Asst. Manager - IT&OT Security

Job Description

About Godrej Agrovet Godrej Agrovet Limited (GAVL) is a diversified, Research & Development focused agri-business Company dedicated to improving the productivity of Indian farmers by innovating products and services that sustainably increase crop and livestock yields. GAVL holds leading market positions in the different businesses it operates - Animal Feed, Crop Protection, Oil Palm, Dairy, Poultry and Processed Foods. GAVL has a pan India presence with sales of over a million tons annually of high-quality animal feed and cutting- edge nutrition products for cattle, poultry, aqua feed and specialty feed. Our teams have worked closely with Indian farmers to develop large Oil Palm Plantations which is helping in bridging the demand and supply gap of edible oil in India. In the crop protection segment, the company meets the niche requirement of farmers through innovative agrochemical offerings. GAVL through its subsidiary Astec Life Sciences Limited, is also a business-to-business (B2B) focused bulk manufacturer of fungicides & herbicides. In Dairy and Poultry and Processed Foods, the company operates through its subsidiaries Creamline Dairy Products Limited and Godrej Tyson Foods Limited. Apart from this, GAVL also has a joint venture with the ACI group of Bangladesh for animal feed business in Bangladesh. For more information on the Company, please log on to www.godrejagrovet.com . Designation Location Mumbai Job Purpose We are seeking a highly skilled and experienced IT & OT Infrastructure, Data, and Applications Security Manager to lead the security strategy and implementation for IT & OT (Operational Technology) environments. This role is responsible for ensuring that critical infrastructure, network systems, and applications are secure from cyber threats while ensuring operational continuity in both the IT and OT domains. The position requires a deep understanding of both IT and OT security frameworks, as well as an ability to collaborate with cross-functional teams to safeguard digital assets and operations. Roles & Responsibilities IT & OT Infrastructure Security: Develop, implement, and maintain security policies, procedures, and controls to protect IT & OT infrastructure components, including servers, networks, industrial control systems (ICS), SCADA, and cloud environments. Collaborate with IT teams to ensure secure integration between IT and OT systems, addressing the unique security requirements of each domain. Conduct regular risk assessments, vulnerability scans, and penetration tests to identify and mitigate threats in IT & OT infrastructures. Manage the security of industrial networks, SCADA systems, and IIoT (Industrial Internet of Things) devices to prevent cyber threats and ensure safe operations. Implement and maintain security for cloud services, on-premises data centers, and critical OT assets, ensuring compliance with industry standards. Data Security: Implement data encryption, tokenization, and masking techniques to protect sensitive and proprietary data across systems, databases, and storage devices. Oversee data classification processes and ensure data protection in compliance with legal and regulatory requirements (GDPR, CCPA, HIPAA, etc.). Ensure proper data backup, disaster recovery, and business continuity planning related to data security. Conduct data loss prevention (DLP) assessments and implement preventative controls. Manage access control policies for databases and ensure segregation of duties for sensitive information. Network Security: Develop and maintain robust network security architecture for IT & OT networks, ensuring protection against unauthorized access, data breaches, and cyber-attacks. Monitor and analyze network traffic and logs to detect potential threats, vulnerabilities, and anomalous activities across IT & OT networks. Implement network segmentation to isolate IT and OT environments while ensuring controlled data exchange between systems. Configure and manage firewalls, intrusion detection/prevention systems (IDS/IPS), and secure VPNs to protect networks from external and internal threats. Manage secure communication channels for IT/OT devices and ensure the proper functioning of secure remote access protocols for IT/OT systems. Applications Security: Lead the implementation of secure application development practices for OT applications. Work with development and OT engineering teams to incorporate secure coding practices into OT software systems. Conduct regular security assessments and code reviews for applications, ensuring that vulnerabilities are identified and mitigated. Oversee security testing of OT applications, including SCADA systems, human-machine interfaces (HMIs), and industrial control software, to ensure that security controls are in place. Implement security controls around application access, user authentication, and data integrity for OT applications. Incident Response & Threat Management: Lead and coordinate response efforts to security incidents involving OT systems, ensuring that containment, investigation, and remediation processes are followed efficiently. Develop and maintain incident response plans that address OT-specific risks, ensuring minimal disruption to critical operations. Conduct post-incident analysis to identify root causes, recommend improvements, and apply corrective actions to prevent future occurrences. Collaborate with internal and external teams (e.g., law enforcement, vendors) during security incidents that may impact OT systems. Security Governance and Compliance: Ensure compliance with relevant industry regulations, standards, and frameworks (e.g., NIST, ISO 27001, IEC 62443, NERC CIP) in OT environments. Implement and enforce security governance, risk management, and compliance strategies across OT assets. Perform regular audits and assessments of OT security controls to ensure compliance with security policies and regulatory requirements. Maintain comprehensive security documentation, including risk assessments, incident reports, and security project plans. Security Awareness and Training: Develop and conduct security awareness training programs for OT staff, ensuring that they are educated on security best practices, emerging threats, and organizational policies. Provide ongoing education to the OT team about the importance of cybersecurity in the context of industrial operations and critical infrastructure. Stay current with emerging security trends, threats, and vulnerabilities specific to OT environments and incorporate new knowledge into security practices. Educational Qualification : Bachelor's degree in Computer Science, Information Security, Cybersecurity, Engineering, or a related field (Master’s preferred). Experience Minimum of 5 to 6 years of experience in IT & OT security, Data security, and application security. Extensive experience securing both OT (industrial control systems, SCADA, ICS, IIoT) environments. Proven experience with network segmentation, firewalls, IDS/IPS, VPNs, and application security frameworks. Familiarity with securing operational technology, including understanding of industrial protocols (Modbus, OPC, DNP3, etc.). Hands-on experience with OT vulnerability management, incident response, and threat intelligence processes. Skills Expertise in securing network and infrastructure devices, systems, and industrial control systems (ICS). Deep knowledge of network protocols and security mechanisms (e.g., IP, TCP/IP, VPNs, firewalls). Proficiency in securing cloud environments (AWS, Azure, Google Cloud) as well as on-premises systems. Experience with tools for vulnerability scanning, penetration testing, and risk assessments (e.g., Nessus, Qualys, Burp Suite). Certifications: CISSP, CISM, CISA, or similar certifications are preferred. OT-specific certifications such as Certified SCADA Security Architect (CSSA) or IEC 62443 certification a plus. Network security certifications such as CCSP, AWS Certified Security Specialty, or CCNA Security are beneficial. Application security certifications (e.g., CEH, OWASP) are a bonus. An inclusive Godrej Before you go, there is something important we want to highlight. There is no place for discrimination at Godrej. Diversity is the philosophy of who we are as a company. And has been for over a century. It’s not just in our DNA and nice to do. Being more diverse - especially having our team members reflect the diversity of our businesses and communities - helps us innovate better and grow faster. We hope this resonates with you. We take pride in being an equal opportunities employer. We recognize merit and encourage diversity. We do not tolerate any form of discrimination on the basis of nationality, race, color, religion, caste, gender identity or expression, sexual orientation, disability, age, or marital status and ensure equal opportunities for all our team members. If this sounds like a role for you, apply now! We look forward to meeting you.