Ot Cybersecurity Expert

Country/Region: PT
- City: Porto
- Business Platform: Renewable Generation Assets
- We are EDP, a global energy company present in around 29 markets with a particular emphasis on renewable energies. With more than 45 years of experience, we have been consolidating a relevant presence on the world energy scene based on the commitment to be all-green by 2030, leading the energy transition. With more than 13,000 employees around the world, we are committed to using our energy and heart to drive a better tomorrow.
- The mission of this role is to ensure the security, resilience and compliance of RGA's WS&S Operational Technology (OT) environments worldwide. The OT Cybersecurity Expert will design, implement and maintain robust cybersecurity architectures, standards and controls aligned with EDP Group governance and international regulations.
- This role supports RGA's WS&S global OT footprint, driving security compliance with NIS2, NERC-CIP, GridCode Cybersecurity, and other regional frameworks, while enabling safe operations and innovation across the renewable energy portfolio. The professional will also promote a culture of cybersecurity awareness and continuous improvement throughout the organization, coordinating cross-functional initiatives and leading cybersecurity projects to ensure consistent implementation and governance across all regions.

**What you will do**:
**Governance, Policy, and Compliance**:

- Develop, maintain, and communicate OT cybersecurity policies, standards, and procedures aligned with corporate governance and international regulations.
- Lead compliance initiatives with NIS2, NERC-CIP, GridCode Cybersecurity, IEC 62443, and other relevant frameworks.
- Perform regular risk assessments, gap analysis, and audits across the regions, defining mitigation and improvement plans.
- Ensure that cybersecurity governance is embedded in OT operations and projects globally.
- Coordinate regional stakeholders to align compliance roadmaps, ensuring timely delivery of milestones and effective follow-up on action plans.

**Projects and Architecture**:

- Design and validate secure OT network architectures, including segmentation, zoning, secure remote access, and data flow control.
- Define functional and technical requirements for OT cybersecurity systems and oversee implementation according to best practices and EDP standards.
- Manage supplier evaluation, tender processes (RFI/RFP), and contract negotiations for OT cybersecurity solutions and services.
- Collaborate with Engineering, IT, and Operations teams to ensure Security by Design in new assets, systems, and upgrades.
- Plan, coordinate, and monitor OT cybersecurity projects from inception to implementation, managing resources, schedules, and deliverables to ensure quality and alignment with business priorities.

**Cybersecurity Operations and Incident Management**:

- Lead the development and execution of OT-specific incident response plans and coordinate with global SOC and CERT teams.
- Support vulnerability management, intrusion detection, and forensic analysis within OT networks.
- Provide expert troubleshooting and root cause analysis for OT-related cybersecurity incidents.
- Ensure lessons learned and post-incident improvements are incorporated into standards and procedures.
- Coordinate cross-functional response teams during incidents and ensure effective communication and escalation management.

**Training, Awareness, and Continuous Improvement**:

- Promote cybersecurity awareness and capacity building for OT operations and maintenance teams.
- Lead periodic drills, workshops, and tabletop exercises to validate the OT incident response capability.
- Foster innovation by evaluating new technologies such as anomaly detection, zero-trust architectures, and secure cloud integration for OT environments.

**Strategic Initiatives**:

- Contribute to RGA's WS&S Cybersecurity Roadmap, ensuring OT initiatives are aligned with business objectives and regulatory requirements.
- Participate in global and regional working groups on compliance, risk management, and technology standardization.
- Support the rollout of global cybersecurity programs such as IDS and PAM systems, and new compliance-driven initiatives.
- Provide leadership and project governance in multi-region OT security programs, ensuring alignment with the corporate cybersecurity strategy.

**Employment type**: Full-Time

**Work site**: Hybrid

**Work Place**: Porto

**What are we looking for**:

- University degree in Electrical, Electronic, Automation, Energy or Telecommunications Engineering, or another relevant technical field.
- Complementary education in Cybersecurity or Technology Risk Management is a plus.
- Proven experience in Operational Technology (OT) security, with strong understanding of international cybersecurity frameworks and standards, such as:

- IEC 62443 - Industrial Control Systems (ICS) and OT security.
- ISO/IEC 27001 - Information Security Management Sys