Job
- Level
- Experienced
- Job Field
- IT, Security
- Employment Type
- Full Time
- Contract Type
- Permanent employment
- Location
- Hamburg, Essen
- Working Model
- Hybrid, Onsite
Job Summary
In this role, you will safeguard operational technology in a German wind and solar environment, implement security policies, and ensure compliance with regulatory standards and international norms.
Job Technologies
Your role in the team
- The OT Security Officer will play a pivotal role in safeguarding OPEA and Offshore's operational technology (OT) environment across renewable energy assets (onshore/offshore wind and photovoltaic sites).
- This role combines strong governance responsibilities with hands-on security activities to ensure that OT Security controls are effectively implemented and enforced at operational sites in a pragmatic manner.
- The Officer will serve as the NIS Responsible Officer (NRO) contact for the German regulatory authority (BSI & BNetzA) regarding compliance with the NIS Regulations and will oversee alignment with ISO/IEC 27001, IEC 62443, NIST, and the company's OT Information Security Management System (ISMS).
- The position requires strong communication and influencing skills to drive compliance and awareness across technical, operational, and business stakeholders across the value chain of Development, Construction & Operations.
- The role is intended to be German-centric; however, you would occasionally be expected to lead or support in central projects or tasks as part of a broader Governance team.
- The role is subject to either you holding Security Clearance or being eligible and willing to undergo Security Clearance.
- Ensure implementation and enforcement of OT security policies, standards, and controls in all development and construction projects and operational assets.
- Manage and monitor compliance with ISO 27001, IEC 62443, and NIS/CAF Regulations across OT environments.
- Conduct and document periodic compliance reviews, audits, and risk assessments of OT systems.
- Act as the primary liaison with BSI/BNetzA for all OT security-related compliance and reporting.
- Represent the company at German industry meetings and working groups as well as staying ahead of the latest developments and innovation in the field.
- Identify, assess, and manage OT security risks, escalating appropriately to management and risk committees.
- Provide assurance to senior stakeholders on OT security posture and regulatory compliance.
- Develop and track OT security KPIs, metrics, and reports for local entity board members and group leadership.
- Support deployment and verification of OT security controls across wind and solar sites (e.g., access controls, network segmentation, monitoring, patch management).
- Conduct technical compliance checks, penetration testing coordination with Operational sites, and vulnerability assessments within OT environments.
- Provide guidance and oversight on incident response, disaster recovery, and business continuity plans for OT.
- Collaborate with IT/OT engineering and operations teams to ensure security by design in new projects and upgrades.
- Act as a trusted advisor and single point of contact for OT security within the designated region of responsibility.
- Communicate OT security risks, compliance status, and incident findings clearly to both technical and non-technical stakeholders, including local board members.
- Influence and guide site personnel, engineers, and management to implement required controls.
- Promote a culture of security awareness and accountability across operational sites.
- The role will require you to travel and be close to the operational and engineering stakeholders across the German onshore and offshore fleet. This may require you to either hold or obtain specific GWO Offshore certifications.
This text has been machine translated. Show original
Our expectations of you
Education
- A successfully completed degree in computer science/business/ business informatics.
Qualifications
- A significant amount of knowledge in IT & Operational Technologies (OT), including industry standards IEC62443, NIST SP 800-82.
- Strong analytical thinking skills paired with a high focus on results and services round off your profile.
- You have excellent skills in reporting and engaging with top management, influencing and engaging stakeholders at all levels.
- You are a certified ISO27001 Implementer and Auditor.
- You are certified in CISSP and/or GICSSP.
- ITIL or COBIT exposure is advantageous.
Experience
- 5 years' experience in cybersecurity, with at least 3-5 years in OT/ICS security within critical infrastructure, energy, utilities, or industrial environments.
- A strong understanding and experience in working with the KRITIS and IT-Sicherheitskatalog requirements.
- You have at least 3 years experience in Business Continuity Management.
- ICS/OT engineering experience is essential, i.e., a deep understanding and hands-on experience with SCADA, PLCs, and how plant control environments are designed and operated.
- An excellent understanding and experience of priorities between OT and IT.
This text has been machine translated. Show original
Benefits
Work-Life-Integration
- 🏠Home Office
- 🅿️Employee Parking Space
- 🚌Excellent Traffic Connections
- ⏰Flexible Working Hours
- 🍼Day Care for Kids
More net
Health, Fitness & Fun
Food & Drink
Topics that you deal with on the job
Job Locations
This is your employer
RWE AG
RWE AG is an essential part of the European energy system, ensuring security of supply for Europe. With its three operating segments - lignite & nuclear power, European electricity generation from gas, coal, hydropower and biomass, and energy trading - it is one of the leading European energy companies.
Description
- Company Size
- 250+ Employees
- Company Type
- Established Company
- Working Model
- Hybrid, Onsite
- Industry
- Power Sector, Economy
Security Officer - Operational Technology
- Location
- Hamburg, Essen
- Working Model
- Hybrid, Onsite
- Diversity
- Open for all genders
