Risk Advisory – Cyber Risk- Emerging Technology – Assistant Manager

The main purpose of the job is to support the engagement Manager/Senior Manager in the delivery of services on delegated client engagement/ projects.

Focus on the delivery of client engagements and shares knowledge and experience with others

Able to produce high quality deliverables and support junior team members.

Specialised Technical Capabilities:

  • Supports the Development and Implementation on of Cyber Risk Solutions:
  • Possess an understanding of ICS/OT fundamentals, including but not limited to:
  • Understanding OT related systems such as; control systems (DCS) and supervisory control & data acquisition (SCADA) systems.
  • Understanding of communication protocols common in ICS environments.
  • Understanding of Purdue levels
  • Understanding of human and environmental safety, and the availability/reliability and security of the operational environment.
  • Understanding and Knowledge of leading IT and OT security practices.
  • Ability to Familiarity apply relevant standards such as NIST 800-82 and IEC 63443
  • Preparation and maintenance of policies, procedures and standards governing the security operations for ICS systems and networks.
  • Understanding of operating systems, network/system architecture, and architecture design aligned to engineering design methodologies.
  • Aptitude to apply and utitilise security tools and solutions to conduct risk assessment and understanding of the threat landscape on OT systems.
  • Ability to learn new tools and techniques to automate manual effort and leverage digital solutions where possible.
  • General understanding of Industrial Internet of Things (IIoT) and Cloud services and their security implications in ICS,
  • Understanding of OT and IT technology convergence and data interchange techniques, and their associated security techniques; and,
  • Understanding of threats to OT/ICS environments and appropriate mitigation techniques.
  • Good technical capability and technical certifications would be advantageous
  • Certified Information Systems Security Professional (CISSP) [ISC2]
  • SABSA (Sherwood Applied Business Security Architecture)
  • GICSP (Global Industrial Cybersecurity professional)
  • Certified SCADA security Architect – CSSA
  • Ability to identify patterns, and analyse and improve processes (business analysis)
  • Software development and engineering including DevSecOps: fundamentals and experience
  • Project Management including Agile Project Management (SAFE Agile, etc.)

Behavioural Competencies:

  • Excellent communication skills, both written and verbal
  • Aptitude for learning new methods, techniques and tools
  • Be able to demonstrate learning agility to new and emerging cyber threat
  • Consistently delivers high quality work.
  • Ability to meet deadlines (reliable and dependable)
  • Able to Multi-task
  • Proven initiatives in providing guidance to junior members of the project team
  • Demonstrates readiness to take decisions
  • Displays initiatives and takes accountability for delivery of work
  • Assumes manager responsibility on delivery of assignments where required under pressurised circumstances
  • Able to work under pressure
  • Ability to prioritize competing responsibilities as per their urgency and importance, ability to multi-task on various client engagements

Qualifications

Minimum qualifications:

  • Relevant Degree, Honours or post graduate diploma, professional qualifications e.g., BSc Engineering (Electrical, mechanical, industrial, computer, electronics), BCom, or B. Ing/Eng or MSc

Desired qualifications:

Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security – examples include:

  • CISM (Certified Information Security Manager)
  • CISSP (Certified Information Systems Security Professional)
  • ISMP (Information Security Management Principles)
  • CCSP (Certified Cloud Security Professional)
  • Certified Ethical Hacker – EC Council
  • ISO27001 Lead Auditor/Implementer Certificate
  • SABSA Chartered Security Architect
  • (TOGAF) The Open Group Architecture Framework
  • Cisco Unity Systems Engineer
  • ITIL – IT Infrastructure Library Foundation

Experience:

  • 3+ years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required.
  • At least two years of those being exposed to industrial processes and or plant environment
  • Demonstrates thorough knowledge and/or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure and/or manufacturing sectors, such as power and utilities, oil & gas, chemical, and consumer products manufacturing.

Possess an understanding of ICS/OT fundamentals, including but not limited to:

  • Understanding of Distributed control systems (DCS) and supervisory control & data acquisition (SCADA),
  • Manufacturing Execution Systems (MES) and related architectures and components.
  • Understanding of Network and communication protocols common in OT/ICS environments.
  • Familiarity with Safety Instrumented Systems (SIS)
  • Understanding of ICS design considerations with emphasis on human/environmental safety, availability/reliability and security of the operational environment.
  • Understanding and Knowledge of leading IT and OT security practices and IT/OT convergence principles and secure data exchange techniques; and,
  • Preparation and maintenance of policies, procedures and standards governing operations for ICS systems and networks.

Other Opportunities You Might Like:

About PRINCE SACKEY

Check Also

Engineering Manager, Site Reliability Engineering (Service Operations)

As Engineering Manager, you will be responsible for supporting the engineers developing our infrastructure platform …