Job Type:

RegularThe Director OT Security is responsible to support our plants and partners in implementing an integrated security, vigilance, and resilience strategy in the face of Cyber threats. This position will support our plants in identifying and understanding their main Cyber risks, their exposures to Cyber threats and to help them define the Cyber strategy.

Investis en toi, JOINS AGROPUR.  On est prêt, lait-tu?

Agropur est à la recherche d'un directeur sécurité OT qui accompagnera nos usines et nos partenaires sur la mise en place d’une stratégie intégrant sécurité, de vigilance et de résistance face aux menaces Cyber. Votre rôle consister à accompagner nos usines dans l'identification et la compréhension de leurs principaux risques Cyber, de leurs expositions aux Cyber menaces et de les aider à définir la stratégie Cyber.

Chez Agropur, on investit en TOI :

• Horaire de Travail Hybride;
• Régime d’assurances collectives flexibles incluant un service de télémédecine;
• Programme d’aide aux employés;
• Possibilité d'investir en toi (développement de carrière, etc.).

En quoi consiste ce rôle :

Planning :

• Planifier l’élaboration et la mise en œuvre d’une feuille de route pour la sécurité des TI, de la communication et d’une initiative de soutien dans une stratégie globale en matière de cybersécurité.
• Collaborer avec le CISO pour assurer la synergie entre les planning respectifs des IT et des OT

Bugdets et priorités :

• Opérer et définir les processus d’attribution budgétaires ainsi que les priorités en fonction des initiatives défini dans le programme de cybersécurité, tout en proposant des amélioration continue autour des processus;
• Collaborer avec le CISO afin de définir les budgets alloués pour l’initative de sécurité OT selon le road map;

Exigences :

• Établir et collecter les exigences des différents éléments en lien avec le guide OT du programme de cybersécurité et de stratégie ainsi que mettre en place des initiatives d’amélioration continue;
• Identifier et approuver les exigences en matière de cybersécurité pour les projets en ingénierie/automatisation afin de s’assurer qu’ils sont alignés sur la stratégie globale.

Communications :

• Gérer la communication formelle avec les usines et les équipes OT concernant la notifications du mandat de la stratégie de cybersécurité et les mises à jour du road map;
• Communiquer les informations appropriés concernant le support aux opérations en de vue de l’adhésion au programme de cybersécurité.

Mesures et rapports : KPI et analyses

• Faire la collecte des indicateurs d’efficacité des progrès de la sécurité OT par rapport aux exigences, aux priorités et aux objectifs fixés;
• Communiquer les indicateurs de performance et de risques de la sécurité OT auprès du CISO et du head office.

 Organisations et responsabilités :

• Établir et développer une structure organisationnelle afin d’attribuer les rôles et responsabilités aux équipes en fonction de leurs capacités à livrer la sécurité OT.
• Définir et développer en permanence les stratégies et les besoins en matière de recrutement et de développement des talents.

Ce qu’il te faut pour joindre notre équipe

• Titulaire d’un bac en ingénierie et d’une formation technologie de l’information en cybersécurité.
• Vous avez 10 ans en technologies de l’information en lien avec le milieu des opérations;
• Vous cumulez 5 à 7 ans d’expérience d'expériences en Cybersécurité, gestion des risques et implémentation de programmes de sécurité des Systèmes de Contrôles Industriels et Technologies Opérationnelles ;
• Vous avez des connaissances approfondies des Distributed Control Systems (DCS), Supervisory Control and Data Acquisitions (SCADA) et Programmable Logic Controller (PLC) et des bonnes pratiques de sécurité associées ;
• Vous maîtrisez les standards NIST ICS Framework ;
• Vous détenez des certifications telles que CISSP, Lead SCADA Security Manager (atout);
• Vous êtes doté(e) de compétences interpersonnelles et avez de l'expérience dans le développement de relations avec les parties prenantes;
• Vous avez accompagné des projets complexes de grande qualité, y compris dans la gestion efficace des programmes, des projets, des finances et des personnes ;
• Rigoureux(se), avec un bon sens relationnel et des capacités rédactionnelles et orales,

#LIAA1

English version below

Invest in you, JOIN AGROPUR. We dairy you!

The Director OT Security is responsible to support our plants and partners in implementing an integrated security, vigilance, and resilience strategy in the face of Cyber threats. This position will support our plants in identifying and understanding their main Cyber risks, their exposures to Cyber threats and to help them define the Cyber strategy.

