Information and Data are some of the most important organisational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analysing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organisation with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Job Role and Responsibility:

As a Senior Cybersecurity OT Specialist, you will be a subject matter expert responsible for the cybersecurity posture of our operational technology environment. You will lead the development and implementation of OT security policies, procedures, and technical controls. Your expertise will be crucial in identifying and mitigating risks specific to ICS, ensuring the continuity and safety of our operations.

Responsibilities and Duties:

·       Develop, implement, and maintain OT cybersecurity policies, standards, and procedures in alignment with industry best practices and regulatory requirements.

·       Conduct risk assessments and vulnerability assessments of OT systems and infrastructure.

·       Design and implement security controls for ICS, including network segmentation, intrusion detection/prevention systems (IDS/IPS), firewalls, and endpoint protection tailored for OT environments.

·       Monitor OT security systems and analyze security events to detect and respond to potential threats.

·       Collaborate with OT engineers and vendors to ensure security is integrated throughout the lifecycle of OT systems.

·       Develop and deliver cybersecurity awareness training for OT personnel.

·       Participate in incident response activities for OT security incidents, including investigation, containment, and remediation.

·       Stay up-to-date on the latest OT security threats, vulnerabilities, and mitigation techniques.

·       Evaluate and recommend security technologies and solutions specific to OT environments.

·       Contribute to the development and maintenance of OT network architecture diagrams and security documentation.

·       Participate in audits and assessments to ensure compliance with OT security standards and regulations.

·       Provide technical guidance and mentorship to junior team members on OT security matters.

Required Professional and Technical Expertise:

·       Extensive experience (typically 5+ years) in cybersecurity with a significant focus on Operational Technology (OT) or Industrial Control Systems (ICS) security.

·       Deep understanding of ICS protocols (e.g., Modbus, DNP3, Profinet), architectures (e.g., Purdue Model), and communication methodologies.

·       Hands-on experience with OT security technologies such as industrial firewalls, intrusion detection systems, secure remote access solutions, and endpoint security for OT.

·       Strong knowledge of network security principles and practices, including TCP/IP, routing, switching, and network segmentation.

·       Experience with security frameworks and standards relevant to OT (e.g., IEC 62443, NIST SP 800-82).

·       Familiarity with industrial control system vendors and their security considerations (e.g., Siemens, Rockwell Automation, Schneider Electric).

·       Strong analytical and problem-solving skills with the ability to diagnose and resolve complex security issues in OT environments.

·       Excellent communication and interpersonal skills with the ability to effectively communicate technical information to both technical and non-technical audiences, including OT personnel.   

·       Extensive experience (typically 5+ years) in architecture designs

·       Experience in risk assessment and remediation.

Preferred Professional and Technical Expertise:

·       Relevant certifications such as GICSP (Global Industrial Cyber Security Professional), GRID (GIAC Response and Industrial Defense), or ISA/IEC 62443 Cybersecurity Expert.

·       Experience with security monitoring and logging tools in OT environments.

·       Knowledge of virtualization technologies and their secure implementation in OT.

·       Experience with risk assessment methodologies specific to OT environments (e.g., HAZOP, BowTie).

·       Familiarity with regulatory requirements for critical infrastructure (e.g., SOCI Act in Australia).

·       Experience with secure development lifecycle (SDL) principles as applied to OT systems.

·       Knowledge of OT asset management and inventory practices.

·       Experience in developing and implementing security awareness programs tailored for OT personnel.

·       Familiarity with cloud-based security solutions for OT environments