Business Information Security Officer

About The Position

Requirements

• Minimum of 7+ years in information security with at least 3 years focused on OT/ICS security or customer-facing solution security in a solutions provider, or managed services context.
• Demonstrated experience conducting security design reviews, architecture assessments, and risk analysis for complex networked environments.
• Working knowledge of OT/ICS security standards and frameworks.
• Familiarity with enterprise IT security frameworks
• Experience managing security documentation programs
• Strong understanding of network security principles; segmentation, DMZ design, firewall policy, remote access, identity and access management.
• Excellent verbal and written communication skills; ability to present security risk to both technical and non-technical audiences.

Nice To Haves

• CISSP, CISM, GICSP or equivalent
• Direct experience with DCS, PLCs, historians or industrial IOT networks
• Experience working alongside regulated industries such as energy/utilities or manufacturing.
• Background in solutions delivery or managed security services
• Experience with security tooling relevant to OT and enterprise environments
• Familiarity with secure remote access solution implementations and designs.

Responsibilities

• Leading the security onboarding process for new OT Systems and customer facing solutions, ensuring all assets are assessed, documented and approved before production deployment.
• Define and enforce security requirements, including network segmentation standards, access control models, and identity management policies for OT and customer solution environments.
• Coordinate with procurement, legal and IT teams to ensure that third party vendors meet security baseline requirements through contract review and vendor risk assessments.
• Own the security documentation library for OT and customer-facing solution domains including network diagrams, network flows, security control matrices, security plans and backup solutions.
• Develop and maintain security standards and procedures specific to OT environments.
• Ensure documentation remains current through periodic review cycles and is aligned with applicable compliance frameworks.
• Collaborate with engineering, operations and product teams to capture security architecture decisions and maintain accurate as -built documentation. Design Review & Architecture Participation
• Participate in architecture design review as a security SME. EQUANS is an equal opportunity employer.
• Review proposed OT system architectures, network designs and customer solution designs for security gaps – providing documented findings and remediation recommendations. Security Review & Risk Assessment
• Lead security reviews for OT network changes, new customer-facing solutions and significant modifications to existing deployments, producing risk assessment reports with prioritized findings.
• Coordinate penetration testing and vulnerability assessments activities scoped to OT and customer solution environments; track findings through remediation.
• Assess and communicate residual risk to business stakeholders and CISO, facilitating informed risk acceptance decisions when appropriate.
• Serve as the security point of contact for customer security questionnaires, audits and third party security assessments related to delivered solutions.