Key Responsibilities
? Strategic Leadership & Programme Direction
⢠Define and direct OT cybersecurity initiatives that improve the security posture of company's global OT environments, aligned with the Group Cybersecurity Framework (based on NIST CSF).
⢠Lead and manage a team of OT cybersecurity engineers and analysts, ensuring consistent and effective cyber programme implementation across all markets (Singapore, India, UK, China, Southeast Asia, Middle East).
⢠Own the OT cybersecurity roadmap, including technology refresh, tool adoption, and capability uplift aligned with company's Cybersecurity Framework objectives.
⢠Drive continuous improvement of end-to-end OT threat detection, incident response, and vulnerability management processes.
⢠Report to senior leadership on OT cybersecurity risk posture, programme effectiveness, and key metrics via the Monthly Cybersecurity Committee and ExCom briefings.
?ï¸ OT Security Architecture & Engineering
⢠Lead the design and implementation of secure OT network architectures across CII and non-CII sites, ensuring proper segmentation (Purdue Model Levels 0â3.5), data diodes, firewalls, and secure communication protocols.
⢠Oversee hardening of ICS assets including DCS, SCADA, HMI, PLC, RTU, and engineering workstations across power generation, water treatment, wind, and solar sites.
⢠Drive secure IT/OT integration initiatives, including edge-to-cloud OT architectures, ensuring audit-ready baselines and compliance with international OT security standards.
⢠Provide Security by Design (SBD) advisory for all new OT projects, including vendor remote operations, ensuring security requirements are embedded from the tender stage through go-live.
? Risk Management & Regulatory Compliance
⢠Lead risk assessments and Threat Risk Assessments (TRAs) across OT environments, ensuring compliance with NIST CSF, ISO 27001:2022, IEC 62443, and Singapore's CII regulations (CCoP by CSA, WSCP by PUB).
⢠Ensure alignment with company's Operational Technology (OT) Security Policy, Group Cybersecurity Policy, and the Security Requirement â OT Centralised framework.
⢠Ensure regulatory and compliance adherence across global frameworks (ISO 27001, NIST, CCoP, PDPA, GDPR) and local requirements.
⢠Lead audit readiness â prepare for and represent OT cybersecurity during CSA, PUB, and internal assurance reviews.
? Security Operations & Incident Response
⢠Oversee OT security monitoring operations, including SIEM integration (Google SecOps), OT-specific tools (Claroty, Nozomi), and endpoint protection across all sites.
⢠Lead investigation and remediation of major OT cyber security incidents, coordinating with internal teams (O&M, Maintenance IAC, Group Digital) and external incident response partners.
⢠Ensure all alerts are managed per company's Security Operations Standard and incident response procedures.
⢠Monitor the threat landscape â track APT campaigns, regional threat intelligence, and adapt OT defences accordingly.
? Vendor & Third-Party Security Management
⢠Enforce company's vendor security requirements, including NDA, GT&C, DPA, ISO 27001/SOC 2 compliance, and independent penetration testing for all OT-related vendors.
⢠Oversee OT vendor cybersecurity assessments, including evaluating remote monitoring and control proposals.
⢠Ensure maintenance contracts for key OT systems include patching, support, SLA, and IR reporting requirements.
? People Development & Collaboration
⢠Build, mentor, and grow the OT cybersecurity team, promoting continuous improvement and professional development.
⢠Collaborate with Cyber Tech Risk, Cyber Operations, Cyber Threat Defence, and Cyber Assurance teams.
⢠Drive cybersecurity awareness training for plant personnel, ensuring frequency of at least once per year with regular awareness messaging.
⢠Ensure the team stays updated with the latest advancements in OT cybersecurity technologies, global threat landscape, and regulatory developments.
Requirements
? Education
⢠Bachelor's degree in Computer Science, Engineering, Cybersecurity, Control Systems, or a related field.
? Experience
⢠Minimum 8â12 years of experience in cybersecurity, with at least 5 years specialising in OT/ICS/SCADA environments, preferably in energy, utilities, or critical infrastructure.
⢠At least 3 years in a leadership or management role, leading cybersecurity teams or programmes.
⢠Well-experienced in at least one major industrial control system (e.g., Siemens PCS 7, ABB 800xA, Honeywell PKS, GE Mark VIe, Schneider Electric).
⢠Hands-on experience in security operations, engineering, architecture, and GRC.
? Technical Skills
Area Requirements
Standards & Frameworks IEC 62443, NIST CSF, ISA/IEC standards, WSCP (PUB), CCoP (CSA), ISO 27001, PDPA, GDPR
Industrial Protocols Modbus, OPC DA/UA, IEC 61850, DNP3
OT Security Tools Claroty, Nozomi, Dragos, or equivalent ICS cybersecurity platforms
Security Operations SIEM (Google SecOps / Splunk), SOAR, EDR/XDR, vulnerability management (Tenable, SNYK)
Network & Architecture Firewalls, data diodes, network segmentation (Purdue Model), secure remote access, IT/OT convergence
ICS/SCADA Systems DCS, SCADA, HMI, PLC, RTU â hardening, configuration, and lifecycle management
Cloud & Integration Azure cloud OT governance, edge-to-cloud OT architecture, SD-WAN, IPSEC tunnels
Risk & Compliance Threat Risk Assessments, Business Impact Assessments, Security by Design, vendor security assessments
? Certifications (Preferred)
⢠CISM (Certified Information Security Manager)
⢠CRISC (Certified in Risk and Information Systems Control)
⢠CISSP (Certified Information Systems Security Professional)
⢠GICSP (Global Industrial Cyber Security Professional)
⢠SANS ICS/OT certifications (e.g., ICS515, ICS410)
⢠CCNP, PCNSE, NSE 4+ are advantageous
? Soft Skills
⢠Strong communication and presentation skills â ability to convey complex OT security issues to technical and non-technical stakeholders, including ExCom and Board-level reporting.
⢠Excellent problem-solving, analytical, and strategic thinking skills.
⢠Proven track record in leading and managing diverse teams, promoting continuous improvement.
⢠Ability to navigate multi-market, multi-cultural environments across company's global operations.
Apply Now
Activate JobCopilot
Your email job alert is now active!