Join us in this role where you’ll be responsible for overseeing and managing the cybersecurity risks associated with Operational Technology (OT) systems within offshore windfarm operation. You will work closely with the Risk Team, key stakeholders, operations and management to ensure informed decision‑making and compliance with relevant regulations and standards. You’ll be part of our OT Compliance & Security Team, which is part of OT Digital & Security where you, together with your colleagues, conduct risk assessments, risk workshops and communicate results across the business. You regularly review and evaluate cybersecurity risks associated with OT systems that control wind turbine operations, electrical substations and other critical infrastructure, ensuring alignment with national cybersecurity standards.
Responsibilities
* Conduct risk assessments and risk workshops.
* Facilitate risk committee meetings and drive risk reporting to key stakeholders.
* Establish cybersecurity frameworks, policies and procedures tailored for offshore wind farm environments to address risks related to industrial control systems (ICS) and SCADA systems.
* Work closely with OT/IT security and operational technology teams to ensure integration between OT and IT security practices, focusing on protection of critical national infrastructure.
* Ensure compliance with national and international cybersecurity regulations and standards, and manage reporting of OT security status to regulatory bodies and cyber security boards.
* Guarantee that cybersecurity risk management practices comply with regulations, standards and industry best practices for offshore operations.
Qualifications
* Understand the architecture of ICs & SCADA/OT.
* Can implement and take guidance from IEC 62443, ISO 27001 and 27019 series of standards including The Purdue Reference Model (ISA‑99) and concept models for IC network segmentation.
* Have experience operating and managing IC & SCADA components (PLCs, HMIs, RTUs, etc.).
* Understand OT/SCADA & IC network security and monitoring.
* Have experience with best practice OT remote access and vendor management.
* Appreciate the difference of risk management disciplines OT vs IT:
o OT: SRP triad (Safety, Reliability, Productivity)
o IT: CIA triad (Confidentiality, Integrity, Availability)
* Have experience with relevant legislation (UK NCSC CAF, DE BSI/KRITIS, US NERC‑CIP, EU NIS2 and CER) and understand how it applies to OT environments and how authorities audit across jurisdictions.
* Have a strong understanding of risk management principles, especially in the context of OT and critical infrastructure, and can apply ISO 27005 risk assessment and treatment methods effectively.
* Can translate cybersecurity risks into business‑relevant insights, facilitating risk‑informed decision‑making at higher management levels, balancing technical needs with business priorities.
* Have excellent communication skills for engaging with technical teams and business leaders, conveying complex risk scenarios in simple, actionable terms to non‑technical stakeholders.
Additional Information
Employment in this role may be subject to the successful candidate obtaining the required security clearance. We encourage a diverse and inclusive team. To request reasonable work or position accommodations, please contact accommodation@orsted.com.
#J-18808-Ljbffr