Key Responsibilities π― Strategic Leadership & Programme Direction β’ Define and direct OT cybersecurity initiatives that improve the security posture of company's global OT environments, aligned with the Group Cybersecurity Framework (based on NIST CSF). β’ Lead and manage a team of OT cybersecurity engineers and analysts, ensuring consistent and effective cyber programme implementation across all markets (Singapore, India, UK, China, Southeast Asia, Middle East). β’ Own the OT cybersecurity roadmap, including technology refresh, tool adoption, and capability uplift aligned with company's Cybersecurity Framework objectives. β’ Drive continuous improvement of end-to-end OT threat detection, incident response, and vulnerability management processes. β’ Report to senior leadership on OT cybersecurity risk posture, programme effectiveness, and key metrics via the Monthly Cybersecurity Committee and ExCom briefings. ποΈ OT Security Architecture & Engineering β’ Lead the design and implementation of secure OT network architectures across CII and non-CII sites, ensuring proper segmentation (Purdue Model Levels 0β3.5), data diodes, firewalls, and secure communication protocols. β’ Oversee hardening of ICS assets including DCS, SCADA, HMI, PLC, RTU, and engineering workstations across power generation, water treatment, wind, and solar sites. β’ Drive secure IT/OT integration initiatives, including edge-to-cloud OT architectures, ensuring audit-ready baselines and compliance with international OT security standards. β’ Provide Security by Design (SBD) advisory for all new OT projects, including vendor remote operations, ensuring security requirements are embedded from the tender stage through go-live. π Risk Management & Regulatory Compliance β’ Lead risk assessments and Threat Risk Assessments (TRAs) across OT environments, ensuring compliance with NIST CSF, ISO 27001:2022, IEC 62443, and Singapore's CII regulations (CCoP by CSA, WSCP by PUB). β’ Ensure alignment with company's Operational Technology (OT) Security Policy, Group Cybersecurity Policy, and the Security Requirement β OT Centralised framework. β’ Ensure regulatory and compliance adherence across global frameworks (ISO 27001, NIST, CCoP, PDPA, GDPR) and local requirements. β’ Lead audit readiness β prepare for and represent OT cybersecurity during CSA, PUB, and internal assurance reviews. π Security Operations & Incident Response β’ Oversee OT security monitoring operations, including SIEM integration (Google SecOps), OT-specific tools (Claroty, Nozomi), and endpoint protection across all sites. β’ Lead investigation and remediation of major OT cyber security incidents, coordinating with internal teams (O&M, Maintenance IAC, Group Digital) and external incident response partners. β’ Ensure all alerts are managed per company's Security Operations Standard and incident response procedures. β’ Monitor the threat landscape β track APT campaigns, regional threat intelligence, and adapt OT defences accordingly. π Vendor & Third-Party Security Management β’ Enforce company's vendor security requirements, including NDA, GT&C, DPA, ISO 27001/SOC 2 compliance, and independent penetration testing for all OT-related vendors. β’ Oversee OT vendor cybersecurity assessments, including evaluating remote monitoring and control proposals. β’ Ensure maintenance contracts for key OT systems include patching, support, SLA, and IR reporting requirements. π€ People Development & Collaboration β’ Build, mentor, and grow the OT cybersecurity team, promoting continuous improvement and professional development. β’ Collaborate with Cyber Tech Risk, Cyber Operations, Cyber Threat Defence, and Cyber Assurance teams. β’ Drive cybersecurity awareness training for plant personnel, ensuring frequency of at least once per year with regular awareness messaging. β’ Ensure the team stays updated with the latest advancements in OT cybersecurity technologies, global threat landscape, and regulatory developments. Requirements π Education β’ Bachelor's degree in Computer Science, Engineering, Cybersecurity, Control Systems, or a related field. π
Experience β’ Minimum 8β12 years of experience in cybersecurity, with at least 5 years specialising in OT/ICS/SCADA environments, preferably in energy, utilities, or critical infrastructure. β’ At least 3 years in a leadership or management role, leading cybersecurity teams or programmes. β’ Well-experienced in at least one major industrial control system (e.g., Siemens PCS 7, ABB 80β¦