Senior Manager Industrial Control Systems (ICS) Security

Position: Senior Manager Industrial Control Systems (ICS) Security

The role:

As Lead ICS Security, the individual is responsible to ensure cyber security, its management system and technical security operations for Industrial Control Systems (ICS) and similar Operational Technologies (OT). You will be responsible to keep these maintained according to legal and regulatory requirements as well as in alignment with the leading/ best practices and ensure high performance, high availability, and reliability. In this role, you will lead and manage security projects related to ICS/SCADA/ OT/ IoT systems, while also overseeing day-to-day security operations to ensure the continuous protection of BIALs critical infrastructure.

The individual will be working in close coordination with the BIAL ICT leadership, and BIALs vendors who provide Security Services/Products for Operational Technologies to facilitate information security and to assist in providing compliant systems/services related aspects of BIAL ICS/OT/ IoT landscape. The individual should have excellent communication skills and must display visible energy and passion for the role and willingness and experience level that will ensure success for the broader BIAL ICT organization.

Role & responsibilities:

Security Governance & Leadership in ICS/OT domain

• Develop and implement a comprehensive security strategy for BIALs ICS/SCADA environment, aligned with industry best practices and regulatory requirements (e.g., IEC 62443, NIST SP 800-82, SANS, etc.).
• Ensure compliance with relevant legal and regulatory requirements.
• Ensures the confidentiality, integrity, safety, reliability and availability of ICS/OT systems and related data.
• Define and communicate expectations and procedures for security audit of BIAL ICS/OT landscape.
• Schedule periodic security audits of BIAL ICS/OT landscape
• Collaborate with OT (E&M) and IT stakeholders to develop and recommend the OT/ICS security architecture and its optimum integration (if needed) with ICT networks, ensuring a holistic approach to security at BIAL.
• Develop and maintain documentation of security policies, procedures, and incident response plans related to ICS/SCADA.
• Review and approve changes in the BIAL ICS/OT security policies, procedures, and security architecture for BIAL ICS/OT landscape.
• Ensure that security technologies that are protecting ICS/OT assets are managed as per BIAL requirements.
• Advise ICT Governance, Risk & Compliance team on how to propagate awareness of BIAL ICS/OT security procedures to BIAL employees and relevant stakeholders.
• Train and coach junior staff in BIAL ICS/OT security policies and procedures.
• Maintain knowledge of the functionality and technology of:
• BIAL ICS/OT technologies
• General view of the current state of security threats across the ICS/OT environment

Security Operations & Monitoring

• Oversee day-to-day security operations, including monitoring security alerts, incident detection and response, and log analysis.
• Operate securely by communicating, and enforcing ICS/OT security strategy, policies, and standards.
• Ensure that all security breaches are monitored, and remedial action are taken to prevent reoccurrence of such events in BIAL ICS/OT landscape.
• Ownership of the information security risk management process in BIAL based on OT Security Framework.
• Analyze traditional ICS (PLCs and controllers) and modern OT security implementations (segmentation, data aggregation, and OT IDS) and develop understanding of how these devices communicate.
• Review and approve changes in systems design and integration, and network architecture.
• Report on security posture and risk assessments to senior management.

New Projects & Continuous Improvement in BIAL ICS/OT Landscape

• Interact with related disciplines through committees to ensure the consistent application of policies and standards across all ICS/OT projects, systems, and services.
• Lead and manage security projects for ICS/SCADA systems, including vulnerability assessments, penetration testing, and security architecture design.
• Be up to date with changes in regulatory and statutory OT security controls. Provide status updates to BIAL leadership of any open audit and regulatory issues.
• Stay up-to-date on the latest ICS/SCADA threats and vulnerabilities, and implement mitigation strategies.
• Manage implementation of new security projects, enhancements, and transformation programs in the relevant ICS/OT systems
• Manage security change deployment in a systematical manner to ensure no negative impact on ICS/OT systems affected by change.
• Identify or develop automated processes to simplify the service which will provide more time for the team to appropriately analyze, call out, and assist in remediation of critical information security incidents in BIAL ICS/OT domains.

Stakeholder & Financial Management

• Partner with business stakeholders to raise awareness of information security and assist them in identifying critical assets.
• Develop and deliver security awareness training for personnel working with ICS/SCADA systems.
• Communicate and collaborate with business leaders and product owners to understand the security impact of the initiatives.
• Accountable for ensuring that service delivery and performance of vendors providing ICS/OT security services and security products is as per BIAL expectations.
• Participate in ICT leadership in vendor governance reviews and highlight issues to BIAL and Vendor senior management which need resolution.

Preferred candidate profile

• 10+ years of experience in ICS security systems like PLC, SCADA, DCS, Serialization solutions. Out of these 10+ years, candidate must have minimum 4 years as Service Delivery in Maintenance and Operations of a large ICS/OT landscape in India or abroad.
• Experience in ICS/OT domains related to Transport, Manufacturing, FMCG and other such related/ regulated industries is preferable.
• Experience with ICS, Process Control Networks and SCADA is highly desirable.
• Knowledge of product design of OT/ICS/IoT devices
• Knowledge of ICS-Security threat modelling, vulnerability assessments and pen-testing.
• Knowledge network architectures, network protocols, OT Protocol knowledge (Modbus, DNP3, Ethernet IP, etc.), industrial protocols, Active Directory, Backup processes, virtualization of applications
• Awareness of Firewall and intrusion detection/prevention protocols
• Awareness of Secure coding practices, ethical hacking, and threat modeling
• Working knowledge of relevant IT security controls (e.g., firewalls, intrusion detection systems).
• Knowledge of third-party auditing and cloud risk assessment methodologies
• Awareness of Remote access security techniques and products
• Proven track record of managing operational KPIs, SLAs, initiatives, risks etc.
• Experience in driving initiatives centered on continuous improvement, innovation, and automation.
• Positive bias towards execution excellence and customer centricity
• Analytical and problem-solving skills and ability of leadership reporting in clear and concise manner
• Excellent written and verbal communication skills and high-level of personal integrity.
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
• Collaboration and Conflict Management
• Risk Assessment and Management

If your profile matches the above criteria please share your resumes to nataraj.s@bialairport.com

Best Regards,

Nataraj S M