Cybersecurity Manager

PURPOSE OF THE ROLE

To lead information security, cybersecurity and IT/OT risk management within South Africa scope, ensuring compliance to Group guidelines and frameworks and local cybersecurity standards and regulations.

KEY RESPONSIBILITIES

• Represents the ENGIE Group Cybersecurity team in his/her Country/Region/Business Entity (“scope”) and ensures that the 14 cybersecurity principles are implemented in their scope.
• Implements the Group cybersecurity strategy (IT and OT) within his/her scope, potentially adapting it to specific local regulations & laws; consolidates, reports and follows the related cybersecurity KPIs.
• Sets up a single transversal cybersecurity team for his/her scope, allowing the implementation of the Group cybersecurity strategy, processes, and solutions locally (covering all entities in their scope).
• Defines and manages the budget allocated to cybersecurity at the level of his/her scope.
• Identifies, quantifies, documents, reports the cyber risks in his/her scope, and follows-up the risk remediation or mitigation action plans closely.
• Implements the relevant processes and controls to ensure the integration of cybersecurity within business projects (digital and industrial) and IT projects.
• Establishes a regulatory watch to stay apprised of local cyber regulations and laws and ensures compliance of the local information systems and Industrial Control Systems with these.
• Represents ENGIE towards their clients, partners, suppliers, and local authorities on all cybersecurity-related matters.
• Implements standardized operational cybersecurity processes in his/her scope, including but not limited to security audits & pen testing, vulnerability & patch management, obsolescence management, firewall & remote access management, incident response, disaster recovery planning, cyber crisis management, identity and access management, cloud security management etc. – applying Group standardized processes and procedures when they exist.
• Relays & reports cybersecurity alerts and incidents in a timely manner, and actively contributes to their resolution in close collaboration with the ENGIE Global Security Operations Center (GSOC) and Computer Emergency Response Team (CERT).
• Is the preferred intermediary for all cybersecurity topics for the other support functions in his/her scope (HR, Legal, Data Privacy, Procurement, Finance etc.).
• Ensures cybersecurity is addressed in the supply chain, and in particular ensures that the contracts with suppliers and partners but also with clients contain the relevant cybersecurity and data privacy clauses as well as a Security Assurance Plan clarifying roles and responsibilities between the parties.
• Creates a strong cybersecurity culture at all levels of the organization (employees, managers, industrial workers…), and advises and educates their local CEO and Executive Committee on cybersecurity matters.
• Develop an industrial cybersecurity program for South Africa.
• Ensure industrial assets in South Africa are properly secured
• Perform regular security assessments and audit reviews.
• Maintain ENGIE’s ICS Security Framework compliance.
• Provide support and guidance to all South African assets.
• Build synergies and foster collaboration between South African entities.
• Alignment with OT security standards and regulations – IEC 62443, NIS 2, NERC-CIP, etc.
• Security of SCADA systems, Industrial Control Systems (ICS), Distributed Control Systems (DCS); secure separation of OT and IT.
• Contribute to the cybersecurity awareness and training program specifically for industrial workers/blue collars.
• Participate in IT/OT cybersecurity projects (OT probe, DCS upgrade, 3rd party management, etc.)
• Actively take part in ENGIE cybersecurity community (events, webinars, meetings, workshops, etc.)
• Collaborate with ENGIE Laborelec Cybersecurity team.
• Work in close collaboration with other ENGIE departments/BUs:
• Internal Control
• GSOC
• GBU Renewables
• GBU Flex Gen & Retail
• AMEA HQ

QUALIFICATIONS, EXPERIENCE AND SKILLS

Qualification & Experience

• Bachelor’s degree, preferably in Computer Science, Information Technology or cybersecurity.
• Internationally recognized certification in cybersecurity, e.g., CISSP, CISM, CISA.
• Microsoft Certified Professional (MCP) in server, storage and cloud technologies
• Certified in cybersecurity of AWS cloud infrastructure
• Prior experience of managing industrial cybersecurity
• 5+ years of prior experience of managing cybersecurity of an organization. Prior experience of Industrial Control System (ICS) security.
• Proven expertise in design and implementation of complex IT security solutions.
• Experience in designing, documenting, and implementing IT Security policies, processes, and procedures.
• Experience of working in a matrix organization and in an international, multicultural environment.

Technical Knowledge

• Good knowledge of a wide range of technologies involved in IT security, e.g., firewalls, antivirus, identity and access management tools, directories (LDAP, Active Directory, DNS), databases, networking, port & vulnerability scanners, GRC tools, Public Key Infrastructure, cryptography, intrusion detection/prevention systems, Security Information and Event Management (SIEM) solutions, WAF, PAM, pen testing, SCADA security etc.
• Good knowledge of information security and risk management standards such as ISO-27001, 27002.
• Knowledge of industrial control systems technologies and related security standards, e.g., IEC-62443, NIST etc.
• Familiarity with local and regional cybersecurity standards.
• Solid understanding of information security concepts, e.g., malware, emerging threats, attacks, and vulnerability management).
• Experience in raw log files review, data correlation, and analysis i.e., firewalls logs, network flows, intrusion detection systems, system logs.
• Good understanding of technologies like SIEM, IPS/IDS, WAF, Vulnerability Scanner and Penetration Testing, EDR, Password Vault, IAM, PAM, SCADA Security.

Behavioural Competencies

• Vision and commercial approach
• Cooperation & cross functionality – team working and building relationships
• Results orientation
• Entrepreneurial spirit
• Customer focus
• Developing self and others.
• Innovation and flexible thinking
• Acceptance of diversity
• Effective communication skills. Fluency in verbal and written English.
• Persuading and Influencing
• Awareness of cultural differences and ability to adapt own style accordingly
• Pays attention to detail
• Adherence to health and safety on workplace

Language

• English

Location / travel

• Location: Johannesburg, Republic of South Africa.

GENERAL RESPONSIBILITIES

• Adheres to the Company Policies and Procedures.
• Behaves in a professional and responsible way.
• Lives the values of the Company.