OT Security Officer - Vulnerabilities
1525526
Posted: 08/05/2024
This role will lead the assurance and testing of existing security controls to ensure their continued effectiveness. Responsibilities include checking adherence to processes, monitoring and reporting on software vulnerabilities, and directing audits, inspections, and penetration testing.
This is an opportunity to be part of a growing security team with a clear mission to protect critical infrastructure and keep the lights on.
Responsibilities:
• Lead and prioritise a programme of audits and security assurance to identify vulnerabilities within existing controls.
• Monitor the configuration and settings of security devices.
• Review the effectiveness of Identity and Access Management processes and systems.
• Assess and prioritize software vulnerabilities.
• Monitor and audit our supply chain to ensure security requirements are included within contracts and that suppliers deliver against these commitments.
• Ensure all vulnerabilities are triaged, prioritised, tracked/reported, and remediated appropriately within documented SLAs.
• Develop processes and standards to monitor and verify the efficacy of security controls across the OT estate.
• Contract external resources to undertake independent control reviews and audits, including control maturity assessments, supply chain assessments, and penetration tests.
Skills/Must have:
• Experience undertaking control and maturity assessments, ideally with the NCSC Cyber Assessment Framework (CAF). Understanding other control frameworks such as NIST CSF and ISA/IEC62443 is desirable.
• Experience working within an operational technology environment, preferably for a large, regulated utility.
• Understanding of how cyber security threats may disrupt Operators of Essential Services.
• Experience applying security controls within an operational technology environment.
• Experience in a greenfield role, producing new tools and processes to enhance the maturity of a new team.
Benefits:
• 34 days annual leave entitlement.
• Enhanced maternity/paternity leave.
• Discounted healthcare.
• Salary sacrifice car leasing.
• A range of benefits to support your finances, wellbeing, and family.
Location:
• 2-3 days per week at one of the sites - Aberdeen, Inverness or Perth
Salary:
• £55,200 - £83,000 (depending on skills and experience) + performance-related bonus
- £55,000 to £83,000pa
- Scotland, United Kingdom
- Permanent
This role will lead the assurance and testing of existing security controls to ensure their continued effectiveness. Responsibilities include checking adherence to processes, monitoring and reporting on software vulnerabilities, and directing audits, inspections, and penetration testing.
This is an opportunity to be part of a growing security team with a clear mission to protect critical infrastructure and keep the lights on.
Responsibilities:
• Lead and prioritise a programme of audits and security assurance to identify vulnerabilities within existing controls.
• Monitor the configuration and settings of security devices.
• Review the effectiveness of Identity and Access Management processes and systems.
• Assess and prioritize software vulnerabilities.
• Monitor and audit our supply chain to ensure security requirements are included within contracts and that suppliers deliver against these commitments.
• Ensure all vulnerabilities are triaged, prioritised, tracked/reported, and remediated appropriately within documented SLAs.
• Develop processes and standards to monitor and verify the efficacy of security controls across the OT estate.
• Contract external resources to undertake independent control reviews and audits, including control maturity assessments, supply chain assessments, and penetration tests.
Skills/Must have:
• Experience undertaking control and maturity assessments, ideally with the NCSC Cyber Assessment Framework (CAF). Understanding other control frameworks such as NIST CSF and ISA/IEC62443 is desirable.
• Experience working within an operational technology environment, preferably for a large, regulated utility.
• Understanding of how cyber security threats may disrupt Operators of Essential Services.
• Experience applying security controls within an operational technology environment.
• Experience in a greenfield role, producing new tools and processes to enhance the maturity of a new team.
Benefits:
• 34 days annual leave entitlement.
• Enhanced maternity/paternity leave.
• Discounted healthcare.
• Salary sacrifice car leasing.
• A range of benefits to support your finances, wellbeing, and family.
Location:
• 2-3 days per week at one of the sites - Aberdeen, Inverness or Perth
Salary:
• £55,200 - £83,000 (depending on skills and experience) + performance-related bonus
Lewis West
Head of Cyber Security UK