Job Description
Overview / Responsibilities
Have you got what it takes to succeed The following information should be read carefully by all candidates.
Wood Applied Intelligence (AI) is currently recruiting for an experienced automation engineer to join our Cyber / Network and Infrastructure team which focuses on Operational Technology Security and Critical National Infrastructure across the energy, utilities, manufacturing sectors.
Wood AI provides a wide range of solutions leveraging real-time data and automation solutions globally and across multiple industrial markets. As an independent integrator, we provide operational technology (physical and digital) to connect, control and optimise process and manufacturing facilities, as well as supporting other Wood Offices for automation scope, where required.
Whilst this role can be based anywhere in the UK, mobility and travel to customer sites and face to face meetings with colleagues will be expected as required.
Join a culture of innovation , pushing the boundaries of what is possible to seek the best solutions for our clients.
The Cyber Security SME (Subject Matter Expert) will be an integral member of the Cyber / Network and Infrastructure Team providing work within project teams or seconded to clients helping us deliver effective and professional services for a range of varied and high-profile clients.
Responsibilities / Duties
- Develops a comprehensive understanding of the key Regulatory, accepted Industry best practice and standards for Cyber Security activities
- Act as the focal point for Cyber Security remediation project deliverables, that are required to directly address business risk and audit findings
- Support the I&C and IT functions in the development of a Cyber Security management systems framework, Cyber Security policies and procedures
- Lead the development of maintenance management systems and strategies that will support compliance with the Cyber Security management and applicable standards, supporting the continual improvement of assurance related maintenance activities, including status reports and exception process management
- Lead the development & delivery of a Cyber Security competency assurance program
- Plan and directly manage Cyber Security scope within projects, ensure accurate OT equipment inventories, improved inventory identification, effective software back-up management, baseline cyber security technical controls, removable media controls, physical access controls, remote access controls, accurate OT equipment hierarchy diagram
- Lead project scope with obsolescence in critical OT systems and address vulnerabilities in those systems as a result of equipment obsolescence and cyber security threats
- Provide OT system technical support to review equipment specific vulnerability reports, identify and action follow up remedial activities to reduce technical risk, including those associated with making remote and local network security enhancements
- Generate maintenance plans to ensure Cyber Security lifecycle compliance activities by developing and applying appropriate maintenance strategies using engineering standards, policies, procedures and industry best practice guidance
- Lead Cyber Security Risk Assessment (RA) sessions for all OT inventories, ensuring that; all systems are uniquely identified and risk assessed to identify all likely consequences, all systems are categorized using accepted methodology
- Lead the assessment of deviations from standard and develop risk mitigations and exception reports where appropriate
- Conduct routine cyber security reviews and for corporate audit activities, ensuring forward plans are established for identified compliance gaps
- Ensure corporate and regulatory bodies audit findings relating to Cyber Security are followed-up in a timely manner
- Undertake offshore visits to support in the delivery of compliance assurance activities associated with the Cyber Security management systems and to conduct site compliance checks
- Cyber Security focal point in relation to relevant industry and governing bodies as required and directed
- Liaise with peers to co-ordinate cyber security remediation project activities, ensuring a coherent and consistent approach is adopted by all relevant personnel
- Carry out other duties related to the Instrument and Control discipline, including checking design deliverables, and assisting with urgent support when directed by the Engineering Manager
Skills / Qualifications
- Minimum BSc Degree or demonstratable equivalent good level experience
- Compelling experience in Automation and Control Engineering discipline
- Significant progressively more responsible experience; developing expertise in Cyber, and knowledgeable about impacts on other areas
- Security management of industrial control and operational technology systems and applications such as:
- Process control
- SCADA
- Distributed control
- PLCs and RTUs
- Industrial cyber security and data communications
- Electricity transmission and distribution network control
- IoT and Industrial IoT
- Industrial cyber security risk management, architecture and security monitoring
- Security standards relating to the sector, including:
- NCSC NIS Guidance and CAF
- ISO 27001 and ISO 27005
- NERC CIP
- ISA-99/IEC 62443
- NIST CSF
- Experience scoping work, identifying key tasks, packages and developing resourcing / time estimates
- Self-starter, with the ability to operate successfully in a commercial environment
- Thorough knowledge of engineering practices and economic principles, calculation methods, design details, international codes and standards, procedures, and specifications
- Experience of brownfield sites including turnarounds, shutdowns, and commissioning
Company Overview
Wood is a global leader in consulting and engineering, helping to unlock solutions to critical challenges in energy and materials markets. We provide consulting, projects and operations solutions in 60 countries, employing around 35,000 people.
Diversity Statement
We are an equal opportunity employer that recognises the value of a diverse workforce. All suitably qualified applicants will receive consideration for employment on the basis of objective criteria and without regard to the following (which is a non-exhaustive list): race, colour, age, religion, gender, national origin, disability, sexual orientation, gender identity, protected veteran status, or other characteristics in accordance with the relevant governing laws.