OT Cyber Risk Specialist III
Position Summary
The OT Cyber Risk Specialist III is responsible for identifying, assessing, and managing cybersecurity risks across manufacturing operational technology (OT) environments, including industrial control systems (ICS), production networks, manufacturing execution systems (MES), and plant-floor automation. This role partners with manufacturing engineering, plant operations, IT, and cybersecurity teams to protect production systems, ensure operational continuity, and reduce cyber risk without disrupting manufacturing processes.
Key Responsibilities
-
Conduct cybersecurity risk assessments for manufacturing OT environments, including production facilities and plant-floor systems.
-
Identify, evaluate, prioritize, and document cyber risks impacting manufacturing operations.
-
Develop and maintain the OT risk register, ensuring timely tracking of remediation activities.
-
Assess cybersecurity risks associated with manufacturing equipment, industrial automation, robotics, PLCs, HMIs, and manufacturing execution systems (MES).
-
Partner with manufacturing engineering, maintenance, plant operations, and IT teams to implement risk mitigation strategies while minimizing production downtime.
-
Review new manufacturing technologies, automation initiatives, and capital projects to ensure cybersecurity requirements are incorporated into design and deployment.
-
Support accurate OT asset identification and inventory, including asset criticality and business impact.
-
Evaluate cybersecurity risks associated with third-party vendors, OEMs, and remote maintenance access to manufacturing systems.
-
Support vulnerability assessments and remediation planning for manufacturing OT assets.
-
Monitor emerging cyber threats targeting manufacturing organizations and recommend appropriate defensive measures.
-
Participate in OT cybersecurity incident response, root cause analysis, and post-incident corrective actions.
-
Assist with disaster recovery and business continuity planning for manufacturing operations.
-
Develop and maintain manufacturing OT cybersecurity controls, policies, standards, and procedures.
-
Identify and prepare risk and performance metrics for communicating OT cybersecurity posture and remediation progress.
-
Support internal audits, customer assessments, and compliance initiatives related to manufacturing cybersecurity.
-
Contribute to the execution and ongoing enhancement of risk management programs, processes, and strategic initiatives.
-
Assist in conducting risk assessments for third-party vendors, cloud platforms, and business applications to ensure compliance with organizational risk standards, as needed.
Required Qualifications
- Bachelor's degree in Cybersecurity, Information Technology, Engineering, Computer Science, or a related field.
- 5+ years of cybersecurity experience.
- 3+ years supporting manufacturing operational technology (OT) environments.
- Experience conducting cyber risk assessments and facilitating remediation efforts.
- Strong understanding of manufacturing networks, industrial automation, and production systems.
- Knowledge of cybersecurity governance, risk management, and security controls.
- Experience collaborating with plant operations, engineering, maintenance, and IT teams.
- Excellent analytical, communication, and project management skills.
Preferred Qualifications
- Experience supporting smart manufacturing, Industry 4.0, and connected factory initiatives.
- Working knowledge of: IEC 62443, NIST Cybersecurity Framework (CSF), NIST SP 800-82, ISA/IEC industrial cybersecurity standards.
- Experience with OT security platforms such as: Microsoft Defender for IoT, Nozomi Networks, Claroty, Dragos, Tenable.ot.
- Familiarity with manufacturing technologies including: PLCs, SCADA, HMIs, Distributed Control Systems (DCS), Manufacturing Execution Systems (MES), Industrial Ethernet, OPC UA, Modbus, Profinet, EtherNet/IP.
- Preferred Certifications: Global Industrial Cyber Security Professional (GICSP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), GIAC Response and Industrial Defense (GRID).