Friday, December 27, 2013

Job Opportunity - Industrial Control System Security Lead

My good friend Dave Tyson -- CISO at SC Johnson -- has asked me to pass along his current opening for someone to help with his industrial control systems (ICS) security.  The job posting is below.

If you are interested or you are aware of another qualified candidate, feel free to contact Dave with a resume at

### - ###

Industrial Control System Security Lead 

Global Information Security Team

Reporting to the Leader, Global Information Security Business Advisory (GISBA) the lead for the Global Product Supply (GPS) Information Security program is responsible for developing and managing the GPS Information Security program. 
This leader will own and drive the global rollout of a more robust and formal approach to managing information security risk in the GPS environment. The structure of the program will be based on the goals, principles and strategy of the overall Global Information Security Enterprise Security Strategy at SCJ. At its core, this program will ensure appropriate security management while driving breakthrough performance in governing business appropriate risk to data and systems. The GPS security lead will optimize team processes to ensure efficient and effective delivery of services in a 24x7 ‘follow the sun’ operating model.
Position Overview:

We are seeking a professional with a deep background of Industrial Control Systems Cyber Security Engineering and Architecture. The candidate is expected to be a visionary technologist and demonstrate a combination of leadership, technical and program management skills. The successful candidate will lead both current security enhancement programs as well as the development of a sustainability effort to build a globally sustainable information security program.
·         Identify new technologies, processes and programs to enhance security, reliability and customer experience.
·         Identify operational issues and define design alternatives to address these issues.
·         Act as a technical advisor and subject matter expert to internal stakeholders and partners
·         Coordinate with the Global Information Security Operations team for malware analysis, and testing of remediation processes.
·         Perform detailed and technical analysis of ICS and help integrate cyber security solutions worldwide.
·         Maintain a superior knowledge of the cyber security capabilities of operating systems, networking devices, control systems, and vendor offerings.
·         Maintain a working knowledge of applicable cyber security standards involving critical infrastructure, including those relating to process networks
·         Understand technical issues and the implications to the business, and be able to communicate them to management and other business leaders.
   ·         Ability to effectively work in a matrix management environment
·         Strong communication and presentation skills
·         The ability to lead large groups and be a primary facilitator
·         Strong written skills
·         Comfortable working in a project based / client serving model
·         Ability to lead and shape client expectations
·         Help drive pursuits and engage in complex deals, matching outcomes to expectations
·         Ability to work easily with diverse and dynamic teams
·         Ability to work in a matrix management model
·         Readiness to travel 25-50% initially
·         Experience in working international organizations roles
·         7-10+ years recent experience in large enterprise environment
·         Demonstrated experience with implementing and maintaining security in large, complex Industrial Control System environments, etc.)
·         Experience with securing SCADA, PLC, and HMI systems, etc.
·         Strong networking background with minimum 3 years of networking experience; and routing, switching, network security and packet analysis
·         Experience in the capabilities and/or configuration of cyber security controls, specifically those relating to firewalls, access control, authentication, anti-virus/anti-malware, patching and hotfix, logging and SIEM.
·         Ability to train, manage and assist co-workers on all aspects of security awareness, controls and compliance
·         Superior written, presentation, and verbal communication skills
·         Exceptional organizational, interpersonal and team skills
·         Ownership orientation to solving problems
·         Information security and data protection skills are desired
·         Experience managing and leading
·         Ability to pass a detailed security background screening
·         Education – Bachelor’s degree or equivalent education and experience
·         Professional Certification – CISSP, CPP or equivalent will be considered advantageous