Key Responsibilities
?
Strategic Leadership & Programme Direction
• Define and direct OT cybersecurity initiatives that improve the security posture of company's global OT environments, aligned with the Group Cybersecurity Framework (based on NIST CSF).
• Lead and manage a team of OT cybersecurity engineers and analysts, ensuring consistent and effective cyber programme implementation across all markets (Singapore, India, UK, China, Southeast Asia, Middle East).
• Own the OT cybersecurity roadmap, including technology refresh, tool adoption, and capability uplift aligned with company's Cybersecurity Framework objectives.
• Drive continuous improvement of end-to-end OT threat detection, incident response, and vulnerability management processes.
• Report to senior leadership on OT cybersecurity risk posture, programme effectiveness, and key metrics via the Monthly Cybersecurity Committee and ExCom briefings.
?ï¸
OT Security Architecture & Engineering
• Lead the design and implementation of secure OT network architectures across CII and non-CII sites, ensuring proper segmentation (Purdue Model Levels 0–3.5), data diodes, firewalls, and secure communication protocols.
• Oversee hardening of ICS assets including DCS, SCADA, HMI, PLC, RTU, and engineering workstations across power generation, water treatment, wind, and solar sites.
• Drive secure IT/OT integration initiatives, including edge-to-cloud OT architectures, ensuring audit-ready baselines and compliance with international OT security standards.
• Provide Security by Design (SBD) advisory for all new OT projects, including vendor remote operations, ensuring security requirements are embedded from the tender stage through go-live.
?
Risk Management & Regulatory Compliance
• Lead risk assessments and Threat Risk Assessments (TRAs) across OT environments, ensuring compliance with NIST CSF, ISO 27001:2022, IEC 62443, and Singapore's CII regulations (CCoP by CSA, WSCP by PUB).
• Ensure alignment with company's Operational Technology (OT) Security Policy, Group Cybersecurity Policy, and the Security Requirement – OT Centralised framework.
• Ensure regulatory and compliance adherence across global frameworks (ISO 27001, NIST, CCoP, PDPA, GDPR) and local requirements.
• Lead audit readiness — prepare for and represent OT cybersecurity during CSA, PUB, and internal assurance reviews.
?
Security Operations & Incident Response
• Oversee OT security monitoring operations, including SIEM integration (Google SecOps), OT-specific tools (Claroty, Nozomi), and endpoint protection across all sites.
• Lead investigation and remediation of major OT cyber security incidents, coordinating with internal teams (O&M, Maintenance IAC, Group Digital) and external incident response partners.
• Ensure all alerts are managed per company's Security Operations Standard and incident response procedures.
• Monitor the threat landscape — track APT campaigns, regional threat intelligence, and adapt OT defences accordingly.
?
Vendor & Third-Party Security Management
• Enforce company's vendor security requirements, including NDA, GT&C, DPA, ISO 27001/SOC 2 compliance, and independent penetration testing for all OT-related vendors.
• Oversee OT vendor cybersecurity assessments, including evaluating remote monitoring and control proposals.
• Ensure maintenance contracts for key OT systems include patching, support, SLA, and IR reporting requirements.
?
People Development & Collaboration
• Build, mentor, and grow the OT cybersecurity team, promoting continuous improvement and professional development.
• Collaborate with Cyber Tech Risk, Cyber Operations, Cyber Threat Defence, and Cyber Assurance teams.
• Drive cybersecurity awareness training for plant personnel, ensuring frequency of at least once per year with regular awareness messaging.
• Ensure the team stays updated with the latest advancements in OT cybersecurity technologies, global threat landscape, and regulatory developments.
Requirements
?
Education
• Bachelor's degree in Computer Science, Engineering, Cybersecurity, Control Systems, or a related field.
?
Experience
• Minimum 8–12 years of experience in cybersecurity, with at least 5 years specialising in OT/ICS/SCADA environments, preferably in energy, utilities, or critical infrastructure.
• At least 3 years in a leadership or management role, leading cybersecurity teams or programmes.
• Well-experienced in at least one major industrial control system (e.g., Siemens PCS 7, ABB 800xA, Honeywell PKS, GE Mark VIe, Schneider Electric).
• Hands-on experience in security operations, engineering, architecture, and GRC.
?
Technical Skills
Area Requirements
Standards & Frameworks IEC 62443, NIST CSF, ISA/IEC standards, WSCP (PUB), CCoP (CSA), ISO 27001, PDPA, GDPR
Industrial Protocols Modbus, OPC DA/UA, IEC 61850, DNP3
OT Security Tools Claroty, Nozomi, Dragos, or equivalent ICS cybersecurity platforms
Security Operations SIEM (Google SecOps / Splunk), SOAR, EDR/XDR, vulnerability management (Tenable, SNYK)
Network & Architecture Firewalls, data diodes, network segmentation (Purdue Model), secure remote access, IT/OT convergence
ICS/SCADA Systems DCS, SCADA, HMI, PLC, RTU — hardening, configuration, and lifecycle management
Cloud & Integration Azure cloud OT governance, edge-to-cloud OT architecture, SD-WAN, IPSEC tunnels
Risk & Compliance Threat Risk Assessments, Business Impact Assessments, Security by Design, vendor security assessments
?
Certifications (Preferred)
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control)
• CISSP (Certified Information Systems Security Professional)
• GICSP (Global Industrial Cyber Security Professional)
• SANS ICS/OT certifications (e.g., ICS515, ICS410)
• CCNP, PCNSE, NSE 4+ are advantageous
?
Soft Skills
• Strong communication and presentation skills — ability to convey complex OT security issues to technical and non-technical stakeholders, including ExCom and Board-level reporting.
• Excellent problem-solving, analytical, and strategic thinking skills.
• Proven track record in leading and managing diverse teams, promoting continuous improvement.
• Ability to navigate multi-market, multi-cultural environments across company's global operations.
