Job Location : Luxembourg
Ferrero is a family-owned company with a truly progressive and global outlook and iconic brands such as Nutella®, Tic Tac®, Ferrero Rocher®, Raffaello®, Kinder Bueno® and Kinder Surprise®.
As the love for our brands continues to grow, so too does our global reach. Represented in 55 countries, with products sold in more than 170, the Ferrero Group is loved by generations around the world.
The secret to our global success? Nearly 35,000 dedicated employees who celebrate care and quality to craft a business, careers and brands we are proud of.
Join us, and you could be one of them.
About the Role :
For our Group's Headquarters in Luxembourg we are looking for a Cybersecurity Industrial & OT who will report managerially to the Head of Cybersecurity.
The incumbent will be responsible for achieving and maintaining an appropriate level of Cybersecurity maturity in Ferrero’s OT environments.
He / She will develop plans, coordinate and deliver strategies and initiatives to support the efforts to protect the Group's OT environments.
He / She will have to ensure that Cybersecurity requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of OT environments, by supporting those missions and business processes.
The Industrial & OT is the point of contact for Cybersecurity activities in industry & supply chain processes and projects and acts as a liaison between Cybersecurity and central and local Operations team (plant managers, maintenance team, engineering team, etc.).
Main Responsibilities :
Perform periodical security assessment reviews of the Group OT environments, identifying potential gaps and improvements in different local OT environments;
Identify and standardize operational guidelines and procedures needed to maintain and strengthen the Cybersecurity level in Industrial and OT environments while defining a methodologies'
baseline to protect OT environments in collaboration with the appropriate stakeholders;
Support training and awareness material production and its delivery to end users among all OT environments;
Define Cybersecurity requirements to include within the OT initiatives at a central and local level in order to integrate Cybersecurity within projects;
Understand the different Cybersecurity requirements of diverse industrial plants, based on a continuous monitoring of maturity levels in each local OT environment;
Identify functional requirements specific for OT environments related to principal market products;
Scouting and evaluation of new potential vendors with new technological solutions and features related to Cybersecurity in Industrial & OT;
Work as a point of reference to local Operation team when applying major changes in order to check the compliance of Cybersecurity'
s policies and governance;
Lead the implementation of methodologies / processes to manage Cybersecurity in Industrial and OT;
Lead the execution of industrial Cybersecurity vulnerability assessments and remediation activities along with providing recommendations across a broad range of security domains;
Assist Cyber Defense & Response in managing Cybersecurity incidents in OT environment, providing OT related knowledge to better understand the impact and causes;
Assist Ferrero Engineering in correctly designing industrial facilities according to the defined Cybersecurity standards and best practices;
Manage the implementation of initiatives focused on increasing the level of protection and resilience of Industrial Environments & Supply Chain;
Gather data and metrics from Industrial & OT to enable Cybersecurity KPI evaluation and identify improvements;
Identify improvement areas or possible developments of implemented Cybersecurity methodologies, processes and technologies while taking into account Regional feedbacks;
Identify and periodically share with management improvements to introduce in order to enhance the level of Cybersecurity in Industrial and OT;
Provide recommendations to keep up to date the organization’s approach to monitor, identify, analyze, and correct Cybersecurity activities regarding Industrial and OT;
Manage activities related to the classification of the different Group's OT assets and perform risk analysis.
Who we are looking for :
Master Degree in Information Technology or other related fields;
At least 5 years of experience in a similar position or in cybersecurity strategy consultancy or cybersecurity system integration;
Team and collaboration orientation;
Problem solving and performance driven;
Effective written / verbal communication skills;
Outstanding analytical and conceptual skills;
Competences in responding to cybersecurity incidents with an impact on OT environments;
Knowledge of :
Industrial environments' complexity associated with increasing connectivity needs and digitalization of industry & supply chain (e.g. MES);
Designing and implementing frameworks aimed to govern the Cybersecurity maturity of OT environment through a security-aware decision-making approach and a continuous Cybersecurity level improvement;
Principal OT Security Solutions (e.g. intrusion detection / prevention systems, network monitoring tools, antimalware and endpoint protection systems, remote and privileged access systems, etc.);
Industrial technologies' principles (e.g. ABB, Honeywell, Rockwell and Emerson, etc.) in order to identify functional requirements specific for OT environments;
Possible incidents that are typical to the OT environment, in order to provide assistance in managing them in the specific industrial plants;
Logical access control of OT environment, given the industrial specific need of segregating sensible OT network from the wider IT networks;
Security for Industrial Automation and Control System international standards (e.g. ISA / IEC 62443);
Cybersecurity international standards, law and regulations (e.g. ENISA, NIST, ISO27000);
Compliance assessments against standards such as PCI, HIPAA, GDPR, SOX, etc.;
Previous experience in :
Developing and coordinating plans, strategies and initiatives to support the efforts to protect OT environments;
Cybersecurity requirements and evaluating products specific for OT environments based on industrial needs and context;
Ensuring and supporting implemented Cybersecurity technology operations while developing necessary adjustments to enhance efficiency and effectiveness according to Cybersecurity’s architecture;
Manufacturing and / or Food & Beverage Environment will be considered a plus;
Enthusiasm and commitment to excellence with a result-oriented approach;
A fast learner who rapidly moves up the learning curve and wants to continue to take over new responsibilities;
Ethical and strong personal values.
IT Skills & Others :
Proficiency in MS Office skills Advanced in Excel;
Professional Certifications such as GICSP (Global Industrial Cyber Security Professional), GRID (GIAC Response and Industrial Defense), GCIP (GIAC Critical Infrastructure Protection), ISC2 CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), ISO / IEC 27001 : 2013 (Auditor / Lead Auditor) will be considered a plus;
Outstanding analytical and conceptual skills.
Language Skills :
Fluency in spoken and written English;
Knowledge of Italian will be considered a plus.
How to be successful in the role and at Ferrero :
Consumers, quality and care are at the heart of everything we do. So, to be successful at Ferrero, you’ll need to be just as consumer and product centric as we are - dedicated to crafting brilliant results for consumers around the world.