Cyber Security Engineer Lead

Company Description

Assystem is an international company with one mission: accelerate the energy transition around the world.

Every day, our 6,500 switchers located in 12 countries (Europe, Middle East, Pacific Asia & Africa) connect their six thousand billion neurons to tackle the task of the century: switching to low-carbon energy.

We are a collective committed to the actors who are making the energy switch. Sharing our knowledge, expertise and values allows us to innovate and think differently about the energy transition.

Drawing on more than 55 years' experience in highly regulated sectors subject to strict security and safety requirements, we provide our customers with engineering and project management services, as well as digital services and solutions to optimize the performance of complex infrastructure projects throughout their life cycle. The Group is currently ranked second in the world for nuclear engineering.

To ensure a viable, efficient, and reliable energy future for all.

Job Description

Continuation of the Hinkley Point C (HPC) programme to establish adequate site security arrangements to protect the availability, integrity, and confidentiality of Instrumentation & Control (I&C) systems during site storage, installation, and commissioning activities

The OT Cyber Security Lead will directly report to the Commissioning team but will work under supervision with the HPC Cyber Security & Information Assurance Manager to support the installation and commissioning of I&C plant systems at HPC site. The role will be site based to help support the wider site security team and commissioning to secure the delivery, storage, installation, and commissioning of I&C systems for the final plant.

OT Cyber Security Lead will help to assure the I&C systems delivered to HPC by key supply chain partners against the HPC OT Cyber Security Guidelines and support the delivery of the HPC OT Cyber security strategy to ensure that the cyber security risks that impact all critical I&C systems during construction are mitigated are protected from malware and integrity is assured.

The OT cyber security lead will be the first point of contact and owner of all aspects of I&C systems cyber security during HPC construction.

The principal activities of the cyber security lead will be:

• Support and deliver the OT Commissioning Security Plan to outline the site security arrangements for I&C systems delivered to site in alignment with the I&C Site Security Arrangements Guidance. This includes but is not limited to specifying rules of access to the rooms with I&C cabinets, rules for the cabinets access, removable media policies and procedures, portable computing devices policies and procedures, asset inventory and management processes and solutions, ongoing security assurance of I&C systems, etc.
• Provide additional SME advice to cover the practical rules of cybersecurity if not covered in the OT commissioning Security Plan for example provide guidance for malware checks of OT devices, storage of devices, management of passwords and similar.
• Provide cyber security support for the management of the temporary modifications on site with the support of one commissioning engineer
• Provide cyber security input to the management of the design changes with the support of a commissioning engineer
• Provide cyber security input to the management of the I&C configuration with the support of a commissioning engineer
• Develop and deliver procedures to define rules for periodic security check on a regular basis of safety I&C cabinets (centralised or dedicated) during installation and commissioning phase
• Perform risk assessments for I&C systems utilising our HPC security risk methodology and provide recommendations on cyber controls to mitigate risks. Ongoing management of I&C cyber security risks.
• Confirming adequacy of site security arrangements by the Suppliers (when different from generic HPC ones) for example for storage on-site, cabinet access, installation processes, etc
• Assuring the security state of the I&C systems as they are delivered to site
• Support ongoing assurance of the Supplier’s arrangements for IT and OT at HPC during construction, installation and commissioning.
• Support TCO security teams in the production of I&C cyber security cases by providing information about site I&C site security arrangements and I&C site assurance activities.

Qualifications

Knowledge, Skills, Qualifications & Experience

Essential

• Ability to obtain NSV SC Clearance (Non UK Residents can't be considered)
• Degree standard education in related subject [or equivalent experience].
• Good understanding of OT Risk Management, Cyber Threats, and Vulnerabilities.
• Good understanding of I&C systems design and operation.
• Must be confident in own abilities and be able to deliver in a dynamic environment.
• Excellent communication skills and able to strike up effective working relationships.
• Experience to assure and review Information and Operational Technology systems (e.g. ICS/SCADA/IoT)
• Knowledge of Information security standards (e.g. ISO27000, NCSC, GDPR)
• Knowledge of ICS Cyber Security Standards (e.g. IEC 62443, NIST SP)

Desirable

• Experience with I&C systems design, commissioning or operation in a nuclear plant environment
• CS&IA experience in a large infrastructure project environment
• Relevant Professional Certifications or Equivalent: e.g. ISC2 CISSP, GIAC GICSP
• Recognised and certificated ‘Behavioural Safety Programme’
• Experience of working in a high security environment
• Proven experience within a large project environment
• Knowledge of Nuclear Security Regulations and Standards (e.g. NISR 2003, ONR Security Assessment Principles)

Additional Information

Due to the nature of work to be undertaken applicants will be required to meet certain residency criteria in order to attain a minimum level of UK security clearance if not already security cleared to a minimum SC level.

We are committed to equal treatment of candidates and promote, as well as foster all forms of diversity within our company. We believe that bringing together people with different backgrounds and perspectives is essential for creating innovative and impactful solutions. Skills, talent, and our people’s ability to dare are the only things that matter !. Bring your unique contributions and help us shape the future.