Wavre, Walloon Region, Belgium
Running a wide range of OT security services: * OT Cybersecurity Governance and compliance: - Owner of the company internal OT security standards, ensuring requirements are aligned with industry best practices (IEC62443, NIST 800-82) and relevant regulation, as well as fit for use with internal business units. - Ensuring approval and adoption of the above standards, running central gap analyses to ensure a consistent adoption. - Embedding security-by-design principles in the organization - Aligning dedicated OT standards with relevant IT departments * OT risk management: - Overseeing and leading the execution of tailored OT risk analyses - Providing visibility of identified risk to senior leaders - Ensuring risk management activities are conducted by asset and risk owners - Designing actionable metrics, such as KPI and KRI to executives * OT Vulnerability management - Providing tools and processes to align the company's security posture with assets' security posture
In the role of a BISO (Business Information Security Officer) for OT Security in GSK Vaccines: *Supporting business unit as OT cyber security specialist *Embedding OT security requirements and controls (commensurate with risk level) at the start of projects/new initiatives. *Carrying out OT security assessments in line with the business strategy and operations. *Partnering early business initiatives in order to understand security implications and to recommend relevant mitigations/controls. *Partnering with the GRC and Security solutions to provide the business partners with a holistic OT security and risk/conformance assessments. *Owner (end to end) for all activities around OT security within the BU, partnering with the BU manufacturing and OT security program team. *Influencing the OT security posture and culture/awareness at BU level *Partnering with central information security and GRC teams to provide input for all new central strategies, architectures and processes
Leading and performing applied research projects around industrial cybersecurity, including european collaborative projects. Penetration testing of (industrial) IoT devices and ICS. Expert analyses and solution assessments on industrial cybersecurity topics. Working with cybersecurity standards (ISO27001, IEC62443)
Involved in the creation of a Security Operations Center for the company, including mutualized SIEM configuration and incident handling. Development of diverse SOC procedures and SIEM architecture as well as customer reports. PKI environment configuration for an EU institution, procedure documentation, modelling, data recovery procedures and scripts, central signing. Penetration testing / vulnerability assessment: Certified Ethical Hacker certification, GIAC certified Incident Handler (GCIH), vulnerability assessement for a banking company.