OT Cyber Manager

BAT is evolving at pace into a global multi-category business. We are on a mission to decrease the health impact of our industry.
To achieve our ambition, we are looking for colleagues who are ready to Be The Change. Come, join us on this journey!

JOB TITLE: OT Cyber Manager

FUNCTION: DBS

SUB FUNCTION:  Cyber Resilience Team

CITY & COUNTRY: Global – Warshaw Poland

What are the key objectives and expectations from this role?  

Reporting to the Director DBS OT Security and partnering with the broader Digital Business Solutions (DBS) organization. The Security architect is knowledgeable of IT standards including ISO 27001 as well as leading OT Security frameworks to include IEC 62443 and NIST CSF and leading products used in OT Security solutions. The Security Engineer is responsible for designing, coordinating, implementing IT/OT/IoT security services with defined deliverables to fulfill contract commitments to the highest degree of value. This requires an innovative mindset coupled with thought leadership to drive quality of IT/OT/IoT offerings across all different verticals and geographies. Strong presentation, communication and influencing skills. In this role you are responsible for delivering value through quality deliverables of the IT/OT/IoT security services portfolio to enable the Cybersecurity organization to achieve best-in-class protection.

You will provide subject matter expertise:

• In developing IT/OT/IoT cybersecurity solutions for industrial industry 3+ years Previous experience assessing against standards and frameworks (i.e., IEC-62243/ISA-99, ISA-95, NIST SP 800-82 R2, NIST CSF, NERC CIP, ISO 27001/2700, FDA CGMP.)
• Understanding Industry Control Systems (technologies and/or environments. Examples include SCADA, DCS, RTUs, IACS, PLCs, HMIs, Engineering Workstations, Historians, etc.)
• Designing and deploying network security solutions and controls in industrial and corporate networks, (I.e. network zoning, remote connectivity, Industrial IDS/IPS, segmentation and isolation designs and implementation)
• Identifying what the status of security posture, i.e. what are the gaps and what needs to be done to improve or maintain the current level of maturity.
• Maintaining the system and security requirements for such solutions and working with solutions architects to refine the detailed cyber security designs.
• Configuring and upgrading/patching of these solutions, as well as identifying ongoing Continuous Improvements.

What is the direct impact of this role on the team or organization?

• Experience in industrial environments in a professional services firm in a security consulting role.
• Experience working with, protecting and administering critical industrial network infrastructures, with demonstrable experience working with automation vendors such as ABB, Siemens, Rockwell, Beckhoff, Honeywell, Foxboro, Emerson, Yokogawa etc.
• Experience working with firewalls such as Fortinet, Cisco, Palo Alto, Juniper
• Architecture Design: Develop and design secure architectures for IT and OT systems, networks, and industrial control systems (ICS). This includes identifying security requirements, integrating security controls, and aligning with industry best practices and standards.
• Risk Assessment and Mitigation: Conduct risk assessments specific to OT environments to identify potential threats, vulnerabilities, and risks. Develop and implement strategies to mitigate these risks and ensure the security of critical infrastructure.
• Security Controls Implementation: Define and deploy security controls and measures to protect OT systems and infrastructure. This includes access controls, network segmentation, intrusion detection and prevention systems (IDPS), firewalls, and secure communication protocols.
• Security Standards and Compliance: Ensure compliance with relevant security standards and regulations specific to OT, such as NIST SP 800-82, IEC 62443, or other industry-specific guidelines. Stay updated with evolving compliance requirements and ensure alignment with organizational policies and procedures.
• Incident Response and Management: Develop incident response plans and procedures including OT environments. Coordinate and lead incident response efforts during security incidents, including containment, investigation, recovery, and lessons learned.
• Collaboration and Communication: Collaborate with cross-functional teams, including OT engineers, IT teams, and operational staff, to integrate security measures into OT systems. Communicate complex security concepts and requirements effectively to technical and non-technical stakeholders.
• Technology Evaluation and Selection: Evaluate and select appropriate security technologies, solutions, and vendors for OT environments. Stay informed about emerging security technologies and assess their applicability and effectiveness in OT settings.
• Experience working directly in an industrial environment is a plus.
• Serve as a subject matter expert and trusted advisor on assessing, designing, and delivering OT/IoT client solution strategies based on knowledge of the industry, OT/IoT leading practices, and the client's business.
• Conduct comprehensive security program analysis and provide expert recommendations that result in the development of an OT/IoT security plan and roadmap.
• Self-motivated and results focused; ability to strengthen the team and its mission.

