Hackajob is collaborating with Dominos Pizza UK & Ireland to connect them with exceptional tech professionals for this role.
Job Purpose
The OT Security Engineer - SCC (Supply Chain Centre) will assist in maintaining, monitoring and ensuring continual, measurable improvement of our Information Security Posture and Cyber Risk Profile within our Supply Chain Centre operations across the estate.
They will ensure risks are understood and mitigated within business risk appetite. Reporting into the Information Security Manager - Supply Chain / Supply Chain Director and working alongside UK & Irl factory managers and engineering teams, to ensure fundamental cyber security projects are embedded and security controls are adhered to within OT environments.
Key Responsibilities/Job Tasks
Ensure that daily operations follow best practice and good security hygiene measures across these systems, e.g. by regular checks of reporting systems, influencing the staff who interact with them.
Responsible for the implementation of cyber security projects to build cyber resilience into the OT environment.
Maintain a complete understanding of the SCC IT and OT systems and networks.
Conduct comprehensive vulnerability assessments on OT systems, including PLCs, HMIs, and SCADA environments.
Facilitate ethical penetration testing to identify vulnerabilities and potential attack vectors.
Embed themselves into the SCC team to support alignment of InfoSec strategy to the business strategy.
Collaborate with compliance teams to develop and maintain security policies and procedures. May involve creating bespoke policies and or making suggestions to amend existing policies and users adherence to them.
Assist the Information Security Manager with the development and maintenance of security policies and procedures.
Provide Information Security and Risk Management expertise to all key stakeholders, including undertaking and improving our education and awareness programme for OT personnel.
Promote at all times a culture of security and awareness.
Monitor and analyse security events and logs from OT systems.
Proactively identify threats to our business, working closely with the SCC and OT Manager, to agree and implement appropriate risk mitigation measures.
Investigate and respond to security incidents, containing and mitigating threats in a timely manner.
Provide guidance and support to engineering teams on secure coding practices and secure system design.
Liaise with external consultancies and vendors on a day-to-day basis, as required to support the SCC OT security.
Analyse and document findings, providing detailed reports with risk ratings and recommendations.
Stay updated on the latest cyber security threats and trends affecting OT environments.
The following sections consist mainly of a series of questions related to specific skills/job requirements. You should focus on the role rather than the individual when considering the most appropriate answer and should base the response on what you consider to be the normal features of the job which are typical of the job and its usual working conditions over the year.
SKILLS & JOB REQUIREMENTS (Please Complete Where Applicable)
Strategic Responsibility
As the OT Security Engineer within our supply chain IoT and Operational Technology environments: to help input into Information Security team and the continual improvement processes we strive to implement, as well as the resulting Security Improvement Plan, we aim to deliver. This is done through GAP Analysis work which is key to identifying weaknesses and opportunities to improve, as well as the assessment of new technology stacks such as AI and opportunities for Domino's Pizza Group (DPG) to benefit from them.
Problem solving
Ability to assess and solve complex problems (e.g. managing the identification and containment of a quickly- evolving cyber threat when limited information is known), analysing multiple sources of information to determine the best course of action whilst being in high pressure situations. This skill is particularly critical during a cyber security incident, where time is of the essence and a clear head is needed. Most decisions will be within predefined frameworks, but owing to the nature of OT incidents and the recovery time, non-programmed decisions may need to be made.
Decision making
Cyber security risk, within the SCC's, may have a wider business impact. A level of business-critical decision making is necessary, as an incorrect decision could result in significant business disruption and financial loss to DPG. This skill aligns to the problem-solving qualities and results in sound and decisive actions being taken.
Communication
Effective communication skills are required for this role to articulate both the technical and non-technical aspect of the role. Close working relationships must be forged with multiple stakeholders, from both operational and technical functions within Domino's. As the OT Security Engineer, you will be able to help on incidents in a calm and measured way and communicate effectively with key stakeholders at all levels, including Senior Management.
Innovation
Where there are opportunities to innovate then the OT Security Engineer will be able to. Although this role is aligned to helping keep Domino's safe from cyber-attack, there will be opportunities to help improve processes and implement new ones.
One such example is the use of new and evolving technologies, such as Artificial Intelligence, both to support the business use of such technologies in a secure way, but also to harness the technologies to enhance our security capabilities in innovative ways. Closely working with other IT teams, such as Infrastructure, to deploy new technologies that have a wider business impact.
Please summarise the levels of minimum education, knowledge, skills and experience this position requires (e.g., if you would be recruiting to fill this position, what aspects of background or knowledge would you expect a successful job applicant to have?)
Note: This may differ from the current job holder's own skills and experience
JOB SPECIFICATION
Professional Qualification(s)
Relevant certifications such as, CompTIA Security+, GICSP or CISSP are preferred.
Knowledge
Knowledgeable in both IT and OT (Operational Technology - Manufacturing) environments.
Technical knowledge of OT networks.
Strong understanding of OT and ICS environments.
Strong understanding of cyber security principles and practices.
Experience of implementing security within an OT environment.
5+ years of experience in cyber security engineering.
Experience with industry best practice frameworks e.g. ISA/IEC 62443, NIST, CIS.
Experience in cyber risk reduction / vulnerability management programs for IT/OT environments.
Proficiency in security assessment tools and techniques
Experience with risk assessment and vulnerability management.
Skills/Ability
Strong communication and interpersonal skills.
The ability to build effective working relationships, trusted as a knowledgeable advisor to the business in OT matters.
Ability to manage multiple workloads.
Highly capable of taking responsibility and ownership for individual and team objectives.
Calm, structuredanalytical thinking, especially when working with ambiguities.
Problem-Solving; able to generate solution ideas based on company policies, own experience and the wider industry best practice.
Stakeholder management and engagement; able to gain buy in the InfoSec agenda and influence local practices.
Championing continuous improvement.