Responsibilities Involve & support all phases in the ICS Cybersecurity (Work Practices) including implementation, deployment and stewardship.Operations & Maintenance - Support regular operations & maintenance stewardship and reporting activities for ICSR systems (i.e., review local operating procedures of BU against the ICSR WPs to ensure alignment, perform access reviews and periodic verification for ICSE, listing and reporting of cyber KPIs etc.)Support and involve in application of discipline design standards, specifications, codes, and appropriate safety/ security criteria.Support and involve in meeting industry standards (IEC 62443, NIST Cybersecurity Framework etc.) and regulatory requirements pertaining to ICS Cybersecurity.Support and involve in implementing cyber secure architecture of controls and safety systems.Support in management and assessment of cybersecurity controls and provide relevant improvement recommendations.Perform data collection and analysis related to ICSR with common database and software data analysis tools. Provide support for appropriate documentation.Support and involve in implementing technologies for ICSR.Support in inventory listing - Support to update BU ICSR inventory list in the WP recommended format, review of available documentation and gathering of informationSupport in assessment of threats to Control Systems (i.e. take inventory of required templates/documents to determine the key components/ equipment for risk assessments, stewarding/ participating in risk assessments, appropriate assignment of risk ratings, identification of Controls for the risk scenario or threat vector, obtain endorsement / approvals from Custodian and/or Business Owner, Perform periodic verifications to ensure that approved risk-reduction controls are in place and functioning for each ICSE zone) and management of security controls and processes.Information and Documentation - Identify and support required updates to documentation related to ICSR (i.e. organize required documents in designated folders (hard and soft), monitor and approve access to ICSR folders/ documentation via IT Help, ensure alignment with end-users on updates, document deviations for ICSR non-compliant systems, document all local operating procedures applicable to ICS environment, obtain endorsement and ensure availability for appropriate BU personnel)Third Party Services - Support the stewardship of controls for third party services (i.e., Document processes or procedures for Third Party Access, maintain/verify controls pertaining to Third Party access and External Connections, collaborate with ENC task force team, perform risk assessments for systems with ICSE External Connections, complete controls catalogs to meet ICSR requirements for external connections and ensure certification, Perform periodic verifications to ensure that approved risk-reduction controls are in place and functioning for each ENC)Personnel and Training - Support training activities for alignment on ICSR (i.e. Provide staff, visitors and guests who may have access to in-scope equipment with a brief training document, Follow Industrial Control Systems Visitor/ Guest ICSR Communication checklist, train BU personnel in performing Risk Assessments/Threat Vector Assessments using ASSET/ Other Tools, if any)Community Awareness and Emergency Preparedness - Support documentation of Cybersecurity Emergency Response Plan (CSERP) and Disaster Recover Plan (DRP), facilitate/ participate in CSERP/ DRP drills/ table-top exercise, document reports, implementation of drill recommendations and update the CSERP/DRP if necessary.Vulnerability Management - Review advisories/ vulnerability notifications pertaining to ICSE in scope equipments, document forward path/ mitigations/ workaround, execute/ plan for implementation.Assessment and Improvement - Support Continuous Improvement activities for ICSR (i.e., Work with ICSR CoE and BU controllers in assisting ICSR UIA and external audits, Review and endorsement of BU's deviations from ICSR v4 requirements, Help BU to close audit gaps and in sustaining closure actions.)
Travel is required to different plant in USA
Work Experience
Responsibilities Involve & support all phases in the ICS Cybersecurity (Work Practices) including implementation, deployment and stewardship.Operations & Maintenance - Support regular operations & maintenance stewardship and reporting activities for ICSR systems (i.e., review local operating procedures of BU against the ICSR WPs to ensure alignment, perform access reviews and periodic verification for ICSE, listing and reporting of cyber KPIs etc.)Support and involve in application of discipline design standards, specifications, codes, and appropriate safety/ security criteria.Support and involve in meeting industry standards (IEC 62443, NIST Cybersecurity Framework etc.) and regulatory requirements pertaining to ICS Cybersecurity.Support and involve in implementing cyber secure architecture of controls and safety systems.Support in management and assessment of cybersecurity controls and provide relevant improvement recommendations.Perform data collection and analysis related to ICSR with common database and software data analysis tools. Provide support for appropriate documentation.Support and involve in implementing technologies for ICSR.Support in inventory listing - Support to update BU ICSR inventory list in the WP recommended format, review of available documentation and gathering of informationSupport in assessment of threats to Control Systems (i.e. take inventory of required templates/documents to determine the key components/ equipment for risk assessments, stewarding/ participating in risk assessments, appropriate assignment of risk ratings, identification of Controls for the risk scenario or threat vector, obtain endorsement / approvals from Custodian and/or Business Owner, Perform periodic verifications to ensure that approved risk-reduction controls are in place and functioning for each ICSE zone) and management of security controls and processes.Information and Documentation - Identify and support required updates to documentation related to ICSR (i.e. organize required documents in designated folders (hard and soft), monitor and approve access to ICSR folders/ documentation via IT Help, ensure alignment with end-users on updates, document deviations for ICSR non-compliant systems, document all local operating procedures applicable to ICS environment, obtain endorsement and ensure availability for appropriate BU personnel)Third Party Services - Support the stewardship of controls for third party services (i.e., Document processes or procedures for Third Party Access, maintain/verify controls pertaining to Third Party access and External Connections, collaborate with ENC task force team, perform risk assessments for systems with ICSE External Connections, complete controls catalogs to meet ICSR requirements for external connections and ensure certification, Perform periodic verifications to ensure that approved risk-reduction controls are in place and functioning for each ENC)Personnel and Training - Support training activities for alignment on ICSR (i.e. Provide staff, visitors and guests who may have access to in-scope equipment with a brief training document, Follow Industrial Control Systems Visitor/ Guest ICSR Communication checklist, train BU personnel in performing Risk Assessments/Threat Vector Assessments using ASSET/ Other Tools, if any)Community Awareness and Emergency Preparedness - Support documentation of Cybersecurity Emergency Response Plan (CSERP) and Disaster Recover Plan (DRP), facilitate/ participate in CSERP/ DRP drills/ table-top exercise, document reports, implementation of drill recommendations and update the CSERP/DRP if necessary.Vulnerability Management - Review advisories/ vulnerability notifications pertaining to ICSE in scope equipments, document forward path/ mitigations/ workaround, execute/ plan for implementation.Assessment and Improvement - Support Continuous Improvement activities for ICSR (i.e., Work with ICSR CoE and BU controllers in assisting ICSR UIA and external audits, Review and endorsement of BU's deviations from ICSR v4 requirements, Help BU to close audit gaps and in sustaining closure actions.)
Travel is required to different plant in USA