OT Cyber Security Assurance and Risk Specialist

Job Purpose

The OT Cyber Security Assurance and Risk Specialist will be responsible for ensuring ENEC Operations’ compliance with the cyber security program and FANR regulations. This role involves performing security assessments, security architecture reviews, risk and vulnerability management, and managing key internal and external stakeholders to maintain a robust cyber security posture.

Key Activities, Responsibilities & Accountability

1. OT Network and System Security Assessment

Responsibilities and Accountabilities:

• Analyze and assess vulnerabilities in the OT infrastructure (software, hardware, and network).
• Investigate vulnerability remediation, alternative controls, and/or best practices to address detected OT cyber security vulnerabilities.
• Conduct cyber security risk assessments and impact analyses for changes to critical digital assets within the Nuclear Power Plant.

1. Security Monitoring and Forensics

Responsibilities and Accountabilities:

• Perform security monitoring, logs analysis, and compromise assessments of OT systems to detect incidents and root causes.
• Utilize new technologies and processes to enhance OT security capabilities and implement improvements.

1. Security Architecture Design

Responsibilities and Accountabilities:

• Perform design reviews for OT systems and define security requirements.
• Identify security gaps and recommend measures to address them.
• Evaluate modifications to critical digital assets (CDA) before implementation, ensuring reviews and assessments are completed.

Additional Responsibilities:

• Support the personnel department and other functions in reporting and recommending security enhancements.
• Monitor, review, and close Action Requests (ARs) within agreed timelines.
• Conduct periodic awareness campaigns on OT security best practices, including handling portable media devices.
• Assist FANR inspections with data and follow up on remedial actions.

1. Risk Assessment & Management

Responsibilities and Accountabilities:

• Lead comprehensive risk assessments of systems and infrastructure, developing mitigation strategies.
• Conduct regular vulnerability and threat assessments.
• Maintain and update the risk register.
• Perform threat modeling and collaborate with business units on risk mitigation.
• Evaluate third-party vendor security postures and ensure compliance with standards and regulations.
• Monitor security controls effectiveness and stay informed on emerging threats.
• Lead supply chain security risk management efforts.
• Continuously improve risk management practices based on latest threats and technologies.

Qualifications

• Bachelor's Degree

Experience

• At least 3 years of relevant experience.

Preferred Qualifications:

• Bachelor’s Degree with 3 years’ experience, or Diploma, Military or Police Academy graduate with 8 years’ experience, or High School with 10 years’ experience.
• Certifications such as CISSP, GICSP, OSCP, GPEN, ISA/IEC 62443 Cybersecurity Expert.