Cyber Security Architect (IS)(005270)
位于南京的巴斯夫中国数字化中心吸引、培养和发展充满热情的数字化人才,他们将对巴斯夫的数字化未来产生深远的影响。快来加入我们,成为巴斯夫数字化之旅的一部分。
Digital Hub China in Nanjing attracts, grows, and develops passionate people who will meaningfully impact the digital future of BASF. Come join us and be a part of our digitalization journey.
Objectives:
巴斯夫旨在进一步实现生产数字化,因此 IT 和 OT 的融合对于实现这一战略至关重要。
您是我们的首批联系人之一,为我们的利益相关者和内部业务合作伙伴提供整个生产和技术数字化堆栈(包括云环境和虚拟化)的网络安全。
在此角色中,您将充当受信任的顾问,并通过零信任要求启用其 IT/OT 安全功能。
- 与各自的产品所有者一起开发并共同实施强大的安全架构:OT 网络安全架构师的主要目标是为运营技术 (OT) 系统设计和支持实施全面而强大的安全架构。这包括识别漏洞,解释具有全球约束力的安全要求,并使产品所有者能够保护其关键基础设施和资产免受网络威胁。
- 根据现有的技术和流程组合,为产品负责人评估风险并确定缓解措施。这包括进行漏洞评估、威胁建模和风险分析,以识别潜在的弱点。通过为产品负责人提供降低风险的指导和建议,为安全控制和流程的实施做出积极贡献。
- 设计和实施安全控制:负责设计和实施安全控制和措施,以保护 OT 系统免受未经授权的访问、数据泄露和其他网络威胁。这包括建立安全策略、访问控制、加密机制和网络分段,以确保 OT 系统的机密性、完整性和可用性。
- 随时了解行业趋势和最佳实践:对于 OT 网络安全架构师来说,及时了解最新的行业趋势、新兴威胁和 OT 安全最佳实践至关重要。目标是通过采用符合行业标准和合规性要求的新技术、方法和工具,不断改善组织的安全状况。
- 与利益相关者协作:与各种利益相关者(包括 IT 团队、OT 工程师、供应商和管理层)协作,以制定和实施安全计划。这包括提供指导、支持和培训,以确保所有利益相关者都了解他们在维护 OT 系统安全方面的角色和责任。
- 培养安全意识文化:通过促进安全意识培训、定期进行安全评估和提供有关安全实践的指导,努力在组织内培养安全意识文化。目标是创造一种文化,使安全在组织的日常运营中根深蒂固。
As BASF aims to further enable Digitalization for Production, the convergence of IT and OT is mandatory to enable this strategy.
You are one of our first contacts to enable our stakeholders and internal business partners on Cyber Security for the entire stack of Digitalization of Production and Technology including cloud environments and Virtualization.
In this role you act as a trusted advisor and enable their IT/OT security capabilities with zero trust requirements.
- Develop and jointly implement robust security architecture with the respective product owners: The primary objective of an OT Cyber Security Architect is to design and support the implementation a comprehensive and robust security architecture for operational technology (OT) systems. This includes identifying vulnerabilities, explaining the globally binding security requirements, and enabling product owners to protect their critical infrastructure and assets from cyber threats.
- Assess risks and identify mitigations for product owners based on the existing portfolio of technologies and processes. This involves conducting vulnerability assessments, threat modelling, and risk analysis to identify potential weaknesses. Active contribution to the implementation of security controls and processes by supporting product owners with guidance and recommendations for their risk reduction.
- Design and implement security controls: Responsible for designing and implementing security controls and measures to protect OT systems from unauthorized access, data breaches, and other cyber threats. This includes establishing security policies, access controls, encryption mechanisms, and network segmentation to ensure the confidentiality, integrity, and availability of OT systems.
- Stay updated with industry trends and best practices: It is crucial for an OT Cyber Security Architect to stay up to date with the latest industry trends, emerging threats, and best practices in OT security. The objective is to continuously improve the security posture of the organization by incorporating new technologies, methodologies, and tools that align with industry standards and compliance requirements.
- Collaborate with stakeholders: Collaborate with various stakeholders, including IT teams, OT engineers, vendors, and management, to develop and implement security initiatives. This involves providing guidance, support, and training to ensure that all stakeholders are aware of their roles and responsibilities in maintaining the security of OT systems.
