In the coming period, the Security Office will need an ICS/OT Security Architect to include activities in the various Business projects and programs..
Within this feature, the architecture and infrastructure of Industrial Control Systems (Scada / DMS/ Dcs / Iiot) is analyzed in the field of cyber security. Next, the ICS/OT proposes security architect (security) architectures that are robust against the cyber risks,which in turn can be implemented by the ICS/OT designers within the company.
The Security Office thus converts the validated Fluvius guidelines of the CISO / DPO into concrete security architectures. Candidates can handle the stretch between theory versus practice,so excellent communication skills are Amust, the ICS/OT security architect acts as the 'security' glue between the different stakeholders.
In addition, this architect should be able to develop ICS/OT Security frameworks based on industry best practices as well as on international standards and standards (such as IEC62443/ISA 99, NIST SP 800-82, Nerc CIP, ...).
Demonstrable experience as an architect in ICT Security solutions - senior 5 years
As a security architect independently drawing up security architectures and testing them for feasibility in both stakeholders and designers.
As the largest distribution system Operator in the Benelux, (cyber) security is high on the Fluvius agenda. Due to the accelerated digitisation in our activities (roll-out digital meters, smart networks, digital customer interaction, ...) there are also many new risks that we need to keep under control. Legally there are also a lot of new requirements, such as GDPR and NIS.
The identification and management of the digital risks are recorded within the Fluvius Security Office by the digital risk manager. These digital risks are translated by the security architects into concrete security architectures, with a balance between risk acceptance and risk mitigation.
- Strong communication skills (written and oral) to communicate with both technical and non-technical target groups.
- have a good personal network where you can go with security challenges that you don't immediately know an answer to
- Demonstrable experience in the energy sector or essential service provider is a plus
- Knowledge of / implementation of security controls in accordance with the ISO/IEC 2700X family
- Demonstrable experience with risk management ISO/IEC27005, experience with Stride is a plus
- Experience of security controls in modern software techniques is a plus : Cloud, BigData, Mobility
- Possession of any security certificates (e.g. Cssa, Gicsp, CISSP, CISM or SABSA) is a plus..
- Language requirement: Dutch language at European CEFR level C2.
- 2nd language : English
- Demonstrable experience in a similar business context (number of users > 5000)
- Being able to work independently
- Team player, the candidates must be able to work well together in a large digital ecosystem. Experience in companies with more than 200 ICT professionals is a plus
- stress resistant
- Demonstrable experience as an architect in ICS/OT Security solutions
- Knowledge and demonstrable experience (designing, commissioning or maintaining) ICS systems: Scada, DMS, Dcs or PLC is required
- Knowledge international standards and standards (such as IEC62443/ISA 99, NIST SP 800-82, Nerc CIP) is required,certification IEC62443/ISA 99 is a plus
- Demonstrable experience supporting or solving problems with industrial protocols such as IEC60850-5-104, IEC61850, TCP, Modbus etc
- Possession of any network certificates (e.g. CCNA, CCNP, ... is a plus..
- Knowledge of NIS legislation is a plus
- Knowledge of Cloud and Iiot is a plus