Responsibilities / Tasks
1. Single point of accountability for all aspects of Operational Technology (Production/Shopfloor) Security (scope, quality, pricing, delivery), in alignment with Chief Information Security Officer (CISO)
2. Accountable for identification of legal and customer OT security requirements and assures the definition and implementation of audit-proof policies, processes and guidelines for GEA’s production environments (e. g. IIoT – Industrial Internet of Things, ICS – Industrial Control Systems, SCADA)
3. Responsible for the implementation of OT Security Strategy in synchronization with information security, production and digitalization strategy in the GEA production sites
4. Responsible for the development and continuous standardization, optimization and automation of OT security framework and architecture, incl: threat modelling, data modelling and segregation and secure cloud integration
5. Responsible for the implementation of OT security requirements and security measures in the production environments
6. Responsible for the further development of GEA’s OT Security standards
7. Advising the OT, production and automation departments on the identification and mitigation of risks in those environments
8. Very close interaction with various business areas (global and local production, risk management, compliance and data protection, legal, sales, IT Enterprise Security Architecture as well as automation and product development departments)
9. Share business and customer problems with the production teams and work on improvements
10. Consulting in projects and platforms in the field of OT security and in the protection of production and automation technology
11. Consulting regarding the secure creation, commissioning and operation of OT
12. Documentation, analysis and further development of KPIs for OT Security
13. Contact person for the documentation and processing of security incidents in the production environments
Your Profile / Qualifications
14. Bachelor’s Degree in information technology/ Computer Science / Engineering, Business Administration, or a related technical discipline
15. Deep knowledge in ICS, IIoT, SCADA systems.
16. IT Security Certifications advantageous (e.g., ISA/IEC 62443 Certifications, CISSP: Certified Information Systems Security Professional, ISO 27001 Lead Auditor, CISA: Certified Information Systems Auditor)
17. 5+ years of experience related to IT/OT Security in a similar role related to ICS, IIoT, SCADA
18. Several years related work experience in industrial / OT / manufacturing environment or in IT-Service-Delivery / IT-Operations / IT-Architecture
19. Significant qualities in management and conception as well as operationalization of complex issues in the security environment
20. Proofed Experience in industrial security standards like ISO 62443
21. Experience in automation, Industry 4.0 Operational Technology (OT) and Industrial Control Systems (ICS) (DCS, SCADA, PLC, etc.)
22. Experience in firewall systems and expertise in vulnerability management
23. Knowledge of use and configuration of supplementary IT security architectures (e.g. SIEM, IDS / IPS) and the special requirements of OT systems
24. Knowledge about standard methodologies related to networking and system security (WAN, Routing, Proxy)
25. Experience with network protocols such as TCP, UDP, IPSec, SSL and DNS
26. Experience with patch management for operating systems and applications knowledge about encryption technology
27. Strong interpersonal skills in communication and collaboration
28. Strong communication skills, in English, local language is a plus
29. Structured working methods, analytical thinking
30. Strong analytical ability, business acumen, problem solving skills
31. Initiative, ability to work under pressure in combination with high commitment and organizational talent
32. Capabilities, in financial & Budget ownership