Job Description

Key Responsibilities: Responsibilities include but are not limited to:

1. Network Architecture & Segmentation

• Define and own secure OT network architecture aligned to IEC 62443 zone and conduit models utilising firewalls and data diodes.

• Establish defense-in-depth architecture across OT, IT/OT DMZ, safety systems and remote access zones.

· Define secure connectivity for OT–IT, OT–Cloud and vendor integrations.

• Review and approve OT network changes for cyber-physical risk impact.

• Integrate identity-aware networking and Zero Trust principles where operationally feasible.

• Oversee firewall rule lifecycle management, including review, validation, documentation and periodic recertification.

• Ensure firewall configurations support deterministic traffic, legacy protocols and high availability requirements in OT environments.

2. Remote Access (Internal & Third Party)

• Architect and govern secure remote access solutions for OT environments, including vendor and contractor access.

• Ensure all remote access is identity-based, least-privilege, monitored and auditable.

• Define secure patterns for jump hosts, architectures and privileged session management.

• Enforce segmentation and time-bound access for remote connections to OT assets.

• Align remote access controls with safety, availability and regulatory requirements.

• Establish incident-ready remote access capabilities, including rapid isolation and revocation.

3. Identity & Access Management (IAM)

• Define OT-specific IAM architecture and control models aligned with risk tolerance.

• Ability to identify and mitigate potential security risks and vulnerabilities related to identity and access management.

• Govern the use of Active Directory and directory services in OT, including trust relationships and segmentation boundaries.

• Ensure strong authentication (e.g., MFA, certificates) for privileged and remote OT access, adapted to operational constraints.

• Define and oversee Identity Governance & Administration (IGA) processes for OT users, vendors and service accounts.

• Architect and govern Privileged Access Management (PAM) for engineering systems, administrators and service accounts.

• Manage machine and non-human identities, including certificates, keys and service accounts.

• Ensure identity controls support availability, safety and incident response requirements.

4. Data Management (Security & Access Focused)

• Define and govern secure OT data flows across zones, conduits and trust boundaries.

• Ensure OT data access is identity-controlled, role-based and least-privilege.

• Design and approve architectures for OT data integration (historians, cloud platforms etc).

• Ensure encryption, integrity and secure transport for OT data in transit.

• Support data classification and risk assessment for safety-critical and regulated OT data.

• Ensure data architectures do not compromise operational availability or safety.

5. Crossover Responsibilities

• Translate OT cyber risks into business, safety and operational risk language.

• Support audits, regulatory assessments, and assurance activities related to OT cyber risk.

• Act as a bridge between engineering, operations, IT and security teams.