Previous Job
Previous
ICS Security Manager
Ref No.: 17-03158
Location: Houston, Texas
Position Type:Direct Placement
Experience Level: 8 Years
Start Date: 08/09/2017
Paladin Consulting is currently hiring a ICS Security Manager to join our team working onsite at our client's office located in Houston.
ICS Security Manager
Summary of Position:
The IT/OT Security Manager will report to the Director of Operations Applications / ICS. The position is key in providing business continuity to the Business systems and the offshore industrial control systems. The position will be based out of the Houston office, but some offshore travels is to be expected. The IT/OT Security manager will be responsible for driving the Company security roadmap to fruition while keeping up with the daily threats the company could be facing.

Duties & Responsibilities (shall include but not be limited to):
  • IT
    • Responsible for the architecture, design, and best practice implementation, configuration and maintenance of Information Security systems.
    • Maintain awareness of existing and proposed laws and regulations, industry practices or standards, security trends, and advise the organization on security issues affecting the company in a timely and effective manner.
    • Ensure log aggregation controls are in place for security tools, servers and critical applications.
    • Provide expertise in vulnerability analysis, management and remediation.
    • Lead security event analysis and intrusion detection response – triage, incident analysis, forensics and remediation.
    • Work with application, system and information owners to ensure adequate security controls are in place for critical systems, servers and applications.
    • Conduct security awareness training, and assist with the publication of security awareness bulletins and advisories.
    • Maintain and enforce security policies and procedures.
    • Responsible for the delivery of IT security standards, best practice implementation and systems to ensure information system security across the enterprise.
    • Provide security guidance for IT projects, including the evaluation and recommendation of technical controls.
    • Ensure that security programs follow applicable laws, regulations and policies to minimize or eliminate risk and audit findings.
    • Ensuring adherence to methodology, change control and compliance requirements.
    • Maintain and enforce security policies and procedures.
    • Develop and implement best practices and other process improvement initiatives.
  • OT
    • Manages the development and delivery of ICS security standards, best practices, architecture and systems to ensure ICS cybersecurity across all control system environments and domains.
    • Work with vendors to address security vulnerabilities, adhere with security best practices, and adhere to Rowan policies and procedures.
    • Develop, implement and monitor a strategic, comprehensive ICS cybersecurity and risk management program to ensure the availability, integrity, and confidentiality of industrial control systems and supporting cyber systems that directly impact health, safety, environment, and production within offshore operations.
    • Create, manage, and deliver ICS security awareness training programs to rig personnel, contractors and applicable operations teams.
    • Develop and document procedures for ICS security program components to include incident response, security monitoring, risk and vulnerability identification, system hardening, and secure configurations.
    • Maintains awareness of the security landscape, emerging threats, and vulnerabilities, and advises the organization on security issues affecting the company in a timely and effective manner.
    • Conducts ICS security assessments to identify risks and gaps, and provides recommendations for risk mitigation.
    • Work with operations, engineering, ICS, and IT departments to ensure adequate security controls are in place for systems and software in Process Information Networks (PIN) and Process Control Networks(PCN).
    • Work with operations, engineering, ICS, and IT departments to respond and comply with all ICS-related security audits
    • Perform security assessments on all new or proposed software and hardware solutions.
    • This includes Cloud storage providers, interface applications, and data storage and forwarding platforms for the ICS data project.
    • Assume primary responsibility for ICS security organization including hiring, training, staff development, performance management and annual compensation review.
    • Technical lead for all ICS-related security events and incidents.
    • Performs periodic network, domain, system, and architecture reviews to identify vulnerabilities and process improvement opportunities. (This includes remote access architecture for PCN support functions).
    • Responsible for the secure architecture, design and best practice implementation, configuration and maintenance of security solutions that protect ICS networks and systems against known and unknown threats.
    • Provide security awareness and training to rig personnel and operations teams.
    • Develop and document procedures for ICS security program components to include incident response, security monitoring, risk and vulnerability identification, system hardening, and secure configurations.
    • Keeps up to date with the security landscape, emerging threats, and vulnerabilities, and recommends measures to assess and mitigate security risk.
    • Work with ICS team to ensure adequate security controls are in place for systems and software in Process Information Networks (PIN) and Process Control Networks(PCN).
    • Maintain and enforce ICS Security policy.
    • Provide security requirements, guidance, and approval for ICS-related projects and procurement, including the evaluation, design, and recommendation of technical controls.
    • Actively participate in various committee meetings to provide input into policy, standard, and RFIs that drive requirements that could significantly impact Rowan, specifically within control system environments. (API, IADC, ISA, NOSAC, Infragard, CySec for Control Systems)
Qualifications/ Skills & Experience:
  • 8+ years of cybersecurity experience
  • 4+ years of industrial control systems security experience
  • GICSP Certification (preferred)
  • CISSP Certification (bonus)
  • Hands-on experience with operational technologies including programmable logic controllers (PLCs), remote terminal units (RTUs), and supervisory control and data acquisition (SCADA) systems.
  • In-depth understanding of industrial networks and corresponding protocols (e.g. Industrial Ethernet, Modbus, S7, Profinet, OPC UA).
  • Experience implementing security technologies and controls in control system environments.
  • Understanding of threats to ICS.
  • Understanding of operational impacts and risk in control and automation systems environments
  • Understanding of differences between IT and OT environments.
  • In-depth knowledge of ICS Security standards and guidelines (NIST CSF, ISA/IEC-62443, NIST SP 800-82)


We work with companies that offer environments for our employees to contribute, learn, and advance their career. We treat you like you are part of the family.