- Foster a security-aware culture: Work towards fostering a security-aware culture within the organization by promoting security awareness training, conducting regular security assessments, and providing guidance on secure practices. The objective is to create a culture where security is ingrained in the day-to-day operations of the organization.
主要职责 Main Task:
- 为利益相关者和内部业务合作伙伴提供关于整个生产和技术数字化堆栈的网络安全的指导和指导,确保全面了解安全最佳实践和流程。
- 使从事 OT 数字化的开发人员和项目组能够将安全性集成到其 CI/CD 管道中,确保从一开始就将安全性内置到开发流程中。
- 承担内部业务合作伙伴值得信赖的顾问角色,并通过提供有关安全计划和实践的指导和支持来启用他们的 OT 安全功能。
- 在内部和外部社区中代表公司需求、ISMS 流程和实施程序,确保将安全考虑因素集成到所有项目中。
- 分析差距和机会,并主动提出建议以改善 OT 系统的安全状况,包括进行风险评估和威胁建模以识别漏洞并制定缓解策略。
- 协调和推动项目在纵深防御、安全设计和安全运营方面的实施,确保在项目时间表和预算内实现安全目标。
- 确保符合安全框架和标准,例如 NIST、ISO 27001 和 IEC 62443,并提供有关实施最佳实践和控制的指导。
- 促进与跨职能团队和利益相关者的协作,使安全目标与业务目标保持一致,确保安全计划支持业务目标。
- 及时了解 OT 安全领域的最新趋势、技术和威胁,确保组织及时了解新出现的安全风险和趋势。
- 持续监控和审查 OT 系统的安全态势,确定需要改进的领域并采取适当措施,以确保关键资产和基础设施的持续保护。
- Provide coaching and guidance to stakeholders and internal business partners on Cyber Security for the entire stack of Digitalization of Production and Technology, ensuring a comprehensive understanding of security best practices and processes.
- Enable developers and project groups working on OT digitalization to integrate security into their CI/CD pipelines, ensuring that security is built into the development process from the outset.
- Assume the role of a trusted advisor for internal business partners and enable their OT security capabilities by providing guidance and support on security initiatives and practices.
- Represent corporate requirements, ISMS processes, and implementation procedures in internal and external communities, ensuring that security considerations are integrated into all projects.
- Analyze for gaps and opportunities and proactively initiate proposals to improve the security posture of OT systems, including conducting risk assessments and threat modeling to identify vulnerabilities and develop mitigation strategies.
- Coordinate and drive implementations in projects with regards to defense in depth, security by design, and secure operations, ensuring that security objectives are met within project timelines and budgets.
- Ensure compliance with security frameworks and standards, such as NIST, ISO 27001, and IEC 62443, and provide guidance on implementing best practices and controls.
- Foster collaboration with cross-functional teams and stakeholders to align security objectives with business goals, ensuring that security initiatives support business objectives.
- Stay up-to-date with the latest trends, technologies, and threats in the field of OT security, ensuring that the organization remains current with emerging security risks and trends.
- Continuously monitor and review the security posture of OT systems, identifying areas for improvement and taking appropriate action to ensure the continued protection of critical assets and infrastructure.
Job Requirement:
- 计算机科学、信息学、商业信息学、工程学或类似领域的学士学位。
- 在网络安全、制造和生产数字化以及风险管理领域至少有 5 年的经验。
- 对 ISA99/IEC62443 OT 安全网络级模型有深入的了解和经验。
- 在为生产和技术环境设计和实施安全的数字化解决方案方面有着良好的记录。
- 对 DevSecOps 实践有广泛的了解,并能够有效地将安全性集成到开发和运营流程中。
- 熟练与主要云服务提供商合作,熟悉他们的安全解决方案和方法。
- 快速适应新工具、技术和方法,全面了解各种平台和安全工具。
- 在全球 OT 和 IT 网络安全社区中拥有良好的人脉,以值得信赖的贡献者并遵守查塔姆研究所的规则和红绿灯协议而闻名。
- 强大的谈判和演讲技巧,能够代表利益相关者有效地倡导信息安全管理系统(ISMS)的改进。
- 在立法层面对网络安全有广泛的了解,并有能力分析地缘政治影响对网络安全的影响。
- 重视信任而不是绩效,优先考虑在信息安全领域建立可信赖的关系和社区。
- 出色的书面和口头沟通技巧,能够有效地将复杂的安全概念和策略传达给不同的受众。
- 流利的英语和普通话
- Bachelor’s degree in computer science, informatics, business informatics, engineering or in a comparable field.
