Deputy General Manager - Operational Technology Cybersecurity

Deputy General Manager - OT Cybersecurity

Responsibilities

OT Cybersecurity Lead

OT Cybersecurity Strategy Development:

Lead the development, implementation, and maintenance of a comprehensive OT cybersecurity strategy aligned with business goals and security best practices.

Work with executive leadership to define OT security priorities and ensure alignment with broader cybersecurity initiatives.

Stay updated on emerging threats and industry trends to continuously improve the OT cybersecurity program.

Risk Management and Threat Assessment:

Conduct regular risk assessments and vulnerability scans of OT systems and networks, identifying potential security risks.

Implement strategies to mitigate identified risks and ensure appropriate security measures are in place to protect OT assets.

Oversee threat detection, analysis, and response procedures for OT-specific cybersecurity incidents.

Incident Response and Recovery:

Lead OT cybersecurity incident response, including detection, containment, and remediation of security incidents in OT environments.

Collaborate with IT, network, and security operations teams to ensure rapid response to OT security breaches.

Develop and maintain incident response plans for OT environments, ensuring readiness for both cyber and physical threats.

Collaboration with Cross-Functional Teams:

Collaborate with IT, risk management, engineering, and operations teams to integrate cybersecurity measures into OT systems.

Work closely with external partners and vendors to ensure secure integration of third-party systems and devices into the OT environment.

Partner with regulatory and compliance teams to ensure OT security policies adhere to industry standards and regulations.

OT Security Controls and Architecture:

Design and implement network segmentation, access controls, firewalls, and other security measures specific to OT systems.

Ensure that OT assets, including SCADA, PLCs, and other industrial systems, are properly secured against cyber threats.

Conduct periodic security reviews and audits to ensure the effectiveness of implemented security controls.

Training and Awareness:

Provide training to OT personnel on cybersecurity best practices and how to identify and mitigate potential security threats.

Raise awareness of OT cybersecurity risks across the organization and ensure that operational teams understand their role in maintaining OT security.

Regulatory Complaince:

Ensure that OT cybersecurity practices comply with relevant industry standards, regulations, and best practices (e.g., NIST, IEC 62443, NERC CIP).

Lead efforts to maintain OT cybersecurity compliance during audits and assessments.

Implement cybersecurity policies and controls to meet regulatory and compliance requirements for critical infrastructure.

Continuous Improvement and Innovation:

Drive continuous improvement in OT cybersecurity processes, incorporating lessons learned from past incidents and industry developments.

Evaluate and implement new security technologies and solutions to protect OT environments from evolving threats.

Promote a culture of security awareness and resilience within the OT environment.

Key Stakeholders - Internal

Department Heads

Legal and Compliance Teams

Operational Technology and Engineering Team

System Administrators and Operations

Procurement and Vendor Management Team

Facilities Management

Risk Management Team

Internal Auditors

IT Team

Key Stakeholders - External

Regulatory Bodies

Industrial Control System (ICS) Vendors

External Auditors

Legal Advisors

Managed Security Service Providers (MSSPs)

Compliance and Certification Bodies

Industry Associations

Government Agencies

Consultants

Incident Response Service Providers

Third-Party OT Solution Providers

Qualifications

Educational Qualification:

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Advanced degree (e.g., Master's, MBA) in Cybersecurity, Information Assurance, or a relevant discipline is highly desirable.

Certification:

Industry certifications such as CISSP, CISM, CISA, or specific OT security certifications (e.g., GIAC GICSP, IEC-62443 ,Certified SCADA Security Architect) are highly desirable.

Work Experience (Range of years):

7+ years of overall experience , with at least 5 years focused on OT or industrial control systems security.