The Senior Staff Risk Advisor will be responsible to manage Products and Operational Technology (OT) risks across the Baker Hughes portfolio and industrial sites, in support of strategic programs and while ensuring compliance with both internal and external regulatory and contractual requirements.
The ideal candidate has consolidated experience on Security Risk Management in complex engineering and industrial environments, good knowledge of Secure Development Lifecycle and OT security disciplines, and will contribute to broader Risk & Compliance strategy.Essential Responsibilities:
In this role Sr. Staff OT Risk Advisor, you will:
- Ensure OT and Product cybersecurity risks are managed according to a more formally structured framework, and properly captured, organized, and reported up to relevant Senior Leaders and down to Product and operational teams
- Ensure a unified, holistic view of cybersecurity risks across the entire Product lifecycle, including 3rd party suppliers, Development / Manufacturing cycle, and Commissioning
- Team up with OT and Product security functional leaders to ensure relevant programs reflect the overall Risk management approach and prioritize accordingly
- Liaise with Engineering, Product Management and Supply Chain to identify business and technical risks and ensure proper action plans are implemented
- Ensure OT and Product Risks are identified and effectively communicated with management, senior leaders, and stakeholders, as required to meet objectives.
- Act as subject matter expert and be a primary liaison to functional counterparts for Product and OT risk management activities and processes.
- Develop peer, cross-functional & cross-business relationships to maximize best practice sharing & cyber risk awareness
- Support smooth commercial process by contributing to prompt, thorough and risk-appropriate responses to customers / 3rd party requests
- Understand relevant emerging standards/regulations and contribute to compliance efforts with a risk-based approach
- Bachelor's Degree from an accredited college or university
- Minimum 8 years of experience in Risk & Compliance focusing on Information and/or Operational Technology
- Travel 15% of the time, as required
- Must work out of an office in Houston, TX
- Minimum 10 years of experience in IT / OT Risk & Compliance areas
- Experience assessing security of OT infrastructure, practices and tools
- Proven insight of Industrial Control Systems architectures, components, and associated services, as well as potential attack vectors and mitigations
- Experience in assessing / securing emerging technologies in ICS environments (cloud, IIoT, wireless etc.)
- Very good knowledge of the following: ISO2700x series with associated controls and operational processes, IEC 62443 / ISA 99, NIST CSF, NIST SP 800-82
- Excellent communication skills (both written and verbal) with all levels of an organization and articulated around risk management, with the ability to build credibility, influence and make recommendations to all levels
- Ability to think "outside the box" when developing solutions and creating value
- CRISC, CGEIT, CIA, CISM, CISA or equivalent certifications
- Resourceful and quick learner; able to efficiently seek out, learn, and apply new areas of expertise as needed
- Proven ability to deliver quality documentation and presentations to support risk discussions
This is your opportunity to learn more, do more, live the career you have imagined and be part of a truly diverse organization.
Baker Hughes is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. Learn more