- Minimum 5 years of experience in the domain of Cyber Security, Digitization in Manufacturing and Production and Risk Management.
- In-depth understanding and experience with the ISA99/IEC62443 Network Level Model for OT security.
- Proven track record of designing and implementing secure digitalization solutions for production and technology environments.
- Extensive knowledge of DevSecOps practices and the ability to integrate security into development and operations processes effectively.
- Proficiency in working with major Cloud Service Providers and familiarity with their security solutions and methodologies.
- Quick adaptability to new tools, technologies, and methods, with comprehensive knowledge of various platforms and security tools.
- Well-connected within the global OT and IT cybersecurity community, known for being a trusted contributor and adhering to the rules of Chatham House and the traffic light protocol.
- Strong negotiation and presentation skills, enabling the ability to effectively advocate for improvements to the Information Security Management System (ISMS) on behalf of stakeholders.
- Extensive knowledge of cybersecurity on a legislative level and the capability to analyze the impact of geopolitical influences on cybersecurity.
- Value trust over performance, prioritizing the establishment of trusted relationships and communities within the field of information security.
- Excellent communication skills, both written and verbal, to effectively convey complex security concepts and strategies to diverse audiences.
- Fluent English and Mandarin
巴斯夫中国数字化中心于2020年在南京成立。作为全球数字中心的重要部分,中国中心正在迅速发展中,未来将会有更多岗位开放。巴斯夫专注于数字化和创新的IT解决方案,以增强巴斯夫在中国的IT化和专业化,为巴斯夫带来了一支全方位的数字化人才团队,在中国独特的数字化环境中创造解决方案。中心还为湛江一体化基地等大型项目的智能制造做出贡献。
在巴斯夫,我们为可持续发展的未来,创造化学新作用。我们将经济成功与环境保护相结合。我们肩负社会责任。巴斯夫集团超过110,000名员工为巴斯夫的成功做出了贡献。我们的客户遍布世界上几乎所有行业和几乎每个国家。我们的产品组合分为六个部分:化学品,材料,工业解决方案,表面活性剂,营养与护理以及农业解决方案。巴斯夫2020 年销售额为 590 亿欧元。更多信息请见 www.basf.com。
Digital Hub China was founded in 2020 in Nanjing. As part of the Global Digital Hub Verbund, the hub is rapidly growing with a target of a three-digit number of employees in coming years. Focused on digitalization and innovative IT solutions to enhance BASF’s IT portfolio and expertise in China, it brings an all-around capable team of digital talents to create solutions in the context of China’s unique digital landscape to BASF. It also contributes to the smart manufacturing endeavors for the new mega project in Zhanjiang.
At BASF, we create chemistry for a sustainable future. We combine economic success with environmental protection and social responsibility. More than 110,000 employees in the BASF Group contribute to the success of our customers in nearly all sectors and almost every country in the world. Our portfolio is organized into six segments: Chemicals, Materials, Industrial Solutions, Surface Technologies, Nutrition & Care and Agricultural Solutions. BASF generated sales of €59 billion in 2020. Further information at www.basf.com.
BASF Asia-Pacific Service Center is based in Malaysia, we may reach you via Malaysia phone number.
请时刻警惕任何可能的招聘欺诈行为!请注意,巴斯夫绝不会在任何情况下向候选人以任何形式收取任何费用。
Digital Hub China in Nanjing attracts, grows, and develops passionate people who will meaningfully impact the digital future of BASF. Come join us and be a part of our digitalization journey.