How Agropur invests in YOU

• Recognition of years of service in calculating vacation time
• Flexible group insurance plan, including telemedicine service
• Employee assistance program
• Opportunity to invest in you (Career Path, Mentoring program, etc.)
• Pension plan including employer contributions

What’s involved in this role ​:

Planning

• Plan the development and implementation of an IT security roadmap, communication, and support initiative within an overall cybersecurity strategy.
• Collaborate with CISO to ensure synergy between respective IT and OT planning.  

Budget and Priorities

• Operate and define budget allocation processes and priorities according to the initiatives defined in the cybersecurity program, while proposing continuous improvement around the processes.
• Collaborate with the CISO to define the budgets allocated for the OT security initiative according to the road map.

Requirements

• Establish and collect requirements for the various elements related to the OT guide of the cybersecurity program and strategy, as well as implement continuous improvement initiatives.
• Identify and approve cybersecurity requirements for engineering/automation projects to ensure they are aligned with overall strategy.

Communications

• Manage formal communication with plants and OT teams regarding cybersecurity strategy mandate notifications and road map updates.
• Communicate appropriate information regarding support to operations for adherence to the cybersecurity program.

Main Duties

• Advise the organization and plants on the best strategy for securing Operational Technologies and ICS assets, based on Cyber threats and risks.
• Maintain a knowledge base on CTI (cyber threat intelligence) in the OT/ICS field, and make organizations aware of new threats and risks, and propose associated protective measures.
• Develop and expand CTI security governance documents and references, including security policies, procedures, standards and guidelines.
• Advise on and implement security controls to mitigate risks to critical systems and resources.
• Propose and implement Cybersecurity controls for ICS/OT and reinforce the security architecture to ensure the resilience of systems, equipment, and networks against Cyber-attacks.
• Develop recommendations and support organizations in the definition of vulnerability management programs for Operational Technologies and Industrial Control Systems, as well as the development of associated detection, reporting and remediation procedures.
• Conduct ICS/OT security audits and gap analyses, communicate the results effectively to the various managerial and technical audiences, and propose effective solutions to mitigate the risks identified.
• Support organizations in achieving and maintaining compliance of ICS/OT environments with current regulations, norms and standards, and develop and strengthen ICS/OT incident detection and response procedures.
• Contribute to the maintenance and expansion of the Cyber Risk department's knowledge base through active monitoring of the latest technologies and standards, as well as current threats and vulnerabilities.

Other Duties and Responsibilities:

• Supervisory Responsibilities
• Responsible for employee relations including work direction of employees, hiring, training, performance reviews, administering policies and procedures, disciplinary action, and compensation recommendations.
• Direct implementation of departmental objectives, goals and policies.
• Carry out supervisory responsibilities in accordance with the organization's policies, procedures and guidelines.
• Understand and adhere to Good Manufacturing Practices.
• Safety Protocol
• Stop any observed unsafe acts and obey facility safety rules and procedures.
• Correct or report any observed safety hazards.
• Support safety policies and programs.

What you need to join our team

• Bachelor's degree in engineering and information technology training in cybersecurity;
• You have 10 years' minimum experience in information technology related to operations;
• You have 5 to 7 years' experience in cybersecurity, risk management and implementation of security programs for Industrial Control Systems and Operational Technologies;
• You have in-depth knowledge of Distributed Control Systems (DCS), Supervisory Control and Data Acquisitions (SCADA) and Programmable Logic Controllers (PLC), and of related security best practices;
• You are familiar with NIST ICS Framework standards;
• You hold certifications such as CISSP, Lead SCADA Security Manager (an asset);
• You have good interpersonal skills and experience in developing relationships with stakeholders;
• You have supported complex, high-quality projects, including effective management of programs, projects, finances and people;
• Rigorous, with good interpersonal, writing and speaking skills,

This list of duties and responsibilities is not all-inclusive and may be expanded to include other duties and responsibilities, as management may deem necessary from time to time.

Agropur welcomes people from all backgrounds and walks of life. We are proud to be an employer with a diverse community and are committed to providing a respectful and inclusive experience for all employees and applicants. We will therefore work with candidates who request accommodation. Please note that an adequate knowledge of French is required for positions in Quebec.