My good friend Dave Tyson -- CISO at SC Johnson -- has asked me to pass along his current opening for someone to help with his industrial control systems (ICS) security. The job posting is below.
If you are interested or you are aware of another qualified candidate, feel free to contact Dave with a resume at dntyson@scj.com.
If you are interested or you are aware of another qualified candidate, feel free to contact Dave with a resume at dntyson@scj.com.
### - ###
Industrial Control System Security Lead
Global Information Security Team
Reporting to the Leader,
Global Information Security Business Advisory (GISBA) the lead for the Global
Product Supply (GPS) Information Security program is responsible for developing
and managing the GPS Information
Security program.
This leader will own and
drive the global rollout of a more robust and formal approach to managing information
security risk in the GPS environment. The structure of the program will be based
on the goals, principles and strategy of the overall Global Information
Security Enterprise Security Strategy at SCJ. At its core, this program will ensure
appropriate security management while driving breakthrough performance in
governing business appropriate risk to data and systems. The GPS security lead
will optimize team processes to ensure efficient and effective delivery of
services in a 24x7 ‘follow the sun’ operating model.
Position Overview:
We are seeking a professional with a deep background of Industrial Control Systems Cyber Security Engineering and Architecture. The candidate is expected to be a visionary technologist and demonstrate a combination of leadership, technical and program management skills. The successful candidate will lead both current security enhancement programs as well as the development of a sustainability effort to build a globally sustainable information security program.
We are seeking a professional with a deep background of Industrial Control Systems Cyber Security Engineering and Architecture. The candidate is expected to be a visionary technologist and demonstrate a combination of leadership, technical and program management skills. The successful candidate will lead both current security enhancement programs as well as the development of a sustainability effort to build a globally sustainable information security program.
Responsibilities:
·
Identify new technologies, processes and
programs to enhance security, reliability and customer experience.
·
Identify operational issues and define design
alternatives to address these issues.
·
Act as a technical advisor and subject matter
expert to internal stakeholders and partners
·
Coordinate with the Global Information Security
Operations team for malware analysis, and testing of remediation processes.
·
Perform detailed and technical analysis of ICS
and help integrate cyber security solutions worldwide.
·
Maintain a superior knowledge of the cyber
security capabilities of operating systems, networking devices, control
systems, and vendor offerings.
·
Maintain a working knowledge of applicable
cyber security standards involving critical infrastructure, including those
relating to process networks
·
Understand technical issues and the
implications to the business, and be able to communicate them to management and
other business leaders.
Capabilities:
·
Ability to effectively work in a matrix
management environment
·
Strong communication and presentation skills
·
The ability to lead large groups and be a
primary facilitator
·
Strong written skills
·
Comfortable working in a project based /
client serving model
·
Ability to lead and shape client expectations
·
Help drive pursuits and engage in complex
deals, matching outcomes to expectations
·
Ability to work easily with diverse and
dynamic teams
·
Ability to work in a matrix management model
·
Readiness to travel 25-50% initially
·
Experience in working international organizations
roles
Qualifications:
·
7-10+ years recent experience in large
enterprise environment
·
Demonstrated experience with implementing and
maintaining security in large, complex Industrial Control System environments,
etc.)
·
Experience with securing SCADA, PLC, and HMI
systems, etc.
·
Strong networking background with minimum 3
years of networking experience; and routing, switching, network security and
packet analysis
·
Experience in the capabilities and/or
configuration of cyber security controls, specifically those relating to
firewalls, access control, authentication, anti-virus/anti-malware, patching
and hotfix, logging and SIEM.
·
Ability to train, manage and assist co-workers
on all aspects of security awareness, controls and compliance
·
Superior written, presentation, and verbal
communication skills
·
Exceptional organizational, interpersonal and
team skills
·
Ownership orientation to solving problems
·
Information security and data protection
skills are desired
·
Experience managing and leading
·
Ability to pass a detailed security background
screening
·
Education – Bachelor’s degree or equivalent
education and experience
·
Professional Certification – CISSP, CPP or
equivalent will be considered advantageous
