Senior Security Consultant (OT Security)

Company:

Sopra Steria is a listed European tech leader specializes in Consulting, Digital Service, and Software. We have 50,000 employees worldwide located in different regions (Europe, North America and Asia), whereby Singapore is the HQ for APAC. EvaGroup Asia Pacific is part of Sopra Steria, in charge of Infrastructure, Cloud and Cybersecurity services in APAC.

Context:

We are looking for a Senior Security Specialist in OT to be part of the core APAC team to reduce the risk and cost from an Industrial Security Incident.

This will impact multiple sites in the region and there isn’t any current competency to assess and develop risk mitigation plans

Several main objectives behind the team:

• The to be state will be to have all Industrial Assets in a risk managed state with reportability to APAC Executive Leadership.
• A phase of discovery of industrial assets and define security standards to apply will be required.
• Regional project in APAC with potential travels in specific countries.

Requirements

Responsibilities:

• Assessment of all APAC sites for Industrial IT, Operational Technology (OT) and Industrial Automation and Control Systems (IACS) with aim of delivering low Cyber risk systems
• Plan and manage an audit following the methods defined at program level
• Deliver a risk assessment of each system in accordance with business criticality
• Develop work packages for each system to ensure protection against intentional misuse by sophisticated means with moderate resources, IACS specific knowledge and moderate motivation.
• Propose, in coordination with the Central Industrial Cyber Security team, a remediation plan for identified risks and vulnerabilities
• Develop Key Metrics that will show the maturity of each system for security based on the risk assessment and work packages
• Align with Industrial Cyber Teams to maximize on global standards and capabilities
• Weekly/Monthly Meetings with different stakeholders from local/regional to global teams
• Monthly KPI Dashboard of Risk Status for Each Asset
• Deliver Risk Plans to IM Risk Manager on a Monthly Basis
• Align to Industrial Cyber Teams in Europe and America on a Monthly basis

Competencies:

• Strong knowledge and experience in Operational Technology (OT) and/or Industrial Control Systems (ICS)
• Updated on the latest industry OT security practices and technologies as well as emerging threats and vulnerabilities
• Strong leadership, communication, interpersonal, analytical and problem-solving skills in a fast-moving environment
• Good project management skills and able to work as a team as well as independently
• Fluent in written and spoken English language is a must

Qualifications:

• Bachelor’s degree or Master degree in Information Security System, Computer Science, or relevant IT experience
• Preferably minimum 5 years of experience in Cybersecurity with minimum 3 years of experience in OT/ICS Cybersecurity
• Proven professional experience working with cyber security standards – ISO 27001, IEC 62443, NIST
• Certifications such as GICSP, ISA/IEC 62443 Cybersecurity certificates, ISO2701 Lead Auditor, CISSP, CISA, CISM, etc, are highly desired

Benefits

• Regular team buildings
• 18 leave days / Year
• Health Insurance: GP, Life Insurance, Dental Insurance and Optical insurance
• Annual bonus
• Working hours: from 9am to 6pm, Monday to Friday
• E-learning and certifications paths