Risk Assessment specialist

Siemens founded the new business unit Siemens Advanta (formerly known as Siemens IoT Services) on April 1, 2019, with its headquarter in Munich, Germany. It has been crafted to unlock the digital future of its clients by offering end-to-end support on their outstanding digitalization journey. Siemens Advanta is a strategic advisor and a trusted implementation partner in digital transformation and industrial IoT with a global network of more than 8000 employees in 10 countries and 21 offices. Highly skilled and experienced specialists offer services which range from consulting to craft & prototyping to solution & implementation and operation – everything out of one hand!

We’re looking for forward-thinking, ambitious game-changers like you to be part of our cybersecurity team. Together let’s build groundbreaking security solutions and infrastructures that protect our data and the digital assets of our customers. You will proactively foster an environment that drives appropriate information risk control behavior, including early anticipation, identification and mitigation of information risk, as well as escalation of issues in line with the Information Risk Management Framework.

Specific duties

• Perform cybersecurity assessments of IT and OT systems and applications deployed in plants and factories for compliance with regulatory, federal/state guidelines and cyber security standards such as ISO27001, IEC62443, NIST, NERC CIP, EU NIS 2, KRITIS, NIST 800-53 and NIST 800-82.
• Support the ongoing evaluation of cybersecurity capabilities to determine the maturity and effectiveness of capability implementation using various cybersecurity and IT Risk frameworks (NIST CSF, ISO 27001, IEC 62443 2-1, COBIT, ES-C2M2, etc.).
• Collaborate with stakeholders and internal business partners to assess the cyber risk and evaluate the design and effectiveness of cybersecurity controls within the line of business. Lead staff interviews, evidence collection, surveys and site visits, review business process descriptions, analyze business and workflow.
• Perform in-depth analysis, document, and report assessment findings and outcomes to technical staff, senior line of business managers, and Executive levels. Provide Subject Matter Expert (SME) guidance to technical and nontechnical teams in support of compliance.
• Maintain strong knowledge of the regulatory requirements and core cyber security and risk practices/standards by participating in professional associations, attending educational workshops, reviewing professional publications, and self-learning opportunities.

You should have

• Education qualification – MCA / B. Tech /B.E. Computer Science or other IT related degree
• Sound knowledge in Cyber Security with a focus in Risk, Vulnerability and Incident Management and Reporting. Knowledge of industry standards and frameworks like ISO27001, IEC62443, NIST 800 standards, NERC CIP, NIS 2, EU CRA etc.
• Experience in Information security topics such as PKI, network security, endpoint security, IDS/IPS and vulnerability assessment
• Possesses relevant certifications such as ISO 27001 lead auditor and SA/IEC 62443 Cybersecurity Risk Assessment Specialist
• Relevant Cybersecurity certifications CISSP, CISA, CRISC or similar is a plus
• Require 5+ years’ experience performing security assessments and/or working in a cyber risk management position, preferably related to the OT (Operational Technology) services or other manufacturing industries.
• Deep understanding of cybersecurity processes such as incident handling and response, operational administrative technical and physical security processes/policies, cyber maturity models and KPIs etc.
• Able to act independently and decisively when making decisions regarding both the technological and critical regulatory environment and daily business issues. Possess solid judgement in the evaluation of controls and processes as well as document defensible conclusions for the assessment outcomes.
• Proven ability to interact professionally and manage positive relationships with a diverse group of partners, senior managers, subject matter experts, and all levels of management to affect key decisions and outcomes. Have an ability to set-up, facilitate and lead interviews and working sessions with a range of business stakeholders.
• Ability to understand business drivers and risk appetite, to make informed risk assessment decisions.
• Excellent verbal and written communication skills, including the ability to write clear, concise, technical and nontechnical reports as well as present in front of diverse audiences.
• Good working knowledge of industry best practice around information security controls covering cloud security, network security, application security, encryption, information security testing, vulnerability management, access governance, and SaaS assurance.
• Strong analytical and problem-solving skills, with excellent attention to detail.
• Proven ability to identify and articulate information security requirements, risks and issues, and formulate clear decisions and recommendations.

#J-18808-Ljbffr