Cybersecurity Operations Technology Specialist
Job Location: Luxembourg
Ferrero is a family-owned company with a truly progressive and global outlook and iconic brands such as Nutella®, Tic Tac®, Ferrero Rocher®, Raffaello®, Kinder Bueno® and Kinder Surprise®. As the love for our brands continues to grow, so too does our global reach. Represented in 55 countries, with products sold in more than 170, the Ferrero Group is loved by generations around the world. The secret to our global success? Nearly 35,000 dedicated employees who celebrate care and quality to craft a business, careers and brands we are proud of. Join us, and you could be one of them.
Ferrero is committed to building a diverse and inclusive culture in which all employees feel welcomed and appreciated and have the same opportunities. We believe all of our people are equally talented in their own way. In nurturing the curiosity and natural abilities of our employees, we provide them, generation after generation, the means to succeed personally and professionally, enabling them to craft their journey at Ferrero. The diversity of our talents is what makes our work environment multicultural, innovative and highly rewarding.
About the Role:
For our HQs in Luxembourg, we are looking for an Operations Technology Specialist who will support the Cybersecurity department.
As Operations Technology Specialist you will report to the Cybersecurity Operations Technology Manager and will be responsible for fostering an appropriate level of Cybersecurity maturity in Ferrero’s OT environments.
Moreover, you will support the development of plans and help coordinate and deliver cybersecurity projects and services aimed to protect Ferrero’s OT environments.
Along with the Cybersecurity Operations Technology Manager, you will support and assure that all Cybersecurity missions, processes and requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of OT environments.
- Implement initiatives, following the pre-defined OT Cybersecurity Roadmap, focusing on increasing the level of protection and resilience of Industrial Environments & Supply Chain;
- Support periodical security reviews, vulnerability assessments and remediation activities of the group OT environments, identifying potential gaps and improvements in the different local OT environments;
- Gather data and metrics from the Operations Technology environment to enable Cybersecurity KPI evaluation and identify improvements;
- Support the definition of baseline and methodologies as well as Cybersecurity requirements to protect OT environments at a central and local level, understanding specific facilities’ needs, integrating also Cybersecurity aspects within projects;
- Support training and awareness material production and its delivery to end users among all OT environments;
- Identify functional requirements specific for OT environments related to principal market products and provide support in the evaluation of new potential vendors, new technological solutions and features, related to Cybersecurity in the OT environment;
- Identify improvement areas or possible developments of implemented Cybersecurity methodologies, processes and technologies, taking into account Regional feedbacks;
- Support in the definition of recommendations to keep up to date the organization’s approach to monitor, identify, analyze, and correct Cybersecurity activities regarding Operations Technology.
Who we are looking for:
- Master’s degree in Information Technology or other related fields;
- 3-5 years of work experience;
- Previous experiences in Manufacturing and/or Food & Beverage Environment are considered a plus;
- Experience in aiding the development and coordination of project implementation plans, to support the efforts to protect OT environments;
- Proven experience in ensuring and supporting correct operation of implemented Cybersecurity technologies and developing necessary adjustments to enhance efficiency and effectiveness according to Cybersecurity’s architecture team;
- Strong knowledge of networking & infrastructure technologies (e.g., routers, L1 & L2 switches, access points, firewalls) and main concepts (e.g., IPs, routing methodologies, ethernet and TCP/IP networking, VPNs and other tunneling), particularly when applied to OT environments (e.g., segmentation of OT network);
- Proven knowledge of principal OT Security Solutions, such as intrusion detection/prevention systems, network monitoring tools, antimalware and endpoint protection systems, remote and privileged access systems, and their contribution and collaboration towards the security of OT environment, in comparison also to IT;
- General knowledge of the possible incidents that are typical to the OT environment, in order to provide assistance in their management in the specific industrial plants;
- Basic knowledge of the:
- definition process for Cybersecurity requirements and the evaluation of products specific for OT environments based on industrial’s needs and context;
- logical access control of OT environment, given the industrial specific need of segregating sensible OT network from the wider IT networks;
- complexity of industrial environments associated with increasing connectivity needs and digitalization of industry & supply chain (e.g., MES);
- main industrial technologies (e.g., ABB, Honeywell, Rockwell and Emerson, etc.) in order to identify functional requirements specific for OT environments;
- Basic understanding of the Purdue Model as standard in the automation world for industrial control systems architecture guidance;
- General knowledge of Security for Industrial Automation and Control System international standards (e.g., ISA/IEC 62443);
- Knowledge of Cybersecurity international standards, law and regulations (e.g., ENISA, NIST, ISO27000);
- Outstanding analytical and conceptual skills and technical background in networking & infrastructure;
- Problem-solving and research-driven attitude when faced with challenges and difficulties;
- Strong communication skills;
- Strong team player;
- Availability to travel 25% of the time;
- A fast learner who rapidly moves up the learning curve;
- Ethical and strong personal values.
IT Skills and Other:
- Excellent command of Microsoft Office;
- Professional Certifications are considered a plus:
- GICSP: Global Industrial Cyber Security Professional
- GRID: GIAC Response and Industrial Defense
- CCNP: Cisco Certified Network Professional
- CCNA: Cisco Certified Network Associate
- SANS GIAC ICS612: ICS Cybersecurity In-Depth
- ISC2 CISSP: Certified Information Systems Security Professional
- ISO/IEC 27001:2013 Auditor/Lead Auditor
- Other equivalent certification.
- Fluency in English is mandatory;
- Any other European language is considered a plus.
How to be successful in the role and at Ferrero:
Consumers, quality and care are at the heart of everything we do. So, to be successful at Ferrero, you’ll need to be just as consumer and product centric as we are - dedicated to crafting brilliant results for consumers around the world.