ESSENTIAL

Experience Required

• Experience in industrial environments in a professional services firm in a security consulting role.
• Experience working with, protecting and administering critical industrial network infrastructures, with demonstrable experience working with automation vendors such as ABB, Siemens, Rockwell, Beckhoff, Honeywell, Foxboro, Emerson, Yokogawa etc.
• Experience working directly in an industrial environment is a plus.
• Serve as a subject matter expert and trusted advisor on assessing, designing, and delivering OT/IoT client solution strategies based on knowledge of the industry, OT/IoT leading practices, and the client's business.
• Conduct comprehensive security program analysis and provide expert recommendations that result in the development of an OT/IoT security plan and roadmap.
• Self-motivated and results focused; ability to strengthen the team and its mission.

Technical / Functional / Leadership Skills Required

• In-depth understanding of industrial control systems (ICS), SCADA (Supervisory Control and Data Acquisition) systems, and other OT environments. Knowledge of protocols commonly used in OT, such as Modbus, DNP3, OPC, and Profibus.
• Familiarity with the convergence of IT and OT environments and the unique security challenges that arise from integrating IT systems with industrial control systems.
• Knowledge of industry-specific security standards and guidelines for OT, such as IEC 62443, NIST SP 800-82, and ISA/IEC 62443 series. Understanding how to apply these standards in practical OT security architectures.
• Ability to conduct risk assessments and analyze potential threats and vulnerabilities specific to OT environments. Skill in developing risk mitigation strategies and prioritizing security controls to address identified risks.
• Expertise in designing secure OT architectures, including network segmentation, secure communication channels, and access controls for critical assets. Ability to integrate security controls into existing OT infrastructure.
• Strong knowledge of network security principles and techniques, including firewalls, intrusion detection and prevention systems (IDPS), virtual private networks (VPNs), and secure remote access. Understanding how to apply these concepts to OT networks.

Education / Qualifications / Certifications Required

• Degree or equivalent in Computer Science

BENEFICIAL

• Certified Information Systems Security Professional (CISSP)

• Scaled Agile Framework (SAFe 5 or higher)

QUALIFYING QUESTIONS FOR APPLICANTS

• Can you describe your experience in securing operational technology environments, such as industrial control systems (ICS) or SCADA (Supervisory Control and Data Acquisition) systems? What industries or sectors have you worked in?
• What are the key differences between securing IT (Information Technology) and OT environments? How do you adapt security practices and controls for OT systems?
• Can you explain the specific security challenges and risks associated with OT environments? How do you address these challenges in your security architecture designs?
• Have you worked with firewalls or complex IPS solutions? Which solutions?

What we offer you?
•    We offer a market leading annual performance bonus (subject to eligibility)
•    Our range of benefits varies by country and includes diverse health plans, initiatives for work-life balance, transportation support, and a flexible holiday plan with additional incentives
•    Your journey with us isn't limited by boundaries; it's propelled by your aspirations. Join us at BAT and become a part of an environment that thrives on internal advancement, where your career progression isn't just a statement – it's a reality we're eager to build together. Seize the opportunity and own your development; your next chapter starts here.
•    You'll have access to online learning platforms and personalized growth programs to nurture your leadership skills
•    We prioritise continuous improvement within a transformative environment, preparing for ongoing changes

WHY JOIN BAT?
We’re one of the few companies named as a Global Top Employer by the Top Employers Institute – certified in offering excellent employee conditions.

Collaboration, inclusion and partnership underpin everything we do here at BAT. We are looking forward to enabling every individual to thrive, regardless of gender, sexual orientation, marital or civil partnership status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability, age, skills, experience, education, socio-economic and professional background, veteran status, perspectives and thinking styles. We know that embracing talent from all backgrounds is what makes us stronger and best prepared to meet our business goals.

We see the career breaks as opportunities not obstacles. Through The Global Returners program, we support professionals looking to restart their careers after an extended absence from the workforce (e.g. time out caring for family, parental leave, national service, sabbatical and/or starting an own venture).

Come bring your difference and see what is possible for you at BAT. Learn more about our culture and our award winning employee experience here.

If you require any reasonable adjustments or accommodations to help you perform at your best during the recruitment process, you are encouraged to notify us. We are fully committed to support you by making appropriate arrangements for you to demonstrate your full potential.