Description
Duration: 6 months
Location: Remote with travel to Wokingham office when required
SC Clearance required
Limited documentation and understanding of the OT infrastructure both within IT and the business.
Expertise on OT architectural design and good practice exists within Security with some knowledge about the individual environment 'as is' through risk assessment effort, resilience readiness is a concern in order to be effective in preparedness for CNI designation:
OT Infrastructure there is a need to develop infrastructure diagrams understand the overall artefacts of the OT solutions across National Grid's Ventures IC Business. Currently there is multiple views of the IC OT
infrastructure and all are at various maturity levels.
There is a need to engage with business stakeholders to ensure we have a detailed view/understanding of the OT landscape ahead of CNI Designation
Strategic Risk assessment work has identified complex infrastructure and concerns with OT infrastructure, particularly its interdependence upon vendor managed and ancillary IT systems which are not managed by NG.
IT infrastructure integration with OT has also been of concern and due to the low visibility of the OT landscape at times challenging when new functionality & capability is required by the IC Business to operate efficiently
CNI designation will require detailed infrastructure (as is) in order to understand the (to be) to ensure CNI compliance
Problem Statement & Drivers:
In order to support CNI designation, understand the as is' and then support the to be' there is a need to document the artefact, features and ancillary services across the OT. This work would need to be support by an OT SME, Solution Architect, IT Security.
Primary Benefits
Reduce person hours required in understanding the OT infrastructure
Supports the OT Vendors, supports future works
Readiness for CNI Designation
Supports Cyber Security NIS R (Ofgem Inspection)
Secondary Benefits
Reduces frustrations in new requests for functionality/capability
Better understanding of the OT Landscape/Infrastructure
Supports Risk mitigations
Good Practise, ease of contract renewals, vendor or product changes
Requirements - SA:
Alignment
Close alignment with OT Security
Close alignment with Enterprise Architecture
Centre of Excellence for OT
Common ways of working
Security of Supply (not just NIS-R but operational resiliency too)
Network & Infrastructure
Role Requirement:
Advanced understanding of OT - lived the life of an OT Engineer
Good understanding of IT concepts and how they relate to OT and where they differ.
Detailed understanding of OT - business priorities & technologies
Cyber Security Standard/Concept OT Systems (Desirable)
Utilities Experience & Knowledge (desirable)
Business Benefits:
Documented OT environments to enable, protect and maintain
Understanding the Risks and Links to Operational Resilience (CNI)
Greater visibility of the landscape ease of changes
Risks mitigation management
Governance
Supports CNI Designation transformation
Single Point of Contact Design Authority
Collaboration of IT & OT Interpreter
Business Expectations:
Support Minor Works in flight for OT
Delivery Plan reporting progress