Job Description

Summary

===========================

===================



Description de l'emploi

Summary

Le/La responsable architecture systeme cybersecurite coordonne l'architecture des systemes complexes sur les aspects cybersecurite. Il/Elle travaille avec les Lignes de Produits pour clarifier la repartition des responsabilites et assurer l'interoperabilite sur les aspects cybersecurite.


Ce role aide les Lignes de Produits pendant les phases d'appel d'offres, d'ingenierie, ainsi que les phases de conception d'architectures de reference, jusqu'a la livraison, operation et maintenance des systemes.


Ce role contribue egalement aux evolutions du process d'ingenierie, aux audit internes et ameliorations continues, en conformite avec nos politiques internes, standards et les regulations comme IEC 62443-2-4, IEC 62443-3-3, NIST, NERC CIP, BDEW, etc.


Ce role contribue egalement a la gestion des vulnerabilites et incidents au niveau systeme, en lien avec les equipes concernees au sein de Grid Solutions et de GE Vernova.


Le/La responsable architecture systeme cybersecurite rapporte au responsable cybersecurite de Grid Solutions.

Responsabilites :

Definir et maintenir la repartition des responsabilites, les architectures de references et assurer l'interoperabilite de l'ingenierie sur les aspects cybersecurite, dont la documentation, en conformite avec les politiques GE Vernova. Contribuer avec les Lignes de Produits aux audits d'architecture et de securite pour les projets complexes. Apporter un support aux Lignes de Produits pour les appels d'offre et les fonctions d'ingenierie projet pour assurer le niveau de qualite et la livraison de systemes complexes au niveau de securite souhaite. Piloter les documentations relatives a la cybersecurite des systemes complexes : processus, recommendations, procedures. Coordonner et contribuer aux certifications liees aux systemes complexes (IEC 62443-3-3) et au role d'integrateur systeme (IEC 62443-2-4) Contribuer a la gestion des incidents et vulnerabilites des systemes, en conformite avec les politiques internes, en appui des Lignes de Produits. Realiser des evaluations de vulnerabilites sur les systems complexes et maintenir les methodologies associees. Apporter un support aux Lignes de Produits pour les artifacts d'ingenierie, les valider et s'assurer que les documentations soient a jour. Effectuer des audits internes reguliers sur les aspects cybersecurite de nos processus d'ingenierie afin de s'assurer de leur conformite et de leur amelioration continue. Contribuer a la gouvernance securite des produits : conformite aux politiques internes, aux standards et regulations. Partager les bonnes pratiques et retours d'experience, mettre a jour en continu les recommandations techniques en tenant compte de l'evolution des technologies, en collaboration avec la communaute securite produit , les architectures et experts. Transmettre et former en interne sur les sujets lies aux standards cybersecurite, notamment pour une audience R&D, ingenieurs, commerciaux, architectes, responsable produit

Qualifications souhaitees :

Bachelor en informatique ou specialisation STEM (sciences, technologie, ingenierie et mathematiques Experience confirmee sur les architectures systems du secteur electrique, minimum 5 ans Minimum 3 ans d'experience sur la conception d'architectures securisees design, DMZ, appliances de securite, de preference en environnement Operational Technology (OT) Connaissance approfondie des systemes industriels et de leurs contraintes, SCADA, DMZ, architectures, et protocoles de communication, notamment Modbus, DNP3/IEC 104 et IEC 61850 Veille sur les standards cybersecurite et comprehension du paysage (acteurs, tendances, technologies, strategies possibles) Experience avec les equipements telecom et reseau (routeurs, switches, firewalls) Excellentes capacites de communication et maitrise de l'anglais ecrit et oral Capacites a travailler efficacement en equipe, avec differents departements, dans un environnement international Connaissances approfondie des frameworks, standards et regulations relatifs a la cybersecurite en environnement OT : NERC CIP, IEC 62443, IEEE 1686, IEC 62351, Directive NIS2, NCSC CAF, AES CAF, NIST, etc.

Competences additionnelles :

Les certifications de securite sont un plus (ex. ISA, CISSP, SANS, ISACA) Esprit client Competences interpersonnelles et leadershi

Inclusion & Diversity

La Mission Handicap Grid Solutions facilite l'integration des personnes en situation de handicap.


