Company Description
SGS is the world’s leading inspection, verification, testing and certification company. SGS is recognized as the global benchmark for quality and integrity. With more than 89,000 employees, SGS operates a network of over 2,600 offices and laboratories around the world.
SGS ECL an Automation Systems Integrator is the newest part of SGS NZ offering process automation, process control, functional safety and Industrial OT cyber security services to its diverse client base. ECL Cyber is a business unit of SGS ECL with a dedicated focus on securing industrial environments.
For more information, see eclcyber.co.nz
Job Description
The role will include:
Investigating industrial control system environments in line with client knowledge-gap requirements
Writing reports including pragmatic ROI recommendations to improve industrial security posture and resilience
Advising changes on the ICS network to strengthen current cybersecurity controls and introduce new controls.
Documentation of existing and proposed security architectures
Implementation, maintenance, and administration of systems to facilitate back-up, recovery, disaster recovery to ensure confidentiality, integrity, and availability as a part of operational excellence.
Supporting incident detection, investigation, management and close out
Project management including estimating, scheduling, and working within project constraints
Supporting the development of management standards (guidelines, policies, and procedures) used to maintain and improve ICS Cyber Security Management
Support and develop ECL Cyber policy, procedure and governance including Industrial Security Assessment templates/procedures, OT IR response documentation, ISMS in line with ISO 27k
Work on industrial facilities including in substations and remote well sites.
Qualifications
A degree-level engineering, networking, or cyber security qualification (e.g. CISSP, CISM, GICSP, GRID)
10+ years’ experience with industrial control systems (ICS), DCS, SCADA, SIS, PLC, and/or;
10+ years’ experience in networking, security and/or sysadmin with some industrial networking expertise
Excellent communication and analytical skills
An understanding of cyber security risks and mitigation for an industrial control network
An understanding of cyber security management as a part of a full framework (e.g. Identify, Protect, Detect, Respond, Recover)
Sound knowledge of networking protocols, cyber security of network traffic and the application of controls via switch and firewall configuration.
The ability to carry out detailed industrial cyber assessments and/or audits to a high quality.
The ability to work in accordance with ECL’s drug and alcohol policy including pre-employment, post incident and/or random drug & alcohol testing
Ability to work independently or as part of a small team interfacing directly with clients