FM Global is a leading property insurer of the world's largest businesses, providing more than one-third of FORTUNE 1000-size companies with engineering-based risk management and property insurance solutions. FM Global helps clients maintain continuity in their business operations by drawing upon state-of-the-art loss-prevention engineering and research; risk management skills and support services; tailored risk transfer capabilities; and superior financial strength. To do so, we rely on a dynamic, culturally diverse group of employees, working in more than 100 countries, in a variety of challenging roles.
The successful candidate will serve as an industrial control cybersecurity subject matter expert in supprt of FM Approvals' Certification Program for components that make up Industrial Control Systems.
The person in this position will be responsible for planning, conducting and directing testing and assessment of industrial control system components submitted for FM Approval as "cyber hardened components" and compliant with industry accepted security standards for ICSs. He or she will work in FM Global’s Engineering and Research facility in Norwood, MA, with occasional travel to the state of the art facility in West Glocester, RI, USA.
Duties will include, but are not limited to, the development of proposals, preparation of test plans, supervision of tests, project management, documentation of results, preparation of written reports, participation on cybersecurity technical committees and other complex tasks associated with third party certification.
The working environment includes both the office and laboratory. Overnight travel, to consult with customers, attend technical conferences and to conduct and monitor tests at test facilities, is typically less than 20%.
- BS in engineering or computer science plus 7 years of experience working with industrial control systems or
- MS in engineering or computer science plus 4 years of experience working with industrial control systems
- A minimum of 3 years experience in information security.
- CISSP designation is preferred; other relevant industry certifications maybe considered.
- Knowledge of common SSL, hashing, and symmetric encryption, especially in Java and . Net environments.
- Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
- Experience with security engineering, system and network security, authentication and security protocols, cryptography, and application security.
-Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing.
- Detailed knowledge of recognized industrial control cybersecurity risk frameworks (i.e. NIST SP 800-82).
-Detailed knowledge of recognized standards associated with the cybersecurity of industrial control systems (i.e. ISA/IEC 62443) and how to apply them.
The successful candidate should have demonstrated project management skills, superior written and verbal communication skills, and computer proficiency with programs such as Word, Excel and Outlook.
Candidate must have the ability to read, write and speak English proficiently and the ability to understand and follow English instructions.
Candidate must possess outstanding relationship management skills including:
• Demonstrated skill in organizing work, setting priorities and planning