The main purpose of the job is to support the engagement Manager/Senior Manager in the delivery of services on delegated client engagement/ projects.
Focus on the delivery of client engagements and shares knowledge and experience with others
Able to produce high quality deliverables and support junior team members.
Specialised Technical Capabilities:
- Supports the Development and Implementation on of Cyber Risk Solutions:
- Possess an understanding of ICS/OT fundamentals, including but not limited to:
- Understanding OT related systems such as; control systems (DCS) and supervisory control & data acquisition (SCADA) systems.
- Understanding of communication protocols common in ICS environments.
- Understanding of Purdue levels
- Understanding of human and environmental safety, and the availability/reliability and security of the operational environment.
- Understanding and Knowledge of leading IT and OT security practices.
- Ability to Familiarity apply relevant standards such as NIST 800-82 and IEC 63443
- Preparation and maintenance of policies, procedures and standards governing the security operations for ICS systems and networks.
- Understanding of operating systems, network/system architecture, and architecture design aligned to engineering design methodologies.
- Aptitude to apply and utitilise security tools and solutions to conduct risk assessment and understanding of the threat landscape on OT systems.
- Ability to learn new tools and techniques to automate manual effort and leverage digital solutions where possible.
- General understanding of Industrial Internet of Things (IIoT) and Cloud services and their security implications in ICS,
- Understanding of OT and IT technology convergence and data interchange techniques, and their associated security techniques; and,
- Understanding of threats to OT/ICS environments and appropriate mitigation techniques.
- Good technical capability and technical certifications would be advantageous
- Certified Information Systems Security Professional (CISSP) [ISC2]
- SABSA (Sherwood Applied Business Security Architecture)
- GICSP (Global Industrial Cybersecurity professional)
- Certified SCADA security Architect – CSSA
- Ability to identify patterns, and analyse and improve processes (business analysis)
- Software development and engineering including DevSecOps: fundamentals and experience
- Project Management including Agile Project Management (SAFE Agile, etc.)
- Excellent communication skills, both written and verbal
- Aptitude for learning new methods, techniques and tools
- Be able to demonstrate learning agility to new and emerging cyber threat
- Consistently delivers high quality work.
- Ability to meet deadlines (reliable and dependable)
- Able to Multi-task
- Proven initiatives in providing guidance to junior members of the project team
- Demonstrates readiness to take decisions
- Displays initiatives and takes accountability for delivery of work
- Assumes manager responsibility on delivery of assignments where required under pressurised circumstances
- Able to work under pressure
- Ability to prioritize competing responsibilities as per their urgency and importance, ability to multi-task on various client engagements
- Relevant Degree, Honours or post graduate diploma, professional qualifications e.g., BSc Engineering (Electrical, mechanical, industrial, computer, electronics), BCom, or B. Ing/Eng or MSc
Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security – examples include:
- CISM (Certified Information Security Manager)
- CISSP (Certified Information Systems Security Professional)
- ISMP (Information Security Management Principles)
- CCSP (Certified Cloud Security Professional)
- Certified Ethical Hacker – EC Council
- ISO27001 Lead Auditor/Implementer Certificate
- SABSA Chartered Security Architect
- (TOGAF) The Open Group Architecture Framework
- Cisco Unity Systems Engineer
- ITIL – IT Infrastructure Library Foundation
- 3+ years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required.
- At least two years of those being exposed to industrial processes and or plant environment
- Demonstrates thorough knowledge and/or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure and/or manufacturing sectors, such as power and utilities, oil & gas, chemical, and consumer products manufacturing.
Possess an understanding of ICS/OT fundamentals, including but not limited to:
- Understanding of Distributed control systems (DCS) and supervisory control & data acquisition (SCADA),
- Manufacturing Execution Systems (MES) and related architectures and components.
- Understanding of Network and communication protocols common in OT/ICS environments.
- Familiarity with Safety Instrumented Systems (SIS)
- Understanding of ICS design considerations with emphasis on human/environmental safety, availability/reliability and security of the operational environment.
- Understanding and Knowledge of leading IT and OT security practices and IT/OT convergence principles and secure data exchange techniques; and,
- Preparation and maintenance of policies, procedures and standards governing operations for ICS systems and networks.