Cyber Security Consultant

About Enzen We are a global knowledge enterprise specialising in the energy and water sector. We offer specialist domain, digital solutions and services. We work with energy and water networks, offering end–to–end solutions and services ranging from advisory, engineering services, operational technology, advisory, transformation, digital and data solutions, along with Cyber Security. Founded in 2006 in the UK, the business has grown and expanded globally, with a presence in Australia, India, Portugal, Spain, Turkey, the UK, and the USA. As a domain–focused organisation, we have a big ambition to leverage digital technologies and platform solutions to accelerate the energy transition and journey to net Zero. As part of our strategy to Digitalise, Decentralise and Decarbonise the energy sector, we are expanding our competency and capabilities to support the massive digital transformation needed to enable the transition. Enzen s business model is underpinned by our Centre of Excellence (CoE) model. CoEs are our engines of innovation and growth; CoEs are business units to build and grow specialist areas of business and technology. The Cyber Enablement practice firmly sits at the centre of our Digital Enterprise CoE. It is critical in enabling enterprises cyber resilience journey and building specialisation in IT and OT cyber solutions, supporting our customers with compliance and regulatory remits. Role Summary This is an exciting opportunity to contribute and grow our Cyber Security CoE and be a member of Enzen s growing Digital Enterprise family. The Lead Cyber Consultant plays a key role in this critical growth opportunity in the UK. It s an ideal time to join early on its growth and help drive excellence within our offering. We seek a motivated, experienced, strategic individual with a breadth of knowledge across IT and OT. The role will report to the UK head of cyber and programme director/manager (part of the delivery) and will be primarily responsible for delivery consultancy work. Responsibilities will include but are not limited to: Support with delivery of OT/ICS security engagements, with taking on responsibility for day to day running of the engagement deliverables including meeting quality and time targets Work with customers to initiate and execute IT/OT security programs, define, and develop OT security strategies, policies, and guidelines. Prepare, review, and assess security requirements, architectures, and designs for IT and OT environments, applying best practice, policies, and standards (eg, ISA/IEC 62443, ISO 27000 series, NIST) Experience of security engineering and associated solutions (Endpoint Protection, IDS/IPS, Firewalls, etc.) for IT and/or OT environments Extensive Cyber Security work experience (with a significant focus on Operational Technology during that time) Must be eligible for SC CLearence due to the nature of the work Working very closely with Customers to achieve CAF requirements Analyse existing cyber security procedures, practices and technology to identify gaps and recommend solutions , processes, configurations to remediate the gaps. Ensuring that new Operational Technology processes, procedures, systems, and designs are adequately risk assessed with appropriate mitigations in place. Ensuring compliance of the NIS Regulations, this involves maintenance of Cyber Assessment Frameworks and development and auditing of improvement plans to increase the maturity of cyber security Developing, reviewing and updating/recommending policy and procedures covering cyber security for all OT networks owned by the customer. Closely work with system owners/business to manage the security risk registers for the OT elements. Assess alternate design configurations and identify functional and non–functional requirements for various operational technology and cyber security processes Maintain Operational technology security framework, policy and standard (including internal and external policy compliance) Work with other consultants and security analysts appropriately in projects Support for business development activities OT/ICS security engagements, including creating approaches and methodology, proposal writing, and direct support in presenting to potential clients Qualification/ certification Bachelor's degree in Computer/ relevant field, Engineering. A Master's degree would be advantage. Professional cyber certification, such as a CISSP/CISM/ Global Industry Cyber Security Professional Certification (GICSP)/ IEC 62443. A minimum of 10 years of work experience, with at least 5 years operating as a skilled resource in a technical capacity in the design, implementation, maintenance, or support of security solutions within OT/ICS environments Strong knowledge and experience of the operation and design of OT networks. Working knowledge of CAF, where Assessing and advising on implementing indicators of good practice (IGP) part of the CAF. Understanding of one or more OT/ICS Security standards and frameworks such as: NIST 800–82, Involvement in CAF self–assessment and support in CAF compliance journey, with Working with compliance team to submit reports to the regulatory body (OFGEM) would be advantage Expert–level IT skills are a necessity, including knowledge of networks and data centres, hardware, and software. Knowledge of Operational Technology, SCADA, PowerON, Industrial Control Systems and Network architectures Produced well documented deliverables in the form risk assessments, reports, analysis, SOPs, etc. Experience and understanding of the information risk implications of third party relationships, Risk Assessment and vulnerability management processes Desirable attributes Understanding of technologies (assets, communication protocols, technical architectures, segmentation requirements) utilised by OT/ICS systems (SCADA/DCS/PLC/RTU) and networks Knowledge of the technical security concepts/solutions utilised within IOT/ICS systems and networks Knowledge of the security concepts typical to the OT/ICS environments especially in two or more areas such as vulnerability management, security operations access management, network architecture & segmentation, asset management, defence in depth, etc. Core consulting skills– Advanced data and evidence management, client management on remediation programmes, driving innovation and continuous improvement