Cybersecurity Manager (IT & OT Security)

Summary

The Cybersecurity Manager is responsible for end-to-end cybersecurity across both IT and OT environments. This role ensures the protection of enterprise systems, industrial control systems (ICS), and critical operations, balancing security, safety, availability, and business continuity while supporting digital transformation

Key Responsibilities

1. Cybersecurity Strategy & Governance (IT & OT)

• Define and execute a unified enterprise cybersecurity strategy covering IT and OT.
• Establish ITOT security governance, policies, standards, and operating models.
• Define clear ownership and accountability between IT, OT, engineering, and site operations teams.
• Align cybersecurity initiatives with business continuity, safety, and operational resilience.

2. Cyber Risk Management & Compliance (OT Included)

• Conduct enterprise-wide cyber risk assessments across:
• Corporate IT
• Cloud and SaaS
• OT / ICS / SCADA environments
• Identify OT-specific risks such as:
• Legacy systems
• Unpatched PLCs and HMIs
• Flat networks and insecure remote access
• Ensure compliance with relevant standards and regulations:
• IEC 62443 (industrial cybersecurity)
• NIST CSF
• ISO/IEC 27001
• Regional critical infrastructure or safety regulations
• Support internal and external OT cybersecurity audits and assessments.

3. OT Security Architecture & Controls

• Define OT security architecture and reference models, including:
• ITOT network segmentation
• Secure remote access for vendors and maintenance
• Oversee implementation of OT security controls such as:
• Industrial firewalls
• Network monitoring for ICS
• Secure jump servers and PAM

4. Security Operations & Incident Response (IT & OT)

• Establish integrated incident response processes covering IT and OT incidents.
• Lead or coordinate response to OT-related cyber incidents, ensuring safety and operational impact are prioritized.
• Develop and maintain OT-specific incident response playbooks, including ransomware and plant disruption scenarios.
• Coordinate with engineering, EHS, and operations teams during incidents.

5. Asset Visibility, Vulnerability & Patch Management

• Ensure complete asset inventory for IT/OT systems
• Define OT-appropriate vulnerability management processes, including:
• Risk-based patching
• Compensating controls for legacy systems
• PLC, DCS, SCADA, HMI

6. Business Continuity, Safety & Resilience

• Integrate OT cybersecurity into BCP / DR and operational resilience planning.
• Ensure alignment between cybersecurity, plant safety, and EHS requirements.
• Support cyber recovery planning for manufacturing and critical operations.

7. Awareness & Training (IT & OT)

• Develop targeted cybersecurity awareness programs for OT engineers and plant operators.
• Provide training on:
• IT/OT cyber threats
• Secure engineering practices
• Incident response procedures
• Promote a security-first culture without disrupting operations.

Required Qualifications

Experience

• 8+ years in cybersecurity, with hands-on experience in IT/OT security
• Proven experience securing manufacturing, industrial, or critical infrastructure environments
• Experience working with engineering, plant operations, and EHS teams

Certifications

• CISSP / CISM
• CCSP or cloud security certifications (optional, a plus)
• IEC 62443 Cybersecurity Expert (optional, a plus)