Responsibility of the IT Security Architects
Working in the OT security area, identifying and providing advice about legislation and industry standards (frameworks), which are relevant to the OT platform e.g., IEC 62443.
Understanding and interpreting laws and standards in Denmark and Europe related to supply critical IT systems, which leads to the results being well documented Energinet editions of the related requirements.
Taking leading role and an active part in the work expressing these requirements relevant to the OT platform hosting supply critical IT systems.
Structuring requirements and prioritizing these, of which a subset of the requirements relates to emergency preparedness and technical solutions including testing. These cannot be seldomly executed desk rehearsals but have to be part of the daily work in DevOps teams.
Consolidating different legislation, standards, and frameworks (where these are the same) into one specific requirement. Avoiding requirement redundancy and procedural ineffectiveness.
Develop and execute the process of security risk evaluation and vulnerability assessment, including providing documentation. This may very well lead to reiteration of own requirement specification.
Collecting best practices from the IT security industry, including the Purdue zone model, where the OT platform belongs to security zone 3.
Developing security principles and policies/practices for supply critical IT systems (OT systems), which can be understood by the technical DevOps teams.
Taking part in working with project and solution designs, providing security architectures and recommended decisions to the OT Platform ART’s architecture and advisory forum.
Ensuring that technical solutions satisfies the security and compliance requirements, first as proof of concepts, second as permanent solutions.
Creating a clear line from requirements through features and user stories in technical teams’ work backlog to platform solutions and documentation, followed by internal controls used for external audits (assessing Energinet’s level of compliance).
Advising on software tools and license effectively supporting executing of legislation, interpretation and specifying requirements. Facilitating external reviews from selected partners regarding to OT platform security architecture.
Introducing and assisting other teams in the OT Platform ART fulfilling the compliance & security measures
Being ambassador to application development teams outside the OT Platform ART fulfilling the compliance & security measures
Ensuring that the desired outcome is achieved: Compliance traceability, risk management and security measures
Work location: Fredericia, Eastern Jutland
Workload per week: 3-4 days onsite
Period: 12 months
Language: Danish and English
– Demonstrate experience within the described areas of responsibility
– Certifications related to the described areas of responsibility
– Executer and “Do-er” that continuously work for better deliveries and cooperation
– Likes to work with complex matters
– Structured approach to tasks and communication
Documentation is done in the clients tools such as
– Azure DevOps tool (EPICs, Features, User stories, planning)
Interested? Please forward your CV
Send your Resume/CV to Lhagelquist@avenida.dk