Cyber Security Manager - IT Compliance (5-12 yrs)

Purpose:

To ensure the protection and resilience of critical industrial systems and infrastructure against cyber threats. The OT Cybersecurity Manager will develop, implement, and oversee security strategies tailored to Operational Technology (OT) environments, which include Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) systems, and other industrial operations.

Key Responsibilities:

1. OT Security Strategy:

- Assess and manage cybersecurity risks in OT environments.

- Implement security controls and develop security policies specific to OT.

- Monitor and detect threats continuously.

- Manage vulnerabilities and ensure a secure OT environment.

2. Regulatory Compliance and Standards:

- Conduct security audits to meet industry standards (e.g., IEC 62443).

- Facilitate training and awareness for OT security among employees.

- Ensure compliance with audits and maintain minimum required ratings.

3. Incident Response:

- Develop and manage incident response plans.

- Detect, respond to, and contain security incidents effectively.

- Conduct root cause analyses and mitigate risks.

4. Risk Management:

- Identify, analyze, and mitigate cybersecurity risks in OT zones.

- Plan and implement risk controls while monitoring and reviewing annually.

5. Change Management:

- Review and approve OT system changes, ensuring proper documentation.

- Oversee network changes in the IT-OT interface for compliance.

6. Internal and External Audits:

- Conduct regular audits at plants to ensure compliance with OT security standards.

- Address and close audit observations timely.

7. Reporting and Communication:

- Report risks and incidents to the CISO and relevant stakeholders.

- Conduct workshops, technical training, and awareness programs.

Challenges of the Role:

- Managing legacy systems with outdated security protocols.

- Ensuring minimal downtime during patching and updates.

- Balancing safety and security in critical OT operations.

- Navigating complex environments with diverse vendor systems.

- Maintaining vigilance against an evolving cyber threat landscape.

Educational and Experience Requirements:

- Qualification- : B.Tech/B.E. in relevant fields.

Role-Specific Competencies:

- Proficiency in IEC 62443 standards (Risk Assessment, Design, and Fundamental Specialist levels).

- Expertise in OT and IT integration and regulatory compliance.

Working Relationships:

- Coordinate with Plant OT Security teams, IT teams, and instrumentation experts.

- Collaborate with OEMs and external OT security monitoring partners.

- Report critical alerts and compliance metrics to CISO regularly.