Sr. Product Cyber Security Leader

Job Description Summary

The Cyber Security leader will lead all engineering aspects of the Operational Technology (OT) Security program for the Onshore Wind Turbine business. This role will function as a technical liaison between various engineering, product management, services, sourcing, legal as well as external stakeholders on cybersecurity architecture, requirements, and risk management.

Job Description

Roles and Responsibilities:

• Grow and maintain a program that advises leadership of the top security risks and overall security health of the Wind Farm Integrated Control System (ICS), SCADA and associated software
• Lead the secure development and delivery of competitive systems and solutions offerings to promote growth
• Build and execute engineering processes for early detection of design flaws, vulnerabilities, weaknesses, and missing security controls
• Collaborate with engineering and other stakeholders to ensure security assurance tasks are completed throughout the development lifecycle and effective security mitigations are integrated into the product
• Ensure product compliance with applicable security standards, GE Vernova policies and best practice. Stay informed of industry trends that may inform work
• Establish and track cyber priorities across entire product portfolio
• Perform cyber design and implementation reviews, vulnerability management, and incident response
• Initiate and manage security assessments and drive remediation and security controls validation
• Act as customer-facing subject matter expert, support contract negotiations and ITO activities, and provide solutions, recommendations and security strategy when called upon
• Interprets simple internal and external business challenges and recommend best practices to improve products, processes, or services
• Mentor and assist product development engineers with implementing and maintaining secure software design lifecycle (SSDLC)
• May lead functional teams or projects with minimal resource requirements, risk, and/or complexity. Communicates difficult concepts and may influence others' options on particular topics. May guide others to consider a different point of view.

• Bachelor's Degree from an accredited university in Engineering, Computer Science or Information Technology
• Minimum 5 years of experience in cyber security applications OT (not IT)

• Working knowledge of cyber asset protection regulations and standards affecting the power utilities industry including NERC-CIP, NIST, IEC62443, IEC62351
• Working knowledge of Electrical Power industry Technology, preferably Renewables
• Uses high level of judgment to make decisions and handle complex tasks or problems in areas of operational, product management, manufacturing, technology or engineering with respect to cyber security.
• Has ability to assess quality of information given and ask pertinent questions to stakeholders.
• Strong oral and written communication skills. Strong interpersonal and leadership skills. Demonstrated ability to analyze and resolve problems.
• Demonstrated ability to lead programs / projects. Ability to document, plan and execute programs.
• Able to offer new solutions to problems outside of set parameters and able to construct and provide recommendations.
• Uses multiple internal and some external sources outside of own function to help arrive at a decision
• Expertise and leadership across all aspects of SSDLC
• Working knowledge of cyber asset protection regulations and standards affecting the power utilities industry including NERC-CIP, NIST, IEC62443, IEC62351
• Recent experience supporting the Sales and Legal teams with contract reviews and negotiations specific to cyber security
• Hands on experience with threat modelling, attack surface identification, cyber risk analysis, security requirements capture, secure architecture, system and network hardening, code reviews, penetration testing and security validation / testing
• Ability to work effectively across functions, partnering with other teams in a worldwide environment
• Master's Degree from an accredited university in Engineering, Computer Science or Information Technology
• Cyber security certification (ex. GICSP, CEH, CCNA, CISSP) is a plus
• Established project management skills
• Wind Turbine product knowledge is a strong plus
• Demonstrated experience with Microsoft Windows and/or Linux operating systems including access and identity management, system hardening & device control, and patch management
• Demonstrated knowledge and understanding of the TCP/IP network stack and communication protocols including Modbus, OPC (DA, AE, UA), DNP3, IEC 104, IEC61850 etc.
• Familiarity with Intrusion Detection, Malware detection and Security Monitoring solutions
• Familiarity with Industrial Automation and Control Systems products and components including PLCs, SCADA and DCS
• Ability to travel to GE Offices located in New York and South Carolina for onboarding and team meetings, proximity to Greenville SC, preferred. Occasional travel to customer sites may also be required.