This role will provide an innovative and comprehensive approach for complex business and technology initiatives pertaining to cyber security and smart grid environments utilizing cyber defense, enterprise risk management, information assurance and information security. This role will also assist with the identification and evaluation of holistic security gaps with a focus on infrastructure and the business applications layer. Additionally, this role will identify and integrate sound security controls for applications, systems, and processes for the organization.
PRIMARY DUTIES AND RESPONSIBILITIES
1. Support the Industrial Control System (inclusive of Distributed Control Systems (DCS), Electric and GAS SCADA and Smart-Grid) Security Architecture based on industry-specific security standards 20%
2. Participate in cyber security risk assessments of industrial control systems (ICS), to include all cyber assets, such as: Energy Management Systems (EMS), DCS, Human machine interfaces (HMIs), Programmable logic controllers (PLCs), Remote terminal units (RTUs), and Supervisory control and data acquisition (SCADA) 15%
3. Deploy internal ICS and Smart Grid security standards based on NERC CIP, NIST 800-82, ISA99, NISTIR 7628, and other industry-specific security standards 10%
4. Perform risk and vulnerability research, aiding in the development of the ICS security posture, in response to the evolving ICS threat landscape 10%
5. Support Smart Grid and SCADA/ICS Projects, Security Monitoring, Vulnerability Assessment, Penetration Testing, Cybersecurity Analysis, and NERC CIP audit readiness evaluations. 15%
6. Incorporation of ICS penetration and/or vulnerability testing reports into ICS risk register 10%
7. Mitigate and/or remediate deficiencies ensuring risks will be reduced to accepted levels prior to technology implementation 10%
8. Research and contribute to industry best practices 10%
SUPERVISION
Direct Supervision: N/A
Indirect Supervision: N/A
RELATIONSHIPS
Key Internal: This position will engage multiple I.T. groups and business units, including Energy Supply, Energy Distribution, Energy Delivery, and GAS. Interactive engagement will require communication with include individual contributors, middle management and executive management.
Key External: This position will engage external contacts including vendors, contractors, regulatory agencies (ex: FRCC, NERC), industry associations, and other utility partners.
QUALIFICATIONS
Education
Required: Bachelor's Degree in Computer Science, Information Systems or other I.T. related field, or an EAC/ABET Bachelor's Degree in Electrical Engineering AND 6 years of related I.T. experience
OR
High School Diploma AND 8 years of related I.T. experience
Preferred: Master's Degree in Computer Science or other I.T. related field of study AND 10 years of related Information Security and ICS experience
OR
Master's Degree in I.T. related field or Business Administration with Bachelor's degree in Computer Science or other I.T. related field of study AND 10 years of related Information Security and ICS or Smart Grid experience
Licenses/Certifications
Required: One active industry recognized security certification(s) over multiple domains
(ex: CISSP, GIAC/GICSP)
Preferred: CISSP, ITILv3, and one or more related I.T. Security professional or vendor certifications from SANS GIAC, ISACA, IACRB, ISC2, Microsoft, Checkpoint, etc.
EXPERIENCE
Related Experience
Required: 6 years of practical technical experience within a IT Security role
3 years of related or direct electric utility industry experience
Preferred: 10 years of practical technical experience within a IT Security role
5 years of direct electric utility industry experience
Knowledge/Skills/Abilities (KSA)
Required:
1. Familiarity with Energy Management Systems, distribution management systems, generation management systems, demand response systems.
2. Knowledge of Electric and/or Gas industrial control networks and operations technology.
3. Knowledge of Field Area Network Architectures for Transmission and Distribution control and automation.
4. Experience with Advanced Metering Infrastructure (AMI), Distribution Automation (DA) and Smart Grid deployments.
5. Experience in a Network or Security Operations Center monitoring information systems or SCADA systems.
6. Experience in industrial cyber security standards and guidelines such as ISA 99, API-1164, and NIST 800/SP-800 series, DOE Electricity Sector Cyber Security Capability Maturity Model (ES-C2M2), IEEE standards
7. Knowledge of ICS and SCADA protocols, including DNP3, ICCP, 61850, GOOSE, C37.118, ModBus+, ZigBee, 802.11x, RF
8. Participate in compliance efforts for NERC Critical Infrastructure Protection.
Preferred:
1. Knowledge of Utility/Energy or Smart Grid Communications Systems Architecture
2. Knowledge of ICS and SCADA protocols, including DNP3, ICCP, 61850, GOOSE, C37.118, ModBus+, ZigBee, 802.11x, RF
TECO Energy
702 N Franklin St
Tampa
Florida États-Unis
www.tecoenergy.com
