Description:
ESB is a purpose led company striving to create a brighter future for the customers and communities we serve, leading the transition to reliable, affordable, low-carbon energy. Today, we operate one of the most progressive electricity systems in the world, with activities spanning electricity generation, transmission, distribution and supply in Ireland, Northern Ireland and Great Britain, and an international energy consulting business.
With almost 8,000 employees we invested €1bn in infrastructure last year, contributed over €2bn to the economies we operate in and distributed over €2m across a range of community initiatives. This requires us to bring the best of our capabilities together to deliver innovative and value-driven solutions that enable our customers to live low-carbon lives. ESB strives to foster an effective and inclusive culture where people engage, challenge and feel connected to our purpose, colleagues, customers and community.
Key Responsibilities
- Assist the C&I Manager and Team with the setting and implementation of OT Security policy and OT security governance.
- As a subject matter expert in OT and OT Cybersecurity, lead and co-ordinate direct reports, other C&I team members, generation, and corporate stakeholders by ensuring security in design.
- Carry out, monitor, and improve the cybersecurity processes and controls in place within the control system network, to facilitate NIS Directive compliance in alignment with the overall business risk management framework.
- Coordinate with the Generation management, Generation O&M, OT teams, Corporate IT Security teams and OEMs to ensure processes and technical solutions meet cybersecurity requirements.
- Play a leading role in increasing the OT Cybersecurity awareness and competence in the team, generation, and other key stakeholders.
- Carrying out OT cybersecurity risk assessments for new and existing control systems.
- Review and stay current on NCSC NIS Directive regulations (ROI), NCSC CAF (UK) and industry cybersecurity trends.
- Help identify potential NIS Directive compliance gaps in installed or proposed OT infrastructure and create procedures and templates to establish mitigation plans.
- Support interactions with internal assessment, audit and external regulatory bodies during audits or other required meetings.
- Preparation of documentation, in support of audits and compliance to Corporate and/or NIS Directive requirements.
- Assist with system upgrades and ongoing maintenance including patches and security configurations.
- Collaborate closely with internal teams and OEMs on cybersecurity issues, cyber security improvement initiatives, to complete reviews, vulnerability assessments, mitigations & other various cybersecurity related activates as needed.
- Identify emerging OT security threats, conducting risk assessments, identify vulnerabilities and establishing how best to mitigate the associated risks.
- Perform ongoing monitoring to ensure systems cybersecurity compliance with minimal effect on processes and technology.
- Develop, implement, and maintain incident runbooks and DR plans.
- Drive a remediation program to implement mitigation plans.
- Develop status reports and metrics to provide visibility on overall cybersecurity posture and NIS Directive compliance status.
- Flexibility and working knowledge across different generation asset types and C&I technologies.
- Regular interaction locally on generation sites with O&M teams developing in depth familiarisation with OT infrastructure and interfaces with corporate infrastructure, or OEMs.
Knowledge, Skills and Experience
Essential
- Have a minimum of 7 years’ relevant working experience and shall hold a Senior OT role in the generation sector or a comparable industry with OT Cybersecurity.
- Significant experience of power plant operations and maintenance technologies, systems, procedures, and practices.
- Knowledge and experience working with regulatory or industry standards, frameworks, directives, NIST, IEC62443, NIS Directive, ISO 27001.
- Excellent analytical and problem-solving skills.
- Ability to work independently and in a team environment to pinpoint root causes and devise solutions with minimal oversight
- Ability to coordinate multi assignments and manage deadlines.
- Experience in cyber security concepts, delivery and management of solutions gained from working within an Operational Technology environment.
- Demonstrated internal and external stakeholder management and project/scope co-ordination involving multiple ESB business units, contractors or third parties.
- Self-motivated individual with drive to professionally develop self and others.
- Knowledge of IT infrastructure as relevant to Industrial Control Systems and the interfaces with other plant systems, third party systems or corporate networks.
- Ability to make quality decisions and judgements.
- Well versed with Health, Safety and Environment Standards and procedures, including Risk Assessment and Method Statement.
- Full clean driving license and flexibility to travel nationally and internationally.