Wind Services Security Lead

Job Description Summary

GE Vernova (NYSE: GEV) Addressing the climate crisis is an urgent global priority and we take our responsibility seriously. That is our singular mission at GE Vernova: continuing to electrify the world while simultaneously working to help decarbonize it.

If we want our energy future to be different...we must be different.

Our mission is embedded in our name. We retain our treasured legacy, "GE," in our name as an enduring and hard-earned badge of quality and ingenuity. "Ver" / "verde" signal Earth's verdant and lush ecosystems. "Nova," from the Latin "novus," nods to a new, innovative era of lower carbon energy that GE Vernova will help deliver.

Together, we have The Energy to Change the World. Learn more at www.gevernova.com

The Services Cyber Security Lead will lead relevant cyber security activities for the Services area of GE Vernova's Wind Turbine business. This role will work with the various departments and teams carry out these activities.

This role reports directly to the Global Leader Remote Operations Center (ROC) and indirectly to Wind's Product Security Leader.

Job Description

Job Description

• Ensure the Services area follows applicable GE Vernova and Wind Cyber Security policies, standards, and procedures
• Drive/support yearly security assessments for applicable environments (e.g., Generator Operator Control Room)
• Support and conduct background checks for employees requiring access to the ROC and applicable customer sites, including sharing relevant information with customers as needed.
• Manage, including approvals, the access review process for logical access to the ROC, jump hosts, and applicable customer sites.
• Track and manage cybersecurity training for Services personnel.
• Review and approve changes to the environment, including servers and network devices.
• Maintain an accurate and up-to-date asset inventory of the Generator Operator Control Room environment.
• Support and participate in security reviews of Generator Operator Control Room systems to ensure compliance with security policies and standards.
• Define cyber assets and architecture for the Generator Operator Control Room environment with the Digital Technology team; own/manage architecture diagrams for the environment.
• Define and maintain physical access processes for the Generator Operator Control Room, applicable data centers.
• Coordinate and ensure physical access requirements for Services' operations at customer sites.
• Review and manage patches and updates to the Generator Operator Control Room systems, ensuring systems are up-to-date with OS updates, antivirus updates, and Active Directory updates.
• Track and assess vulnerabilities for Generator Operator Control Room systems, working proactively to mitigate risks.
• Serve as the PSIRT point-of-contact, coordinating security incident response efforts for the in scope environment.
• Document and manage recovery plans in collaboration with the Digital Technology team to ensure robust incident management and system recovery procedures.
• Be the Services liaison with customers who have cyber security questions for the Generator Operator Control Room environment.
• Take lead on reviewing applicable cyber and/or compliance regulations that may be applicable to the environment.

• Bachelor's Degree from an accredited university in Engineering, Computer Science, Cybersecurity, Information Technology, or related field. Alternative acceptable experience will be considered on a case-by-case basis.
• Minimum 8 years of experience in cybersecurity with at least 3 years focused on industrial control systems (ICS), operational technology (OT), or product security.
• Demonstrable in-depth knowledge and practical experience with applicable energy regulations including but not limited to NERC-CIP, NIS2, and/or SOCI.
• Strong knowledge of cyber security best practices and frameworks (e.g., NIST CSF, OWASP top 10).
• Strong understanding of industrial communication protocols used in power generation, wind farms, SCADA systems, and other industrial environments (e.g., Modbus, DNP3, OPC [DA, AE, UA], IEC 61850).
• Demonstrated knowledge and understanding cybersecurity solutions (e.g., Firewalls, antivirus, security incident and event management systems, intrusion detection systems, intrusion prevention systems), including experience providing installation/configuration recommendations.
• Experience using cyber security vulnerability tools (e.g., Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), or other weakness / vulnerability scanning tools).

• Master's degree in a relevant field.
• Wind Turbine product and/or cyber security knowledge.
• Wind services knowledge.
• Cyber security certification (ex. GICSP, CEH, CCNA, CISSP).
• Familiarity with functional safety standards (e.g., IEC 61508) as they intersect with cybersecurity.
• Ability to work independently and collaboratively as necessary with a cross-functional team.
• Working knowledge of electrical power industry technology, preferably Renewables or Wind.
• Strong oral and written communication skills. Demonstrated ability to analyze and resolve problems.
• Demonstrated ability to lead, document, plan, market, and execute security assessments. Established project management skills.
• Demonstrated knowledge of logging best practices and understanding of network cyber security practices.