Senior OT Cyber Security Assurance and Risk Specialist

Job Purpose

The OT Senior Cyber Security Assurance and Risk Specialist will be responsible for ensuring ENEC Operations’ compliance with the cyber security program and FANR regulations. This role involves performing security assessments, security architecture reviews, risk and vulnerability management, and managing key internal and external stakeholders to maintain a robust cyber security posture.

Key Activities, Responsibilities & Accountability

OT Network and System Security assessment

Responsibilities and Accountabilities:

• Lead analysis and assessment of vulnerabilities in the OT infrastructure (software, hardware, and network).
• Investigate vulnerability remediation, alternative controls, and best practices to address detected OT cyber security vulnerabilities.
• Conduct cyber security risk assessments and impact analysis for changes to critical digital assets within the Nuclear Power Plant.

Security monitoring and forensics

Responsibilities and Accountabilities:

• Perform security monitoring, logs analysis, and assessments to detect incidents and determine root causes.
• Utilize new technologies to enhance OT security capabilities and implement improvements.
• Conduct security audits to verify effectiveness of security controls.

Security Architecture design

Responsibilities and Accountabilities:

• Perform design reviews for OT systems and define security requirements.
• Identify security gaps and recommend solutions.
• Evaluate modifications to critical digital assets before implementation, ensuring reviews and assessments are completed.

Additional Responsibilities

• Support HR and Information Security functions in reporting and recommending security solutions.
• Monitor and close Action Requests within agreed timelines.
• Assist in preparing the annual security budget.
• Provide training and awareness campaigns on OT cyber security best practices.
• Support FANR inspections with data and follow up on remedial actions.
• Promote a cyber security culture within ENEC Operations.

Risk Assessment & Management

• Lead risk assessments and prioritize mitigation strategies.
• Conduct regular vulnerability assessments.
• Identify and mitigate security threats.
• Maintain the risk register and perform threat modeling.

Qualifications

Bachelor’s degree in Computer Science, Information Technology, Cyber Security, or equivalent. 5 years of relevant experience required. Preferred qualifications include a bachelor’s degree with 10 years’ experience or an MSc with 8 years’ experience, along with professional certifications such as CISSP, GICSP, OSCP, GPEN, or ISA/IEC 62443 Cybersecurity Expert.