Job Title: ICS Security Manager
Work Location: Houston, TX
Duration: Direct Hire / Full Time
Education/Experience Required:

Job Description & Responsibilities:
  • IT
    • Responsible for the architecture, design, and best practice implementation, configuration and maintenance of Information Security systems.
    • Maintain awareness of existing and proposed laws and regulations, industry practices or standards, security trends, and advise the organization on security issues affecting the company in a timely and effective manner.
    • Ensure log aggregation controls are in place for security tools, servers and critical applications.
    • Provide expertise in vulnerability analysis, management and remediation.
    • Lead security event analysis and intrusion detection response – triage, incident analysis, forensics and remediation.
    • Work with application, system and information owners to ensure adequate security controls are in place for critical systems, servers and applications.
    • Conduct security awareness training, and assist with the publication of security awareness bulletins and advisories.
    • Maintain and enforce security policies and procedures.
    • Responsible for the delivery of IT security standards, best practice implementation and systems to ensure information system security across the enterprise.
    • Provide security guidance for IT projects, including the evaluation and recommendation of technical controls.
    • Ensure that security programs follow applicable laws, regulations and policies to minimize or eliminate risk and audit findings.
    • Ensuring adherence to methodology, change control and compliance requirements.
    • Maintain and enforce security policies and procedures.
    • Develop and implement best practices and other process improvement initiatives.
  • OT
    • Manages the development and delivery of ICS security standards, best practices, architecture and systems to ensure ICS cybersecurity across all control system environments and domains.
    • Work with vendors to address security vulnerabilities, adhere with security best practices, and adhere to Rowan policies and procedures.
    • Develop, implement and monitor a strategic, comprehensive ICS cybersecurity and risk management program to ensure the availability, integrity, and confidentiality of industrial control systems and supporting cyber systems that directly impact health, safety, environment, and production within offshore operations.
    • Create, manage, and deliver ICS security awareness training programs to rig personnel, contractors and applicable operations teams.
    • Develop and document procedures for ICS security program components to include incident response, security monitoring, risk and vulnerability identification, system hardening, and secure configurations.
    • Maintains awareness of the security landscape, emerging threats, and vulnerabilities, and advises the organization on security issues affecting the company in a timely and effective manner.
    • Conducts ICS security assessments to identify risks and gaps, and provides recommendations for risk mitigation.
    • Work with operations, engineering, ICS, and IT departments to ensure adequate security controls are in place for systems and software in Process Information Networks (PIN) and Process Control Networks(PCN).
    • Work with operations, engineering, ICS, and IT departments to respond and comply with all ICS-related security audits
    • Perform security assessments on all new or proposed software and hardware solutions.
    • This includes Cloud storage providers, interface applications, and data storage and forwarding platforms for the ICS data project.
    • Assume primary responsibility for ICS security organization including hiring, training, staff development, performance management and annual compensation review.
    • Technical lead for all ICS-related security events and incidents.
    • Performs periodic network, domain, system, and architecture reviews to identify vulnerabilities and process improvement opportunities. (This includes remote access architecture for PCN support functions).
    • Responsible for the secure architecture, design and best practice implementation, configuration and maintenance of security solutions that protect ICS networks and systems against known and unknown threats.
    • Provide security awareness and training to rig personnel and operations teams.
    • Develop and document procedures for ICS security program components to include incident response, security monitoring, risk and vulnerability identification, system hardening, and secure configurations.
    • Keeps up to date with the security landscape, emerging threats, and vulnerabilities, and recommends measures to assess and mitigate security risk.
    • Work with ICS team to ensure adequate security controls are in place for systems and software in Process Information Networks (PIN) and Process Control Networks(PCN).
    • Maintain and enforce ICS Security policy.
    • Provide security requirements, guidance, and approval for ICS-related projects and procurement, including the evaluation, design, and recommendation of technical controls.
    • Actively participate in various committee meetings to provide input into policy, standard, and RFIs that drive requirements that could significantly impact Rowan, specifically within control system environments. (API, IADC, ISA, NOSAC, Infragard, CySec for Control Systems)
Skills & Qualifications:
  • 8+ years of cybersecurity experience
  • 4+ years of industrial control systems security experience
  • GICSP Certification (preferred)
  • CISSP Certification (bonus)
  • Hands-on experience with operational technologies including programmable logic controllers (PLCs), remote terminal units (RTUs), and supervisory control and data acquisition (SCADA) systems.
  • In-depth understanding of industrial networks and corresponding protocols (e.g. Industrial Ethernet, Modbus, S7, Profinet, OPC UA).
  • Experience implementing security technologies and controls in control system environments.
  • Understanding of threats to ICS.
  • Understanding of operational impacts and risk in control and automation systems environments
  • Understanding of differences between IT and OT environments.
  • In-depth knowledge of ICS Security standards and guidelines (NIST CSF, ISA/IEC-62443, NIST SP 800-82)

For more information or to view other opportunities, visit us at www.paladininc.com.

Paladin is an EEOC employer. We drug test and background check!