Senior Manager IT and OT Assurance Engineering
Posted on Jan 21, 2021 by TechnipFMC
TechnipFMC is a global oil and gas leader, specialized in subsea, onshore, offshore, and surface technologies. Our mission: to enhance the performance of world's energy industry. How we do it: by constantly challenging conventions and investing in our 37 000+ employees, across 48 countries. At TechnipFMC, we aim to offer an inspiring working experience: tackling some of the most complex technical and engineering challenges in the world in collaboration with a truly global team. Senior Manager IT and OT Assurance Engineering The Senior Manager, Control Systems and Digital Security is the leader of the team who will provide TechnipFMC Design, Build, and Test functions for both Information and Digital Services (IDS) and Operating Technologies (OT). They are responsible for the cybersecurity product portfolio, roadmaps and standards; including OT Security, Industrial Automation Controls Systems Security (IACSS), Application Security (AppSec), and Identity and Access Management (IAM). The responsibilities cover the end to end product lifecycle of cybersecurity solutions to include the architecture, design, integration, testing, and operational deployment. Establish Operating Technology (OT) cybersecurity standards and managed services offering to support TechnipFMC products and services for business customers. Establish an AppSec program to support Digital and Application and Product development throughout the development or project lifecycle. Drives the IAM strategy for all types of identities for the digital business inclusive of on premise and cloud solutions. Serves as a domain expert and as a member of the Information and Digital Services (IDS) Enterprise Architecture Team. Manage the Cybersecurity testing and assessment portfolio, processes, and standards. Support the IDS Project Portfolio and provide cybersecurity requirements and validation for all IDS projects. Active in standards and policy creation, new product evaluation, cloud assessments, third party services management, and vendor selection. Additional responsibilities include serving as a member of the Enterprise Cybersecurity team and providing global incident response support as a member of the Cybersecurity Incident Response Team. Responsibilities include: * Develop and maintain cybersecurity architecture and engineering principles for on premise and cloud solutions including the cybersecurity solutions roadmap. * Review and analyze existing enterprise cybersecurity solutions for effectiveness and efficiency and develop strategies for improving or leveraging these systems. * Primary Industrial Automation Controls Systems (IACS) cybersecurity liaison for business product lines containing IACS, manufacturing environments, and vessels. * Develop cybersecurity technology implementation strategies with the business for IACS environments with clear understanding of the differences between IT and OT environments (e.g. Anti-virus on HMIs, application whitelisting, security policies on firewalls, etc.) * Develop an Application Security (AppSec) program to support all application development * Provide application security assurance through developer training, requirements definition, threat modeling, static testing, dynamic testing, penetration testing, and protection technologies. * Manage and coordinate the testing, identification and remediation of vulnerabilities * Works with other security teams identifying emerging threats and develop strategies to mitigate * Guide development of IAM architecture and direct IAM engineering and governance teams * Implementation of the identity management strategies and enterprise solution delivery for Authentication, Provisioning/Deprovisioning, Role Management, Session Management, Password Vaulting, Privileged Account Management, Access Governance, Single Sign On, Adaptive Authentication, Analytics, PKI and Certificate Management, User Experience, and API Management. * Partner with IDS Enterprise Architecture to design and deliver cybersecurity solutions for the enterprise in a highly complex environment with a blend of legacy, cloud and innovation platforms * Support the IT Project Portfolio and provide cybersecurity requirements and architecture oversight. * Develop, improve and implement cybersecurity standards and best practices. * Oversee projects that are assigned to the cybersecurity teams and as directed by the CISO. * Report to the CISO on architecture, assurance, and engineering strategic objectives and operational run metrics, key performance indicators, and outcomes. * Lead a global team across diverse geographical regions and time zones. * Build and lead exceptional teams through collaboration, mentoring and skill training. * Set employee goals and objectives, monitor performance and provide constructive feedback. * Excellent verbal and written communication skills including presenting to business leadership * Prepare, establish, and manage a budget. POSITION REQUIREMENTS: Education Requirements: * Bachelor's Degree in Computer Science or related discipline * Security Certifications required. Examples include ICS-related certification (e.g. SANS GICSP), CISSP, CISM. GSEC a plus Work Experience: * 10+ years Information Security Experience, with a minimum of 3 years in Industrial Automation & Control Systems. * Must have a good understanding of the following security domains: Audit and Monitoring, Risk Response & Recovery, Cryptography, Data Communications, Malicious Code, Computer Operations Security, Telecommunications & Network Security, Security Architecture & Models, Security Management Practices, Investigation & Ethics. * Proven experience with Microsoft O365, Azure Active Directory and Microsoft Azure. * Knowledge of information and industrial control systems security standards (ISO 27001, IEC 62443, NIST Cybersecurity Framework) * Experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS) * Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.) * Proven experience with risk assessment methodologies. * Understanding of cyber threats, vulnerabilities, and exploits specific to ICS (BlackEnergy, IronGate, Havex) * Able to work effectively in a matrix-management environment. * Excellent interpersonal, analytical, organizational, and problem-solving skills. * Understanding of project management knowledge areas. * Advanced oral and written communication skills. Learn more about TechnipFMC Learn more about us and find other open positions at our Career Page. Follow us on LinkedIn for company updates. With a view to keeping all prospective applicants aware about recent developments at TechnipFMC we encourage you to go through TechnipFMC Press Release as well as our website to know more about us. 'As an equal opportunity employer TechnipFMC considers only qualified applicants without regard to color, age, race, ethnicity, sexual orientation, gender expression, disability, national origin, veteran or marital status.'