OT Security Specialist

Purpose/Objective

The OT Cybersecurity Executive will be responsible for supporting and implementing cybersecurity measures to safeguard the organization's Operational Technology (OT) environments. This includes ensuring the security of industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, and other OT assets that manage critical infrastructure. The role will focus on identifying vulnerabilities, responding to incidents, implementing best practices, and ensuring the security of OT systems against evolving cyber threats.

Key Responsibilities of Role

OT Cybersecurity Executive Operational Technology (OT) Security: Implement and maintain cybersecurity measures to protect OT systems, including industrial control systems (ICS) and SCADA networks. Perform regular vulnerability assessments and penetration testing on OT systems to identify security weaknesses and recommend improvements. Monitor OT networks and systems for signs of security breaches or anomalies, ensuring timely identification and mitigation of threats. Collaborate with OT engineering teams to ensure secure integration of OT systems with IT infrastructure while preserving operational continuity. Incident Response and Management: Respond to OT cybersecurity incidents, coordinating efforts to mitigate, resolve, and document security breaches or disruptions in OT systems. Investigate and perform root-cause analysis for OT-related cybersecurity incidents, ensuring quick recovery and restoration of services. Develop and implement incident response protocols specifically tailored to OT environments, including communication plans, reporting mechanisms, and escalation procedures. Collaboration with IT and OT Teams: Work closely with IT cybersecurity teams to ensure coordination between IT and OT environments and mitigate the risk of cross-domain security breaches. Collaborate with OT engineers, operations teams, and vendors to implement security controls that do not interfere with the operation of critical systems. Promote awareness of cybersecurity best practices and provide guidance on securing OT systems. Vulnerability Management: Monitor and assess the security vulnerabilities of OT systems and coordinate patching, remediation, and mitigation efforts in line with operational needs. Conduct risk-based prioritization of vulnerabilities within OT systems, considering the potential impact on operational continuity and safety. Security Monitoring and Threat Intelligence: Continuously monitor OT systems and networks for any unusual activities, security breaches, or threats using appropriate tools and techniques. Leverage threat intelligence platforms to stay informed about the latest cyber threats targeting OT environments and recommend proactive defense measures. Perform regular updates to OT security monitoring systems and tools to detect emerging threats. Key Stakeholders - Internal OT Cybersecurity Manager / Head of Cybersecurity IT and Network Operations Teams Engineering & Development Teams Human Resources (HR) Key Stakeholders - External OT equipment and software vendors Third-party cybersecurity service providers

Technical Competencies

Cybersecurity Governance & Compliance-CYS,Cybersecurity Program & Strategy Management-CYS,Data Protection & Data Loss Prevention-CYS,Identity & Access Management-CYS,Network Security & Perimeter Defense-CYS,Operational Technology & Industrial Control System Security-CYS,Research and Innovation-CYS,Security Assessment and Testing-CYS,Security Engineering & Architecture-CYS

Qualifications and Experience

Educational Qualification: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Advanced degree (e.g., Master's, MBA) in Cybersecurity, Information Assurance, or a relevant discipline is highly desirable. Certification: Relevant certifications such Global Industrial Cyber Security Practical experience with securing industrial control systems (ICS), SCADA systems, and other OT assets and with OT cybersecurity standards and frameworks (e.g., NIST, IEC 62443, NERC CIP). Knowledge of OT network protocols and systems, including Modbus, DNP3, OPC, and others commonly used in industrial environments and with security tools and technologies used in OT environments (e.g., intrusion detection systems, firewalls, SIEM). Work Experience (Range of years): 3+ years of overall experience , with at least 1 year focused on OT or industrial control systems security.