Wind Services Security Lead

Overview

Lead cyber security for wind services, overseeing assessments, access, and incident response.

Key Responsibilities

• patch management
• cyber architecture
• incident response
• access review
• vulnerability tracking
• security assessments

Tasks

-Review and manage patches and updates to the Generator Operator Control Room systems, ensuring systems are up-to-date with OS updates, antivirus updates, and Active Directory updates. -Ensure the Services area follows applicable GE Vernova and Wind Cyber Security policies, standards, and procedures -Define cyber assets and architecture for the Generator Operator Control Room environment with the Digital Technology team; own/manage architecture diagrams for the environment. -Serve as the PSIRT point-of-contact, coordinating security incident response efforts for the in scope environment. -Manage, including approvals, the access review process for logical access to the ROC, jump hosts, and applicable customer sites. -Document and manage recovery plans in collaboration with the Digital Technology team to ensure robust incident management and system recovery procedures. -Be the Services liaison with customers who have cyber security questions for the Generator Operator Control Room environment. -Support and conduct background checks for employees requiring access to the ROC and applicable customer sites, including sharing relevant information with customers as needed. -Coordinate and ensure physical access requirements for Services’ operations at customer sites. -Define and maintain physical access processes for the Generator Operator Control Room, applicable data centers. -Take lead on reviewing applicable cyber and/or compliance regulations that may be applicable to the environment. -Review and approve changes to the environment, including servers and network devices. -Maintain an accurate and up-to-date asset inventory of the Generator Operator Control Room environment. -Track and assess vulnerabilities for Generator Operator Control Room systems, working proactively to mitigate risks. -Track and manage cybersecurity training for Services personnel. -Support and participate in security reviews of Generator Operator Control Room systems to ensure compliance with security policies and standards. -Drive/support yearly security assessments for applicable environments (e.g., Generator Operator Control Room)

Requirements

• sast
• dast
• nist csf
• iec 61850
• cissp
• bachelor’s degree

What You Bring

-Demonstrated ability to lead, document, plan, market, and execute security assessments. Established project management skills. -Wind services knowledge. -Familiarity with functional safety standards (e.g., IEC 61508) as they intersect with cybersecurity. -Strong oral and written communication skills. Demonstrated ability to analyze and resolve problems. -Bachelor’s Degree from an accredited university in Engineering, Computer Science, Cybersecurity, Information Technology, or related field. Alternative acceptable experience will be considered on a case-by-case basis. -Experience using cyber security vulnerability tools (e.g., Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), or other weakness / vulnerability scanning tools). -Demonstrated knowledge of logging best practices and understanding of network cyber security practices. -Wind Turbine product and/or cyber security knowledge. -Strong understanding of industrial communication protocols used in power generation, wind farms, SCADA systems, and other industrial environments (e.g., Modbus, DNP3, OPC [DA, AE, UA], IEC 61850). -Demonstrable in-depth knowledge and practical experience with applicable energy regulations including but not limited to NERC-CIP, NIS2, and/or SOCI. -Strong knowledge of cyber security best practices and frameworks (e.g., NIST CSF, OWASP top 10). -Master's degree in a relevant field. -Minimum 8 years of experience in cybersecurity with at least 3 years focused on industrial control systems (ICS), operational technology (OT), or product security. -Ability to work independently and collaboratively as necessary with a cross-functional team. -Demonstrated knowledge and understanding cybersecurity solutions (e.g., Firewalls, antivirus, security incident and event management systems, intrusion detection systems, intrusion prevention systems), including experience providing installation/configuration recommendations. -Cyber security certification (ex. GICSP, CEH, CCNA, CISSP). -Working knowledge of electrical power industry technology, preferably Renewables or Wind.

People Also Searched For

Benefits

-The Company pays a geographic differential of 110%, 120% or 130% of salary in certain areas.

About Ge Vernova

-Traces roots back to Edison and Alstom, merging power, renewable, digital & financial wings. -Headquartered in Cambridge, MA, crafts large-scale gas turbines, SMRs, wind turbines, hydro and grid tech to fuel economies. -On the nuclear front, advancing small modular reactors (like BWRX‑300) in partnership with utilities and supporting semiconductor projects. -Wind prowess spans onshore, offshore and blade making—with key sites like Dogger Bank offshore and blade plants in Spain. -Electrification arm tackles grid stability: HVDC, transformers, storage, conversion, plus GridOS software powering smarter infrastructure. -Weaves finance and consulting through energy-infrastructure investments, funding solar farms to pipelines via GE Energy Financial Services.

Sector Specialisms

Security Clearance

-support and conduct background checks for employees needing roc or customer site access.