Objectives:
巴斯夫旨在进一步实现生产数字化,因此 IT 和 OT 的融合对于实现这一战略至关重要。
您是我们的首批联系人之一,为我们的利益相关者和内部业务合作伙伴提供整个生产和技术数字化堆栈(包括云环境和虚拟化)的网络安全。
在此角色中,您将充当受信任的顾问,并通过零信任要求启用其 IT/OT 安全功能。
- 与各自的产品所有者一起开发并共同实施强大的安全架构:OT 网络安全架构师的主要目标是为运营技术 (OT) 系统设计和支持实施全面而强大的安全架构。这包括识别漏洞,解释具有全球约束力的安全要求,并使产品所有者能够保护其关键基础设施和资产免受网络威胁。
- 根据现有的技术和流程组合,为产品负责人评估风险并确定缓解措施。这包括进行漏洞评估、威胁建模和风险分析,以识别潜在的弱点。通过为产品负责人提供降低风险的指导和建议,为安全控制和流程的实施做出积极贡献。
- 设计和实施安全控制:负责设计和实施安全控制和措施,以保护 OT 系统免受未经授权的访问、数据泄露和其他网络威胁。这包括建立安全策略、访问控制、加密机制和网络分段,以确保 OT 系统的机密性、完整性和可用性。
- 随时了解行业趋势和最佳实践:对于 OT 网络安全架构师来说,及时了解最新的行业趋势、新兴威胁和 OT 安全最佳实践至关重要。目标是通过采用符合行业标准和合规性要求的新技术、方法和工具,不断改善组织的安全状况。
- 与利益相关者协作:与各种利益相关者(包括 IT 团队、OT 工程师、供应商和管理层)协作,以制定和实施安全计划。这包括提供指导、支持和培训,以确保所有利益相关者都了解他们在维护 OT 系统安全方面的角色和责任。
- 培养安全意识文化:通过促进安全意识培训、定期进行安全评估和提供有关安全实践的指导,努力在组织内培养安全意识文化。目标是创造一种文化,使安全在组织的日常运营中根深蒂固。
As BASF aims to further enable Digitalization for Production, the convergence of IT and OT is mandatory to enable this strategy.
You are one of our first contacts to enable our stakeholders and internal business partners on Cyber Security for the entire stack of Digitalization of Production and Technology including cloud environments and Virtualization.
In this role you act as a trusted advisor and enable their IT/OT security capabilities with zero trust requirements.
- Develop and jointly implement robust security architecture with the respective product owners: The primary objective of an OT Cyber Security Architect is to design and support the implementation a comprehensive and robust security architecture for operational technology (OT) systems. This includes identifying vulnerabilities, explaining the globally binding security requirements, and enabling product owners to protect their critical infrastructure and assets from cyber threats.
- Assess risks and identify mitigations for product owners based on the existing portfolio of technologies and processes. This involves conducting vulnerability assessments, threat modelling, and risk analysis to identify potential weaknesses. Active contribution to the implementation of security controls and processes by supporting product owners with guidance and recommendations for their risk reduction.
- Design and implement security controls: Responsible for designing and implementing security controls and measures to protect OT systems from unauthorized access, data breaches, and other cyber threats. This includes establishing security policies, access controls, encryption mechanisms, and network segmentation to ensure the confidentiality, integrity, and availability of OT systems.
- Stay updated with industry trends and best practices: It is crucial for an OT Cyber Security Architect to stay up to date with the latest industry trends, emerging threats, and best practices in OT security. The objective is to continuously improve the security posture of the organization by incorporating new technologies, methodologies, and tools that align with industry standards and compliance requirements.
- Collaborate with stakeholders: Collaborate with various stakeholders, including IT teams, OT engineers, vendors, and management, to develop and implement security initiatives. This involves providing guidance, support, and training to ensure that all stakeholders are aware of their roles and responsibilities in maintaining the security of OT systems.
- Foster a security-aware culture: Work towards fostering a security-aware culture within the organization by promoting security awareness training, conducting regular security assessments, and providing guidance on secure practices. The objective is to create a culture where security is ingrained in the day-to-day operations of the organization.
