Operational Technology Cyber Lead

Key Responsibilities

🎯 Strategic Leadership & Programme Direction

• Define and direct OT cybersecurity initiatives that improve the security posture of company's global OT environments, aligned with the Group Cybersecurity Framework (based on NIST CSF).

• Lead and manage a team of OT cybersecurity engineers and analysts, ensuring consistent and effective cyber programme implementation across all markets (Singapore, India, UK, China, Southeast Asia, Middle East).

• Own the OT cybersecurity roadmap, including technology refresh, tool adoption, and capability uplift aligned with company's Cybersecurity Framework objectives.

• Drive continuous improvement of end-to-end OT threat detection, incident response, and vulnerability management processes.

• Report to senior leadership on OT cybersecurity risk posture, programme effectiveness, and key metrics via the Monthly Cybersecurity Committee and ExCom briefings.

🏗️ OT Security Architecture & Engineering

• Lead the design and implementation of secure OT network architectures across CII and non-CII sites, ensuring proper segmentation (Purdue Model Levels 0–3.5), data diodes, firewalls, and secure communication protocols.

• Oversee hardening of ICS assets including DCS, SCADA, HMI, PLC, RTU, and engineering workstations across power generation, water treatment, wind, and solar sites.

• Drive secure IT/OT integration initiatives, including edge-to-cloud OT architectures, ensuring audit-ready baselines and compliance with international OT security standards.

• Provide Security by Design (SBD) advisory for all new OT projects, including vendor remote operations, ensuring security requirements are embedded from the tender stage through go-live.

📋 Risk Management & Regulatory Compliance

• Lead risk assessments and Threat Risk Assessments (TRAs) across OT environments, ensuring compliance with NIST CSF, ISO 27001:2022, IEC 62443, and Singapore's CII regulations (CCoP by CSA, WSCP by PUB).

• Ensure alignment with company's Operational Technology (OT) Security Policy, Group Cybersecurity Policy, and the Security Requirement – OT Centralised framework.

• Ensure regulatory and compliance adherence across global frameworks (ISO 27001, NIST, CCoP, PDPA, GDPR) and local requirements.

• Lead audit readiness — prepare for and represent OT cybersecurity during CSA, PUB, and internal assurance reviews.

🔍 Security Operations & Incident Response

• Oversee OT security monitoring operations, including SIEM integration (Google SecOps), OT-specific tools (Claroty, Nozomi), and endpoint protection across all sites.

• Lead investigation and remediation of major OT cyber security incidents, coordinating with internal teams (O&M, Maintenance IAC, Group Digital) and external incident response partners.

• Ensure all alerts are managed per company's Security Operations Standard and incident response procedures.

• Monitor the threat landscape — track APT campaigns, regional threat intelligence, and adapt OT defences accordingly.

📑 Vendor & Third-Party Security Management

• Enforce company's vendor security requirements, including NDA, GT&C, DPA, ISO 27001/SOC 2 compliance, and independent penetration testing for all OT-related vendors.

• Oversee OT vendor cybersecurity assessments, including evaluating remote monitoring and control proposals.

• Ensure maintenance contracts for key OT systems include patching, support, SLA, and IR reporting requirements.

🤝 People Development & Collaboration

• Build, mentor, and grow the OT cybersecurity team, promoting continuous improvement and professional development.

• Collaborate with Cyber Tech Risk, Cyber Operations, Cyber Threat Defence, and Cyber Assurance teams.

• Drive cybersecurity awareness training for plant personnel, ensuring frequency of at least once per year with regular awareness messaging.

• Ensure the team stays updated with the latest advancements in OT cybersecurity technologies, global threat landscape, and regulatory developments.

Requirements

🎓 Education

• Bachelor's degree in Computer Science, Engineering, Cybersecurity, Control Systems, or a related field.

📅 Experience

• Minimum 8–12 years of experience in cybersecurity, with at least 5 years specialising in OT/ICS/SCADA environments, preferably in energy, utilities, or critical infrastructure.

• At least 3 years in a leadership or management role, leading cybersecurity teams or programmes.

• Well-experienced in at least one major industrial control system (e.g., Siemens PCS 7, ABB 800xA, Honeywell PKS, GE Mark VIe, Schneider Electric).

• Hands-on experience in security operations, engineering, architecture, and GRC.

💻 Technical Skills

Area Requirements

Standards & Frameworks IEC 62443, NIST CSF, ISA/IEC standards, WSCP (PUB), CCoP (CSA), ISO 27001, PDPA, GDPR

Industrial Protocols Modbus, OPC DA/UA, IEC 61850, DNP3

OT Security Tools Claroty, Nozomi, Dragos, or equivalent ICS cybersecurity platforms

Security Operations SIEM (Google SecOps / Splunk), SOAR, EDR/XDR, vulnerability management (Tenable, SNYK)

Network & Architecture Firewalls, data diodes, network segmentation (Purdue Model), secure remote access, IT/OT convergence

ICS/SCADA Systems DCS, SCADA, HMI, PLC, RTU — hardening, configuration, and lifecycle management

Cloud & Integration Azure cloud OT governance, edge-to-cloud OT architecture, SD-WAN, IPSEC tunnels

Risk & Compliance Threat Risk Assessments, Business Impact Assessments, Security by Design, vendor security assessments

📜 Certifications (Preferred)

• CISM (Certified Information Security Manager)

• CRISC (Certified in Risk and Information Systems Control)

• CISSP (Certified Information Systems Security Professional)

• GICSP (Global Industrial Cyber Security Professional)

• SANS ICS/OT certifications (e.g., ICS515, ICS410)

• CCNP, PCNSE, NSE 4+ are advantageous

🧠 Soft Skills

• Strong communication and presentation skills — ability to convey complex OT security issues to technical and non-technical stakeholders, including ExCom and Board-level reporting.

• Excellent problem-solving, analytical, and strategic thinking skills.

• Proven track record in leading and managing diverse teams, promoting continuous improvement.

• Ability to navigate multi-market, multi-cultural environments across company's global operations.