Cyber Security Specialist at Enel Green Power

The Role

The Cybersecurity Specialist will be responsible for all areas of expertise which include but are not limited to continuous analyzing and reporting on Data Protection, Cybersecurity, and Compliance topics in the countries of Enel’s presence in Africa.

Key Responsibilities:

• Supporting the Enel Green Power Business in the countries of presence within Africa.
• Supporting the Network Systems Engineers, Computing Systems Engineers, as well as SCADA Systems Engineers in implementing tools, platforms, and infrastructure, in line with the organization’s Cybersecurity Strategy, the Enel Group’s standards, as well as international standards.
• Ensuring that all employees are well-educated on IT security and governance protocols, as well as OT Security for the applicable employees.
• Assessing the IT and OT environments to identify and define cybersecurity requirements and threat prevention.
• Devising annual cybersecurity and risk operational plans; i.e. implementing software upgrades, license management, security patches etc. to enable security measures and controls.
• Implementing and monitoring cybersecurity and risk management processes as per the annual plans defined for Africa.
• Ensuring the installation of software, such as firewalls and data encryption programs to protect sensitive information.
• Performing monthly cybersecurity vulnerability and risk assessments (of network infrastructure, hosts, and applications) and defining compliance adherence reports.
• Analysing security breaches to determine the root cause of the violations and prepare reports that document findings and resolutions.
• Working with the global cybersecurity specialists and consultants in conducting penetration testing to look for vulnerabilities in the system, before they can be exploited.
• Coordination of biannual audits, compilation of reports and sharing them with the relevant internal stakeholders.
• Updating and documenting cybersecurity and governance protocols.
• Collaborate with the Africa Digital Solutions team in designing communication and awareness campaign plans.
• Collaborating with the Communication Departments of the Enel countries in Africa to promote cybersecurity awareness in the organization; i.e. creating communication and relevant training material.
• Ensuring the distribution of formal communication around cyber security.
• Training employees on cybersecurity protocols and IT governance compliance.
• Conducting research on the latest Information Technology (IT) and Operational Technology (OT) cybersecurity trends.
• Conducting research on emerging products, services, protocols, and standards in support of the cybersecurity discipline.
• Documenting and updating cybersecurity standards and guidelines based on best practices and industry standards.
• Learning and keeping abreast of business processes, as well as understanding data flows, criticalities, and dependencies for all Enel’s core business units.
• Recommend cybersecurity enhancements to executive leadership and senior Digital Solutions (IT) team.
• Expand capabilities by obtaining relevant certification and qualifications within and beyond the assigned area of expertise.
• Implementing and managing cybersecurity related tools including, but not limited to, Checkpoint, Fortinet, as well as Nessus, Splunk, ArcSight, etc.
• Leading and managing activities relating to Budget Management, Contract and Stakeholder
• Management, as well as leading Tender processes within his/her area of jurisdiction.

Technical Competencies Required:

• Knowledge of Microsoft Windows Active Directory and networking architectures, both from server and client perspectives.
• Knowledge of Hyper-V, Microsoft OS, Linux OS, and related tools.
• Knowledge of WAN topology and architecture solutions (i.e. MPLS, VPN IPSec, etc.)
• In-depth knowledge of IP protocols and their services at the application layer such as: RIP, RDP, FTP, HTTP, BGP, SSH and Telnet.
• Knowledge of the major IP encapsulated process control protocols: Modbus TCP, Profinet, DNP3, IEC 61850, IEC 60870-5-101/103/104, ICCP etc.
• Knowledge of OPC protocol versions; i.e. OPC UA, OPC DA, OPC XML, etc.
• Knowledge of ISO 2700X series and related standards.
• Knowledge of Industrial Control standards such as NERC CIP V3, IEC 62351, and NIST SP800-82 SP2.
• Knowledge of Cisco, Checkpoint, and Fortinet equipment and related technologies, including Switches, Firewalls, and UTM devices.
• Knowledge of Data Loss Prevention, Data Replication, and Disaster Recovery Systems.
• Broad knowledge relating to ICT infrastructure; in–depth and up-to-date experience in Critical Infrastructure Protection.
• In depth knowledge of the South African National Cybersecurity Policy Framework and its supporting legislation and regulations.
• Broad knowledge of the African countries’ cybersecurity laws, mainly, South Africa, Zambia, Kenya, Ethiopia, and Morocco.
• Knowledge of Namibia, Botswana, Mozambique, Madagascar, Tanzania, Tunisia, Algeria,
• Senegal, Ivory Coast, and Ghana’s cybersecurity laws will be considered an advantage.
• Demonstrated experience in leading Cybersecurity projects, architectures, systems, processes, and audits.
• Knowledge of Project Management methodologies and tools.
• SAP experience will be considered an advantage.

Education & Experience

• Bachelor’s Degree in Computer Science, Information Systems, Informatics, Electrical or Electronic Engineering, or related field.
• Minimum of 5 - 10 years’ experience in a Cybersecurity Specialist role, preferably with an Industrial Control Systems (ICS) or Operational Technology (OT) focus.
• Cisco Certified Network Associate (CCNA) Security, Certified Information System Security Professional (CISSP).
• Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Global Industrial Cyber Security
• Professional (GICSP) certification will be considered an advantage.
• Experience in an organization providing expert cybersecurity support to OT Cybersecurity environments will be considered an advantage.

Please note that this role is in line with EE requirements of Enel Green Power, we reserve the right to make an appointment. This role is not open to agencies at this stage and therefore all applicants will be considered without consideration for third parties.