主要职责 Main Task:
- 为利益相关者和内部业务合作伙伴提供关于整个生产和技术数字化堆栈的网络安全的指导和指导,确保全面了解安全最佳实践和流程。
- 使从事 OT 数字化的开发人员和项目组能够将安全性集成到其 CI/CD 管道中,确保从一开始就将安全性内置到开发流程中。
- 承担内部业务合作伙伴值得信赖的顾问角色,并通过提供有关安全计划和实践的指导和支持来启用他们的 OT 安全功能。
- 在内部和外部社区中代表公司需求、ISMS 流程和实施程序,确保将安全考虑因素集成到所有项目中。
- 分析差距和机会,并主动提出建议以改善 OT 系统的安全状况,包括进行风险评估和威胁建模以识别漏洞并制定缓解策略。
- 协调和推动项目在纵深防御、安全设计和安全运营方面的实施,确保在项目时间表和预算内实现安全目标。
- 确保符合安全框架和标准,例如 NIST、ISO 27001 和 IEC 62443,并提供有关实施最佳实践和控制的指导。
- 促进与跨职能团队和利益相关者的协作,使安全目标与业务目标保持一致,确保安全计划支持业务目标。
- 及时了解 OT 安全领域的最新趋势、技术和威胁,确保组织及时了解新出现的安全风险和趋势。
- 持续监控和审查 OT 系统的安全态势,确定需要改进的领域并采取适当措施,以确保关键资产和基础设施的持续保护。
- Provide coaching and guidance to stakeholders and internal business partners on Cyber Security for the entire stack of Digitalization of Production and Technology, ensuring a comprehensive understanding of security best practices and processes.
- Enable developers and project groups working on OT digitalization to integrate security into their CI/CD pipelines, ensuring that security is built into the development process from the outset.
- Assume the role of a trusted advisor for internal business partners and enable their OT security capabilities by providing guidance and support on security initiatives and practices.
- Represent corporate requirements, ISMS processes, and implementation procedures in internal and external communities, ensuring that security considerations are integrated into all projects.
- Analyze for gaps and opportunities and proactively initiate proposals to improve the security posture of OT systems, including conducting risk assessments and threat modeling to identify vulnerabilities and develop mitigation strategies.
- Coordinate and drive implementations in projects with regards to defense in depth, security by design, and secure operations, ensuring that security objectives are met within project timelines and budgets.
- Ensure compliance with security frameworks and standards, such as NIST, ISO 27001, and IEC 62443, and provide guidance on implementing best practices and controls.
- Foster collaboration with cross-functional teams and stakeholders to align security objectives with business goals, ensuring that security initiatives support business objectives.
- Stay up-to-date with the latest trends, technologies, and threats in the field of OT security, ensuring that the organization remains current with emerging security risks and trends.
- Continuously monitor and review the security posture of OT systems, identifying areas for improvement and taking appropriate action to ensure the continued protection of critical assets and infrastructure.
Job Requirement:
- 计算机科学、信息学、商业信息学、工程学或类似领域的学士学位。
- 在网络安全、制造和生产数字化以及风险管理领域至少有 5 年的经验。
- 对 ISA99/IEC62443 OT 安全网络级模型有深入的了解和经验。
- 在为生产和技术环境设计和实施安全的数字化解决方案方面有着良好的记录。
- 对 DevSecOps 实践有广泛的了解,并能够有效地将安全性集成到开发和运营流程中。
- 熟练与主要云服务提供商合作,熟悉他们的安全解决方案和方法。
- 快速适应新工具、技术和方法,全面了解各种平台和安全工具。
- 在全球 OT 和 IT 网络安全社区中拥有良好的人脉,以值得信赖的贡献者并遵守查塔姆研究所的规则和红绿灯协议而闻名。
- 强大的谈判和演讲技巧,能够代表利益相关者有效地倡导信息安全管理系统(ISMS)的改进。
- 在立法层面对网络安全有广泛的了解,并有能力分析地缘政治影响对网络安全的影响。
- 重视信任而不是绩效,优先考虑在信息安全领域建立可信赖的关系和社区。
- 出色的书面和口头沟通技巧,能够有效地将复杂的安全概念和策略传达给不同的受众。
- 流利的英语和普通话
- Bachelor’s degree in computer science, informatics, business informatics, engineering or in a comparable field.
- Minimum 5 years of experience in the domain of Cyber Security, Digitization in Manufacturing and Production and Risk Management.
- In-depth understanding and experience with the ISA99/IEC62443 Network Level Model for OT security.
- Proven track record of designing and implementing secure digitalization solutions for production and technology environments.
- Extensive knowledge of DevSecOps practices and the ability to integrate security into development and operations processes effectively.
