Join us in this role where you’ll be responsible for overseeing and managing the cybersecurity risks associated with Operational Technology (OT) systems within offshore windfarm operation. You will work closely with the Risk Team, key stakeholders, operations, and management to ensure informed decision-making and compliance with relevant regulations and standards.
Welcome to Ørsted Windpower Operations department
You’ll be part of our OT Compliance & Security Team, which is part of OT Digital & Security where you, together with your colleagues, will conduct risk assessments & risk workshops and ensure results are communicated and used across our business. Regularly review and evaluate the cybersecurity risks associated with the OT systems that control wind turbine operations, electrical substations, and other critical infrastructure, ensuring they are aligned with national cybersecurity standards. As a team, we have a culture of learning and improving, we work as a diverse global team with different cultural backgrounds and competencies.
You’ll play an important role in:
* conducting Risk Assessments & Risk Workshops
* facilitate risk committee meetings and drive risk reporting towards key stakeholders
* establishing cybersecurity frameworks, policies, and procedures tailored for offshore wind farm environments to address risks related to industrial control systems (ICS) and SCADA systems etc.
* working closely with OT/IT security and operational technology teams to ensure integration between OT and IT security practices, focusing on the overall protection of critical national infrastructure
* ensuring compliance with national and international cybersecurity regulations and standards and managing the reporting of OT security status to regulatory bodies, Cyber Security Boards and others
* ensuring that cybersecurity risk management practices comply with regulations, standards and industry best practices for offshore.
To succeed in the role, you:
* understand ICs & SCADA/OT architecture
* can implement and take guidance from the IEC 62443, ISO27001 and 27019 series of standards incl. The Purdue Reference Model (ISA-99) and concept models for ICs network segmentation
* have experience with operating and managing ICs & SCADA components (i.e. PLCs, HMIs, RTUs, and auxiliary system like HVAC, LV Systems, UPS etc.)
* understand OT / SCADA & ICs network security and monitoring
* have experience with best practice OT Remote access and vendor management
* appreciate the difference of the risk management disciplines OT vs. IT
o OT: SRP triad (Safety, Reliability, Productivity)
o IT: CIA triad (Confidentiality, Integrity, Availability)
* have experience with relevant legislation (UK NCSC CAF, DE BSI/KRITIS, US NERC-CIP, EU NIS2 and CER) and understanding of how it applies to OT environments and how different authorities audit and inspect across jurisdictions
* have a good understanding of risk management principles, especially in the context of operational technology (OT) and critical infrastructure, with the ability to apply ISO 27005's risk assessment and treatment methods effectively
* can translate cybersecurity risks into business-relevant insights, facilitating risk-informed decision-making at higher management levels, balancing technical needs with business priorities
* have excellent communication skills for engaging with both technical teams and business leaders. You can convey complex risk scenarios in simple, actionable terms to non-technical stakeholders.
Employment in this role may be subject to the successful candidate being able to obtain the required security clearance.
As an applicant or employee, you may request reasonable work and position accommodation or adjustments via accommodation@orsted.com.
#J-18808-Ljbffr