minimum of 6 of the topics listed below
- a) Industrial cyber security strategy & architecture
- b) Information security governance
- c) Perimeter security and intrusion prevention & detection
- d) Asset management
- e) Defence in depth architecture
- f) Knowledge of the energy sector
- g) Industrial control systems controls & regulations (NIS, NERC-CIP, ISA/IEC 6443, NIST 800-53/8, etc.)
- h) Security strategy & transformation
- i) Information Security Risk Management best practices
- j) Network segmentation and Purdue Model
- k) Data protection
- l) Industrial Health & Safety requirements
- m) Identity & Access management
- n) Change management
- o) Malware & antivirus management
- p) Information Security processes & policies
- q) Incident response
- r) Cyber threat intelligence
- s) Vulnerability management
- t) System security
- u) Security awareness and training
- v) Security monitoring
- w) Third party vendors & access management
- x) Resilience and business continuity
Nice-to-have skills and experience
- Demonstrate their knowledge of the energy sector through direct experience with energy stakeholders
- Demonstrate aknowledge of agile working practices