- Proficiency in working with major Cloud Service Providers and familiarity with their security solutions and methodologies.
- Quick adaptability to new tools, technologies, and methods, with comprehensive knowledge of various platforms and security tools.
- Well-connected within the global OT and IT cybersecurity community, known for being a trusted contributor and adhering to the rules of Chatham House and the traffic light protocol.
- Strong negotiation and presentation skills, enabling the ability to effectively advocate for improvements to the Information Security Management System (ISMS) on behalf of stakeholders.
- Extensive knowledge of cybersecurity on a legislative level and the capability to analyze the impact of geopolitical influences on cybersecurity.
- Value trust over performance, prioritizing the establishment of trusted relationships and communities within the field of information security.
- Excellent communication skills, both written and verbal, to effectively convey complex security concepts and strategies to diverse audiences.
- Fluent English and Mandarin
巴斯夫中国数字化中心于2020年在南京成立。作为全球数字中心的重要部分,中国中心正在迅速发展中,未来将会有更多岗位开放。巴斯夫专注于数字化和创新的IT解决方案,以增强巴斯夫在中国的IT化和专业化,为巴斯夫带来了一支全方位的数字化人才团队,在中国独特的数字化环境中创造解决方案。中心还为湛江一体化基地等大型项目的智能制造做出贡献。
在巴斯夫,我们为可持续发展的未来,创造化学新作用。我们将经济成功与环境保护相结合。我们肩负社会责任。巴斯夫集团超过110,000名员工为巴斯夫的成功做出了贡献。我们的客户遍布世界上几乎所有行业和几乎每个国家。我们的产品组合分为六个部分:化学品,材料,工业解决方案,表面活性剂,营养与护理以及农业解决方案。巴斯夫2020 年销售额为 590 亿欧元。更多信息请见 www.basf.com。
Digital Hub China was founded in 2020 in Nanjing. As part of the Global Digital Hub Verbund, the hub is rapidly growing with a target of a three-digit number of employees in coming years. Focused on digitalization and innovative IT solutions to enhance BASF’s IT portfolio and expertise in China, it brings an all-around capable team of digital talents to create solutions in the context of China’s unique digital landscape to BASF. It also contributes to the smart manufacturing endeavors for the new mega project in Zhanjiang.
At BASF, we create chemistry for a sustainable future. We combine economic success with environmental protection and social responsibility. More than 110,000 employees in the BASF Group contribute to the success of our customers in nearly all sectors and almost every country in the world. Our portfolio is organized into six segments: Chemicals, Materials, Industrial Solutions, Surface Technologies, Nutrition & Care and Agricultural Solutions. BASF generated sales of €59 billion in 2020. Further information at www.basf.com.
BASF Asia-Pacific Service Center is based in Malaysia, we may reach you via Malaysia phone number.
请时刻警惕任何可能的招聘欺诈行为!请注意,巴斯夫绝不会在任何情况下向候选人以任何形式收取任何费用。
A unique total offer: you@BASF
At BASF you get more than just compensation. Our total offer includes a wide range of elements you need to be your best in every stage of your life. That’s what we call you@BASF. Click here to learn more.
A unique total offer: you@BASF
At BASF you get more than just compensation. Our total offer includes a wide range of elements you need to be your best in every stage of your life. That’s what we call you@BASF. Click here to learn more.
Working at BASF: We connect to create chemistry
We are proud of strong history of innovation, which has helped make us who we are today – the world's leading chemical company. Every day, our global team of over 120,000 individuals work together to turn visions for sustainable solutions into reality by connecting with one another and sharing our knowledge.
The right people are crucial for our sustainable success. We aim to form the best team by bringing together people with unique backgrounds, experiences and points of view. Our differences make us stronger and more vibrant. And an open, creative and supportive work environment inspires us to achieve exceptional results.
About BASF
Find out what BASF has to offer as an employer and why you should join our team.
Your application
Here you find anything you need to know about your application and the application process.
Contact us
You have questions about your application or on how to apply in Europe? The BASF Talent Acquisition Europe team is glad to assist you.
Please note that we do not return paper applications including folders. Please submit copies only and no original documents.
NANJING,CN,210000
BASF Asia Pacific
Digitalization
Experienced
240301
ATS_TALEO_APAC