This position is part of a job family (IT Cybersecurity Analyst/Senior IT Cybersecurity Analyst) where experience is the determining factor in placement.
Job Summary
As the Operational Technology (OT) Cybersecurity subject matter expert (SME), you will be a liaison between the IT Cybersecurity Team and stakeholders within the Power Generation, Electrical and Gas Distribution Asset Management businesses. You will assist business areas to maintain WEC Energy Group's overall OT cybersecurity architecture, governance, policy and processes, and contribute to the roadmap for enterprise level systems. In addition, you are responsible for providing leadership in the OT enterprise cybersecurity tools and vendor evaluation process, and conducting periodic assurance reviews to ensure designs are implemented to the agreed OT cybersecurity architecture.
Job Responsibilities
Domain-focused Architecture Oversight, Planning, and Enablement
- Maintain a view of the company's overall cybersecurity architecture, to ensure appropriate OT domain coverage of security capabilities and identify potential gaps for remediation
- Collaborate with business units to develop, implement, and maintain system architectures that support OT cybersecurity policies & standards using actionable control lists, implementation guidelines, and required levels of protection that align with enterprise level control framework while prioritizing the system criticality
- Collaborate with the Governance Risk and Compliance principal to evaluate OT security enterprise tools exception requests, measures, metrics, architecture exception requests and develop & track mitigation plans for the resolution of risk
- Develop strategic plans and OT architecture/process requirements based on emerging OT risks and trends
Domain-focused Security Systems & Tools
- Collaborate with the security team leads to leverage standardized OT level security systems and tools across system architectures
- Advise OT domain specific business divisions and local business entities on OT cybersecurity vendor and tools selection, with emphasis on ensuring that tools address OT specific business entity requirements and maximize reusability
- Develop action (project) plans for OT enterprise systems, aligned to Enterprise Security and Compliance strategy and enterprise security roadmap
Minimum Qualifications
- Bachelor's degree in computer science, computer engineering, software engineering, information technology, computer information systems, MIS, or engineering is preferred. A combination of associate degree, military or professional cybersecurity experience and cybersecurity certification will be considered.
- 2+ years OT cybersecurity architecture design and strategy experience
Preferred Qualifications
- Certified Information System Security Professional (CISSP) certification
- Global Industrial Cybersecurity Professional (GICSP) certification
- Certified SCADA Security Architect (CSSA) certification
- Experience in OT cybersecurity architecture design and strategy within the Power Generation, Gas and Electric business (specifically Industrial Control Systems)
- Ability to lead and execute the OT cybersecurity strategy for OT business areas
- In-depth knowledge of OT cybersecurity architecture that support various components of NIST cybersecurity framework capabilities, such as cybersecurity engineering, vulnerability management, identity management, threat intel, prediction and detection, as well as response and recovery
- Expertise with OT domain specific cybersecurity vendors and tools, security evaluation processes and assessing risk & developing mitigation plans
WEC Energy Group
Wisconsin United States
www.wecenergygroup.com/
