Senior OT Cybersecurity & CRA Compliance Architect
Arnex Solutions LLC · Dallas, TX · 1 wk ago
ResearchFull-time
Role Summary
We are seeking an experienced OT Cybersecurity Architect to lead cybersecurity, cyber resilience, and regulatory compliance initiatives in a GMP-regulated pharmaceutical environment. The role focuses on Rockwell PLC (ControLogix/CompactLogix) systems, Ignition SCADA, and compliance with EU Cyber Resilience Act (CRA), IEC 62443/ISA99, ISA 95, GMP, and FDA 21 CFR Part 11.
Key Responsibilities
- Lead CRA implementation and gap assessments for OT systems.
- Define and maintain global OT reference architecture (Purdue model, zones & conduits, DMZ).
- Secure and harden Rockwell PLCs and Ignition SCADA environments.
- Perform OT cyber risk assessments and threat modelling.
- Implement secure configuration baselines for servers and engineering workstations.
- Ensure compliance with GMP & FDA 21 CFR Part 11 (audit trails, electronic records, RBAC).
- Support Computer System Validation (CSV) documentation (URS/NFR/FS/DS/IQ/OQ/PQ).
- Define patch management and vulnerability handling processes for validated OT systems.
- Support audit readiness and regulatory inspections.
Required Skills & Expertise
- OT & Automation
- Rockwell ControlLogix / CompactLogix Studio 5000
- Ethernet/IP
- Ignition SCADA configuration & security
- OPC / Industrial protocols
- Cybersecurity
- IEC 62443 implementation
- Network segmentation & firewall design
- Secure remote access architecture
- Vulnerability & patch management (OT context)
- Threat modeling & risk assessment
- Regulatory & Compliance
- EU Cyber Resilience Act (CRA)
- GMP (Pharma manufacturing systems)
- FDA 21 CFR Part 11
- Computer Svstem Validation (CSV)
- Change control in regulated environments
- System Hardening
- Windows Server hardening (SCADA, Historian, Engineering Stations)
- Active Directory design and security for OT domains
- CIS benchmarks & security baseline implementation
- Group Policy (GPO) hardening and privilege management
- Application listing (e.g., AppLocker)
- Secure service configuration & port minimization
- Local admin restriction & credential protection
- Secure RDP configuration & jump server model
- Patch validation in GMP-regulated environments
- Backup integrity verification & disaster recovery validation
- Log configuration, retention & audit trail protection
Experience Required
- 8+ years in OT / ICS cybersecurity
- 3+ years in Pharma or regulated industry
- Hands-on experience with Rockwell PLC and Ignition SCADA
Preferred Certifications
- IEC 62443 Cybersecurity Expert
- GICSP / CISSP
- Rockwell Automation certifications