OT Security Architect

Job Description Summary

As part of the Security Architecture and Advisory team, the OT Security Lead will review, implement, and enhance security architecture standards for OT infrastructure and ICS systems and provide comprehensive end-to-end security.

 

Job Description

Major accountabilities:

• Create and execute the strategy, vision, and roadmap for Sandoz OT security
• Define and document the overall OT network security architecture (including OT network segmentation approach)
• Create standard frameworks and configuration standards across OT security capabilities
• Maintain and operate technology related to ICS security to prevent unauthorized access and business disruption
• Coordinate OT security risk assessments, develop risk treatment plans, produce assessment reports on a regular basis, and ensure that metrics are tracked
• Assess and implement required security controls, and identify recommendations for improvement in line with industry standards to maintain an effective security posture
• Drive change management processes for the OT environment and support the OT asset inventory (systems, machines, and software) by orchestrating OT asset collection, tracking, and maintenance
• Partners with security architects to identify and evaluate the impact of emerging technologies in the OT environment (e.g.: introduction of newly developed tools into the production facilities)
• Collaborate with the different security teams, such as:
  • Collaboration with the Governance Risk and Compliance (GRC) team to create the necessary policies, and procedures for the cybersecurity domains listed above
  • Collaboration with the Incident Response team to perform IR activities within the OT environment
  • Collaboration with the Culture and Awareness team to jointly develop internal communication and trainings plans to increase security awareness, e.g.: in manufacturing sites
• Enable strategic decisions to provide secure OT capabilities
• Develop and maintain strong relationships with vendors and strategic external partners
• Deliver high quality work outcomes in a high-pressure, fast paced setting to meet company needs

Minimum Requirements:

Education:

• Master of Science degree or equivalent experience in computer science, engineering or information technology or other relevant field
• Certification or accreditation in Information Security (e.g.: CISM, CISA, CISSP, etc.) a plus but not required

Work Experience & Skills:

• At least 10 years of experience in cyber security domains, with at least 5 years in OT/ICS security environment
• Understanding and proven experience in security controls and requirements specific to OT environments, and standards such as IEC62443, ISA99, NIST 800.82 or equivalent
• Previous experience of running an OT security organization in regulated environment
• Excellent negotiation, communication, and interpersonal skills ability to develop influential relationships with different stakeholders across all levels
• Change Management Champion with experience in leading teams through large-scale IT change/transformation programs
• Highly experienced people leader with the ability to lead and develop diverse teams across wide geographies
• An entrepreneurial mindset driven by curiosity, continuous improvement, and interest in technical advancements and trends
• Strong project management skills with the ability to multitask and properly delegate work

Skills:

• Escalation.
• Information Security Audit.
• Information Security Risk Management.
• Quality Management.
• Root Cause Analysis (Rca).
• Sec Ops (Security Operations).
• Vendor Management.

Languages :

• English

 

Skills Desired

Escalation, Information Security Audit, Information Security Risk Management, Quality Management, Root Cause Analysis (RCA), Sec Ops (Security Operations), Vendor Management