Project Manager - Risk management and OT resilience

The Company

Imerys is the world’s leading supplier of mineral-based specialty solutions for the industry with €3.8 billion in revenue and 13,700 employees in 54 countries in 2023. The Group offers high value-added and functional solutions to a wide range of industries and fast-growing markets such as solutions for the energy transition and sustainable construction, as well as natural solutions for consumer goods. Imerys draws on its understanding of applications, technological knowledge, and expertise in material science to deliver solutions which contribute essential properties to customers’ products and their performance. As part of its commitment to responsible development, Imerys promotes environmentally friendly products and processes in addition to supporting its customers in their decarbonization efforts.

The Position

Project Manager - Risk management and OT resilience

Job Summary

Job Purpose

The project manager will be responsible for designing and deploying a program that ensures a clear understanding of OT risks across all factories. This includes verifying the existence of application inventories, Disaster Recovery Plans (DRP), and other essential elements for effective risk management. 

Once the assessment is complete, the project manager will define the program, demonstrate its value, have it validated by top management, and oversee its implementation across the group.

Responsibilities & Duties

Solution Provider

Assessment of OT Risks

The project manager will create the foundation for a comprehensive and detailed risk analysis of OT applications across all the group’s factories. This includes:

• Inventory of OT assets (Servers, Workstations, OT applications) :

  • Collaborate with local teams to identify all critical applications (HMIs, SCADA/DCS systems, Historian, Quality systems, etc.)

  • Document dependencies between applications to assess their impact in case of an incident

  • Create a centralized digital inventory and update it

• Audit of Disaster Recovery Plans (DRP):

  • Review existing DRPs for each factory

  • Identify potential gaps

• Evaluation of OT vulnerability management:

  • Determine whether factories have processes to identify and address vulnerabilities in their OT systems

  • Check if specific tools, such as OT vulnerability scanners, are deployed and actively used.

Creation and Deployment of a Global Program

Following the assessment, the project manager will design and lead a structured program to standardize OT risk management across all factories:

• Development of a common methodological framework:

  • Design a standardized process for OT risk analysis (e.g., based on ISO 27005 or IEC62443)

  • Define clear steps: risk identification, assessment, prioritization, and action planning

  • Document and share an operational guide to enable factories to follow the methodology

• Technical specifications for OT resilience:

  • Draft minimum standards for critical equipment, such as redundancy measures, automated backups, network segmentation, antivirus and patching (to build with infra, security and OT teams),

  • Define evaluation criteria to ensure each site complies with the new standards (internal audits, periodic reviews)

• Customized action plans for factories:

  • Analyze the findings of the risk assessment for each factory and identify weak points

  • Build improvement plans adapted to local constraints

  • Prioritize critical actions to immediately reduce risks while preparing for long-term improvements

Communication and Change Management

The success of this program relies on effective communication and the ability to engage stakeholders:

• Raising awareness among top management:

  • Create clear and impactful materials to present OT risks and their potential impacts (production downtime, financial losses, safety breaches)

  • Convince leadership of the importance of the program

• Engagement of local teams:

  • Create practical guides and awareness materials for technical and operational teams

  • Organize training/workshops to explain the methodology

• Collaboration with internal stakeholders:

  • Work closely with IT infrastructure and cyber teams to align OT initiatives with group standards (network security, access management, etc.)

  • Collaborate with cybersecurity experts to integrate existing tools and processes into the program

Monitoring and Continuous Improvement

Once the program is deployed, the project manager will ensure its effectiveness and ongoing development:

• Establishment and tracking of Key Performance Indicators (KPIs)

• Periodic audit and control

• Technological and regulatory watch:

  • Monitor developments in international standards (e.g., IEC 62443) 

  • Propose adjustments to the program to meet new requirements.

Development and Implementation of Remediation Plans for internal audit findings:

• Develop detailed remediation plans to resolve issues identified during audits

• Prioritize corrective actions based on their impact and severity

• Work with internal teams (management, IT, etc.) to ensure the effective implementation of corrective measures.

 Interface between IT / OT and the Business

• Develop a deep knowledge of the BA(s)/Functions(s) business and build positive relationships

• Educate business partners about IT / OT processes, roles, and capabilities

• Establish communication processes and channels across business functions.

Project Manager

• Create the Project Charter, the macro-plan and the detailed project plan for the projects assigned

• Coordinate the activities performed by the project team members and the Infrastructure and Cybersecurity teams to ensure project execution and delivery once the project has been approved

• Respect the project methodology and provide project updates as needed for meetings, OT Steering and Operational Committees, OT Councils, etc.

• Check that the project team members have created necessary design documents, testing documents and helped the Business with the preparation of the User Acceptance Testing documents

• Identify and manage the risks related to the projects assigned

• Follow and respect the budget allocated to the projects assigned

• Deliver the project as per the agreed Go-live dates and with a good quality level

• Coordinate the post Go-live support for the Business

Qualifications & Experience

• Master’s degree in engineering, industrial computing, or equivalent.

• Minimum 10 years of experience in OT/IT project management, preferably in an industrial environment

• Strong expertise in OT environments (SCADA systems, Historian or industrial systems)

• Deep knowledge of risk management, cybersecurity, and IT/OT system resilience

• Experience with audit and risk analysis methodologies (e.g., ISO 27001, IEC 62443).

• Certification in project management (PMP, PRINCE2) or cybersecurity (CISSP, CISM) is a plus.

• Excellent communication skills with the ability to simplify complex technical topics

• Proven ability to engage and influence diverse stakeholders (technical, operational, executive)

• Strong organizational skills and the ability to manage complex projects in a multinational context

• Proactive approach to solving problems

• Fluent or native English speaker

Position Type

Full time

and

Permanent

Only technical issues will be monitored through the below inbox:

recruiting.support@ imerys.com

PLEASE DO NOT SUBMIT RESUMES OR APPLICATIONS TO THIS EMAIL, AS THEY WILL NOT BE REVIEWED. 

To ensure fairness and legal compliance in our recruitment processes, only applications received through the online application process will be considered. 

IMERYS is an Affirmative Action and Equal Opportunity Employer and it is our policy to not discriminate against any employee or applicant for employment because of race, color, religion, sex, national origin, age, marital status, sexual orientation, gender identity, genetic information, disability, veteran status, or any other status protected by federal, state or local laws.