OT Cybersecurity Manager
hace 2 días
Valencia
ppFounded in 2003, Prosolia Energy is a leading business group in the renewable energy sector, with operations in Spain, Portugal, Italy, France, Germany and Mexico. /p pProsolia Energy is an Independent Power Producer (IPP) specialised in providing decarbonisation services to our customers. We control the entire value chain of the projects through which we provide energy to our customers, developing, constructing, operating and maintaining a range of renewable generation and storage sources. We are committed to leading the transition of the industrial and productive sector towards a decarbonised, sustainable and competitive model. Our strategic objectives for the coming years include growing our asset base and expansion into new markets and products. /p pProsolia Energy now has a project portfolio of more than 4 GW. In order to build and develop this portfolio, as well as to achieve its strategic objectives, we are looking for talented, high potential professionals who wish to join our team and contribute to our continued success. /p pWe are looking for an bOT Cybersecurity Manager /b to lead and implement cybersecurity strategies across our OT environments, ensuring robust risk management and compliance. /p h3Responsibilities: /h3 h31. Cybersecurity strategy /h3 ul liDefine and update the corporate OT cybersecurity strategy, aligned with the objectives of the Prosolia group, the risk strategy and the applicable regulations (IEC 62443, ISO 27001, NIS2, GDPR, etc.). /li liDevelop and maintain the framework of security policies, standards and procedures (remote access, communications, backups, use of accounts, etc.), ensuring their implementation in all countries and assets of the company, according to size and type. /li liCarry out periodic cybersecurity risk assessments in OT infrastructures and control systems (SCADA, PLC, RTU, plant networks), identifying vulnerabilities and prioritizing mitigation actions. /li liDevelop and follow risk management plans, including technical and organizational measures. Prioritize and track remediation plans from OT risk assessments and audits, including deadlines, owners, and completion indicators. /li /ul h33. OT Security Architecture and Operations /h3 ul liDesign and validate OT network security architecture, including network segmentation, secure remote access systems, traffic monitoring, and IT/OT segregation. Align OT architectures and solutions avoiding silos and promoting shared security capabilities. /li liDefine security requirements for new plant projects, SCADA upgrades or communications, reviewing third-party designs and ensuring that deliverables meet defined cybersecurity standards. /li liLead remediation campaigns (patching, hardening, segmentation) in coordination with IT, OT, OM and vendors, ensuring no operational regression. /li liParticipate directly in configuration reviews (firewalls, VPN, remote access, accounts), OT backup restoration tests, and business continuity exercises. /li /ul h34. Monitoring, detection and response to incidents /h3 ul liEstablish and coordinate security monitoring capabilities applied to critical OT networks, defining use cases, alarms, and escalation procedures. /li liLead cybersecurity incident response, from detection to shutdown (containment, eradication, recovery, and lessons learned), including coordination with IT, Insurance, Legal, and Corporate Communication when necessary. Establish structured post-incident processes (Root Cause Analysis, action plans, tracking to closure) integrated into risk/security committees. /li /ul h35. Regulatory compliance, audits and reporting /h3 ul liEnsure compliance with the regulations applicable to critical infrastructure security, data protection and industrial cybersecurity in the countries where the company operates, coordinating internal and external audits. /li liPrepare periodic cybersecurity status reports (KPIs), main incidents, level of maturity and progress of action plans for Management, Risk Committees and others. /li /ul h36. Third-party management and supplier lifecycle /h3 ul liDefine and review cybersecurity clauses in contracts, RFPs, and SLAs with OT, communications, cloud, and OM service providers, including hardening, support, patching, and incident management requirements. /li liAssess and monitor the cybersecurity risk of critical third parties (SCADA integrators, communications providers, SOC services) and coordinate corrective actions when breaches or breaches are identified. /li /ul h37. Awareness, training and safety culture /h3 ul liDesign and execute cybersecurity training and awareness programs, adapted to OT (plant operators, field technicians, OM) and IT groups, promoting good practices in the use of credentials, remote access and mobile devices. /li /ul h38. Remote access and communications management /h3 ul liDesign, implement and supervise the secure architecture of communications between plant assets (SCADA, PLC, inverters, trackers) and control centers, guaranteeing the integrity, confidentiality and availability of operational data at all times. /li liEstablish and maintain secure VPN tunnels (IPSec, OpenVPN) and protected remote connections for technical access, centralized monitoring, and OEM support, applying network segmentation, end-to-end encryption, and multi-factor authentication (MFA). /li liDefine policies and procedures for validated remote access. /li liCoordinate with telecommunications and OT teams the implementation of secure gateways, industrial firewalls and intrusion detection systems (IDS/IPS OT‑aware), validating configurations and performing periodic connectivity and resilience tests. /li liContinuously monitor and audit remote communications traffic by responding to detected incidents and reporting usage and security metrics (access KPIs, response time, detected vulnerabilities). /li liEvaluate and negotiate with providers (telecom, SCADA integrators or similar) security requirements in communications, periodically reviewing their compliance and coordinating corrective actions. /li /ul h39. Governance, KPIs and Roadmap Management /h3 ul liBuild and maintain a multi‑year OT cybersecurity roadmap (maturity levels, investments, NIS2 priorities), updated annually. /li liDefine and track OT security KPIs (open vulnerabilities, remediation progress, incident response times, patching/backup/DR test coverage). /li liGovern remediation action plans through regular steering committees with IT, Asset Management external partners and vendors, ensuring accountability and closure. /li /ul h3Requirements: /h3 ul liUniversity degree in Computer Engineering, Telecommunications, Industrial Engineering or similar. /li liQualifications that are assessed: Master’s Degree in Cybersecurity or similar. /li liLanguages mandatory: Spanish and English. /li liLanguages that are assessed: Portuguese, Italian, French and German. /li liMinimum of 3 5-7 years in OT/ICS/SCADA environments or renewable/industrial infrastructures. (3+ years with demonstrated experience in remediation project management or OT cybersecurity implementation). /li liProven experience defining and implementing security policies, leading security project, managing incidents and piloting multi‑stakeholder action plans. /li /ul h3Other requirements: /h3 ul liProject management and action plan governance. /li liAbility to challenge OT integrators/MSPs on technical/security delivery. /li liCross‑functional coordination (IT/OT/Asset Management) and committee animation. /li liHands‑on OT security operations (configuration reviews, incident leadership). /li /ul h3What’s in for you at Prosolia /h3 ul liInternational and rapidly expanding company /li liOpportunities for professional growth /li liFlexible working hours and hybrid work possibilities /li /ul /p #J-18808-Ljbffr