We are looking for Cybersecurity Architect for a Portugal opportunity (hybrid or remote).
- Degree in IT Engineering, Computer Sciences, Maths or Physical sciences;
- Minimum 7 years’ experience in functions with a strong component in security architecture definition, cybersecurity controls definition and implementation, cybersecurity risk analysis, definition and implementation of processes and procedures in the area of cybersecurity;
- Proven conceptual knowledge of security in OT/ICS/IoT environments;
- Experience supporting and understanding industrial protocols such as OPC, Modbus, DNP3, an advantage;
- Full-stack knowledge of OT Security infrastructure on all technology layers;
- Experience with design of architecture based on Purdue Model;
- Experience on OT domain specific security solutions;
Previous experience designing and architecting OT/ICS networks, architecting segmentations between business and OT/ICS networks, and designing secure access methods into OT/ICS production segments;
- Ability to communicate with OT/ICS business partners and provide direction on how OT/ICS networks should be securely designed and implemented;
- Provide direction on how 3rd parties can access and maintain ICS networks remotely;
- Experience with the following regulations, standards and frameworks: ISO 27001/2, IEC 62443, NIST SP 800-82;
- Good knowledge of information security domains;
- Industry recognized certifications (e.g. SABSA, CRISC, CISSP, GDSA, CSSA, GICSP) or training in cybersecurity and related fields;
- Fluent Portuguese and English speaker.
- Security By Design Frameworks - Embed data security controls in the design phase of solutions and in IT/OT management processes. Produce blueprints, reference architectures, guidelines and policies detailing cybersecurity principles;
- Continuous Remediation - Design and promote initiatives to reduce or mitigate security risks, either from existing legacy solutions or raised with new ones, but also tackling new emerging and exploitable threats;
- Secure Business Enablers - Active advisory in RFPs, Technical Advisory Boards and Change Advisory Boards for new projects and initiatives;
- Follow up projects and initiatives planning and implementation to ensure security controls and best practices are feasible and deployed;
- Data & Privacy Committee to promote linked, understandable and consequent Cyber Security, supported in a comprehensive lifecycle of a cyber culture;
- Support GDPR, Cyber Risk and Cyber Security Assessments.