Senior Cybersecurity Specialist – OT (Operations Technology)

Primary Purpose

The Sr. Cybersecurity Specialist – OT design and implement systems and processes of Sempra's security functions across operational technologies (OT), ensuring the 24/7 protection of Sempra's assets and data against the dynamically changing threat landscape. The Sr. Specialist –OT is responsible for the design and implementation of security across OT solutions to ensure Sempra's endpoints, servers, networks, and databases are always protected. This position coordinates with lines of business and development teams to ensure security controls are in place from design through deployment. This position works closely with cyber operations to ensure operational technologies are incorporated in functions, such as security monitoring, threat and vulnerability, and incident response.

Duties and Responsibilities

Delivery & Execution

• Standards Setting:
• Provides incident response plans and procedures for foreseeable incidents and continuously update the incident response playbook in line with emerging threats and leading industry standards
• Develops and maintains incident response, threat and vulnerability, and security monitoring documentation
• Oversees and leads Cybersecurity Specialists – OT, ensuring the specialists follow incident handling procedures and processes.

• Project Delivery:
• Drives the planning, execution, and management of multi-faceted projects related to Cyber security operations center
• Responsible for the design and implementation of activities related to security monitoring and incident response
• Oversee OT Specialist participation and ensure OT Specialist provide quality technical and procedural documents.
•  Compliance:
• Implements OT security operations in accordance with industry standards and practices (i.e. NIST SP 800-82 AND ISO/IEC 62443)
• Responsible for ensuring assigned projects and activities within the functional areas meet all compliance and architecture standards
• Ensures proper oversight for solutions and artifacts
• Ensures re-use through implementation of shared technology assets

Value Delivery, Strategy, and Planning

• Functional Area Strategy
• Coordinates activities of incident response, threat and vulnerability analysis, and security monitoring for operational technologies to ensure timely detection, prevention, and response to security incidents
• Coordinates the implementation of requirements and recommendations to OT / critical infrastructure
• Researches SCADA vendors and CISA advisory documents
• Works with all business lines to ensure that incidents are quickly identified and remediated and to define recommended threat mitigation actions
• Participates in business continuity plans in business lines
• Maintains alignment with IT governance/risk objectives in solution delivery
• Drives quick escalation and resolution during major incidents; prioritizes actions to ensure maximum protection of company assets and data
• Provides detailed explanations of security events and their impact on specific parts of the business
• Train OT Specialists and IT personnel to improve cross-training.
• Emerging Technology
• Incorporates areas of IT and OT convergence; works closely with IT to secure technologies
• Drives continuous improvement across OT Incident response, threat and vulnerability, and security monitoring functions; ensures functions remain up to date with the current threat landscape
• Drives innovation and identifies emerging technologies to sustain and automate the cyber security operations
• Drives tabletop exercises with playbooks and pertest
• Reviews of OT architectures for OT security improvements
• Collaboration
• Works with cross-functional IT and enterprise teams to build alignment and model commitment to high performance as “one team”
• Drives the relationship and communications to across business lines to ensure security is embedded within solutions
• Performs other duties as assigned (no more than 5% of duties)

Qualifications

Education:

• Bachelor's Degree In Computer Science, Information Technology, or equivalent relevant work experience.
• Master's Degree is a plus

Experience

• 5+ years’ Experience in Information Security, Cyber Security, or relevant roles
• 3+ years Managing the security monitoring, threat and vulnerability, and/or incident response functions of an organization with a complex Information Technology environment

Knowledge, Skills, and Abilities

Technical Skills

• Strong technical understanding of OT security monitoring, threat and vulnerability, and incident response processes, procedures, guidelines, and solutions
• Knowledge of OT network infrastructure, SCADA/DCS systems, data/communication systems, management systems, and security/compliance
• Understanding of relevant cybersecurity regulations and best practices, pertinent to utility environments (such as NIST SP 800-53/82, NERC CIP, NEI 08-09, ISA 99, NIST CSF and C2M2)
• Deep understanding of operating systems, programming, networking, malware defenses, perimeter controls, security assessment, web applications, intrusion analysis, malware analysis and incident response
• Understanding in network design, configuration, and maintenance with various hardware manufacturers; understanding Programmable Logic Controllers (PLC) / Distributed control Systems (DCS), server virtual machines and industrial network architectures and how to effectively support securing these technologies
• Proficiency in cyber kill chain framework
• Understands information security as it relates to the business and other areas of IT; understands direct impacts and risks to the business
• Strong multi-tasking capabilities, exceptional skills to adjust to multiple demands, shifting priorities, ambiguity and rapid change as well as dealing efficient deal with escalations and difficult situations/people under pressure e.g. to restore services
• An overall understanding of the business objectives of service lines and Core Business Services departments

People Leadership

• Demonstrated skills to collaborate across a diverse technical workforce in multiple locations, overseeing a full range of technology platforms and solutions as well as vendor personnel
• Ability to lead, manage and coach staff; personal drive and energy level to achieve superior results individually and through others
• Excellent communication stills and ability to convey technical concepts to a non-technical audience

Cross Functional Collaboration

• Ability to participate in co-operative working relationships including knowledge sharing and partnership in achieving solutions within and across business or operational functions

Preferred Qualifications

• Professional certifications in Information Security (CISSP, CISM, CISA).
• Bilingual in English and Spanish.

Licenses and Certifications

• Professional certifications in Information Security (CISSP, CISM, CISA)
• Technical certifications (operations i.e. GCIA, GCIH, CEH, SSCP)