Chez GE Vernova, nous croyons en la valeur de votre identite, de votre parcours et de vos experiences uniques. Nous nous engageons a favoriser une culture inclusive, ou chacun se sent habilite a faire de son mieux parce qu'il se sent accepte, respecte et a sa place. Cliquez ici pour en savoir plus :


https://jobs.gecareers.com/vernova/global/en/i-d-e


La difference cree l'energie.

Summary

The System Architecture Cybersecurity Leader oversees the architecture of complex systems from a cybersecurity perspective. He/She works closely with Business Lines to ensure a clear Division of Responsibilities and interoperability from a cyber perspective.


This role supports Business Lines teams during tendering and engineering phases from design of reference architectures to the delivery and maintenance. The role also contributes to regular engineering process updates, internal audit, improvement, in compliance with GEV Policies international standards, and regulations like IEC 62443-2-4, IEC 62443-3-3, NIST, NERC CIP, BDEW, etc. The role supports also the management of systems vulnerabilities and incidents in coordination with concerned Teams and GEV Incident Leader.


The System Architecture Cybersecurity Leader will report to Grid Solutions' Cybersecurity Leader.

Responsibilities:

Maintain the Division of Responsibility, reference architectures, and interoperability standards for engineering, including documentation, while ensuring compliance to GEV Policies. Support Business Lines into performing architecture audits for existing complex projects. Support tendering and engineering functions to ensure high quality, high secure complex systems delivery. Oversee the development of documentation on process, standards and guidance related to engineering cybersecurity for complex systems. Coordinate and contribute to complex systems (IEC 62443-3-3) and system integrator (IEC 62443-2-4) certifications. Support Business Lines for the Incident and Vulnerability Management compliance according to GEV Policies. Conduct vulnerability assessment in complex systems and maintain the vulnerability assessment methodology. If needed by Business Lines, could support directly project teams to ensure all relevant engineering artifacts are ready and verified, and ensure tracking. Perform regular internal audit on the engineering processes to evaluate compliance and identify improvement in both the process itself and its implementation in Business Lines from a cyber perspective. Contribute to the Product Security Governance: compliance with GEV Policies, international Standards and regulations. Share best practices and lessons learned and continuously update the technical cyber security architecture, based on changing technologies, in collaboration with product security community, domain architects and experts. Develop and conduct relevant security training for various internal audience, such as project engineers and architects.

Required qualifications:

Bachelor's Degree in Engineering, Computer Science, or Information Technology from an accredited university Demonstrated experience with systems architecture in electric sector and associated documentation Minimum 3 years of experience in secure architectures design, DMZ, security appliances, preferably in an Operational Technology (OT) environment In-depth knowledge of industrial control systems, SCADA architectures, and communication protocols, including Modbus, DNP3/IEC 104 and IEC 61850. Demonstrated knowledge and understanding of network communications protocols in the TCP/IP network stack. Awareness of latest technical developments in the cyber security community Demonstrated experience with Linux, VxWorks and Windows operating systems including user account management, security / system hardening, device control, and patch management. Experience with Telecom and Network Equipment (Routers, Switches, Firewalls) Experience with security technologies, such as

o Symmetric and asymmetric cryptography and PKI infrastructure


o LDAP, RADIUS, SSH, SFTP, HTTPS, SYSLOG


o Encryption, TLS, RSA and code signing

Proven experience with cybersecurity frameworks and standards relevant to OT environments, such as NERC CIP, IEC 62443, IEEE 1686, IEC 62351 as well experience with NIS Directive, NCSC CAF, AES CAF, NIST Excellent oral and written communication skills Ability to work effectively in a team and across functions, partnering with other teams in a worldwide environment

Nice to have skills:

Experience with penetration testing and vulnerability assessment Virtualisation solutions (VMWare, Hyper-V, Proxmox, etc.) Cyber security certification (ex. ISC2, SANS, ISACA, CISSP, ISA) is a plus Strong customer service mind-set Strong interpersonal and leadership skills

Behavioral skills:

GEV leadership behaviors: deliver with focus, lead with transparency and act with humility Pro-activeness, sense of urgency, resistance to pressure, autonomy; ability to interact with multiple functions and teams worldwide Continuous improvement mindset Fluent English speaking and writing mandatory * Strong oral and written communication skills