The Operational Technology Security Expert identifies legal and customer OT Security requirements and assures the definition and implementation of audit-proof policies, processes and guidelines for GEA’s production environment (e. g. IIoT – Industrial Internet of Things, ICS – Industrial Control Systems, SCADA). He develops, define and improve the security of the Operational Technology as one part of the Enterprise Security Architecture (ESA). The OT Security Expert is responsible for the security of the production processes, including network security and security of production and automation environments and IIoT systems.
Your responsibilities and tasks:
- Single point of accountability for all aspects of Operational Technology (Production) Security (scope, quality, pricing, delivery), in alignment with Chief Information Security Officer (CISO).
- Accountable for identification of legal and customer OT security requirements and assures the definition and implementation of audit-proof policies, processes and guidelines for GEA’s production environments (e. g. IIoT – Industrial Internet of Things, ICS – Industrial Control Systems, SCADA, DCS, PLC, etc.).
- Responsible for the development of OT Security Strategy and synchronization with information security, production and digitalization strategy.
- Responsible for the development and continuous standardization, optimization and automation of OT security framework and architecture, incl: threat modelling, data modelling and segregation, secure cloud integration as part of the Enterprise Security Architecture.
- Responsible for the implementation of OT security requirements in the production and automation environments.
- Responsible for the development of GEA’s OT Security standards.
- Advising the OT, production and automation departments on the identification and mitigation of risks in those environments.
- Very close interaction with various business areas (information & cyber security, risk management, compliance and data protection, legal, sales, IT Enterprise Security Architecture as well as with the product developers).
- Share business and customer problems with the production teams and work on improvements.
- Consulting in projects and platforms in the field of OT security and in the protection of production and automation technology.
- Consulting regarding the secure creation, commissioning and operation of OT
Documentation, analysis and further development of KPIs for OT Security. - Contact person for the documentation and processing of security incidents in the production and automation environments.
Your profile and qualifications:
- Bachelor’s Degree in Information Technology / Computer Science / Engineering, Business Administration, or a related technical discipline.
- Experience related to IT/OT Security in a similar role related to ICS, IIoT, SCADA.
- Experience in Automation, Industry 4.0 Operational Technology (OT) and Industrial Control Systems (ICS) (DCS, SCADA, PLC, etc.).
- Proofed Experience in industrial security standards like IEC 62443.
- Knowledge in PLC S7, Sinumeric 840D and MS Azure advantageous.
- Significant qualities in management and conception as well as operationalization of complex issues in the security environment.
- IT Security Certifications advantageous (e.g. ISA/IEC 62443 Certifications, CISSP: Certified Information Systems Security Professional, CISA: Certified Information Systems Auditor).
- Experience in firewall systems and expertise in vulnerability management.
- Knowledge of use and configuration of supplementary IT security architectures (e.g. SIEM, IDS / IPS) and the special requirements of OT systems.
- Knowledge about standard methodologies related to networking and system security (WAN, Routing, Proxy, TLS) and network protocols such as TCP, UDP, IPSec, SSL and DNS.
- Experience with patch management for operating systems and applications knowledge about encryption technology.