Industrial Cybersecurity Analyst

Job Responsibilities:

1Strategic Support

• Work with the head of cybersecurity to review the security architecture design for Industrial environment.
• Provide the head of cybersecurity with a useful overview of the risks and threats that exist in the Industrial sites by supervising the collection, analysis, and assessment of the current and potential threat landscape.
• Take part in the OT policy & procedure-making process in collaboration with HQ
• Keep an eye on and report on both policy enforcement and adherence to security regulations.
• To guarantee operational effectiveness and regulatory compliance, suggest modifications to current policies and processes.
• Ensure implementation of HQ worldwide Operational security policies and procedures by adapting them to Indian cybersecurity legislation and business realities.

2Security Liaison

• Participate in developing a plan and deliver OT security awareness, training, and communication to audiences, which may include field personnel and senior leaders, in collaboration with the head of cybersecurity.
• To raise staff security awareness, create and carry out regional information security training programs and oversee the creation and practice of regional contingency plans.
• Give the Indian technical team specialized training in vulnerability management network hardening, SCADA & PLC hardening.
• Take part in forums for problem and change management and oversee production-related issues and incidents.
• Evaluate cyber-Risks to ICS ecosystem which may include SCADA, PLC, EMS etc.
• Lead Risk assessment exercise for Industrial environment and use Threat, vulnerabilities, likelihood and impact to determine risk.
• Work with various stakeholders to identify supply chain risk and suggest & ensure mitigation plans are in place.

3Engineering Support

• Assist in the creation of a comprehensive cyber security strategy and roadmap(s).
• Work along with HQ in design solution architectures and blueprints aligned with business, technology, and security goals.
• Address security architecture and design challenges across various teams while managing interdependencies.
• Oversee routine vulnerability assessments, formulate hardening strategies, and drive efforts for remediation.
• Ensure product security compliances to 62443-4 requirements and system security compliance to 62443-3
• Collaborate with the relevant team to ensure security is incorporated into the assessment, selection, installation, and configuration of hardware, applications, and software.
• Partner with the farm/plant team to ensure that vulnerabilities are identified and mitigated.

4Asset and Compliance Management

• Ensure Management of the lifecycle of network assets in India region,
• Establishing standardized processes for device onboarding, changes, and decommissioning.
• Ensure compliance to regulatory requirements.
• Ensure backup management and Endpoint security of Assets.
• Protect data-at-rest and data-in-transit.
• Ensure adequate capacity to maintain availability.
• Implement protections against data leaks.
• Use integrity checking mechanisms to verify software, firmware, hardware and information integrity.
• Work with HQ on the product vulnerabilities and ensure the patches are deployed in time.
• Ensure there is separate development and testing environment(s) from the production environment.

5Incident Handling

• Provide OT related inputs for CCMP plan in coordination with HQ.
• Monitor and respond to security incidents. As the security interface in India, work with the headquarters to handle security issues.
• Conduct Mock drills.
• Identify improvement plans and ensure implementation.

Qualifications:

1Educational Background

• Bachelor of Engineering degree or higher degree in Computer Science, Information Security, Instrumentation engineering, Electrical, Electronics /Communication Engineering, or a related field.

2Experience Requirements

• Overall 8+ years of experience in network device & Endpoint (Windows &

Linux based) management in Industrial environment with 3-5 years of

experience in the OT security field.

• Experience in Energy/Power Industry is added advantage.
• Experience in OEM is Plus
• Familiarity with Indian cybersecurity legal frameworks is a preferred.

3Skill Requirements

• Proficient in standards such as ISO 27001, IEC 62443, NIST 800-82r3, as well as CIS baseline and skilled in security tools like firewalls, IDS/IPS, and SIEM, Secure remote access etc.
• Practical experience in vulnerability management, and network & endpoints hardening.
• Hands on experience in managing security of SCADA, PLC and industrial

network devices

• Familiarization with various Industrial Protocols like Modbus, Fieldbus, DNP3, Ethernet IP, TCP/IP, IEC104, goose etc.
• Good understanding of concepts of Industry 4.0, cyber physical systems, digital twin, Purdue reference architecture.
• Understanding of data sovereignty regulations (e.g., India's data localization requirements, CEA cyber security regulations) and cross-border data transfer solutions.

4Soft Skills

• Excellent organizational and coordination skills, capable of independently managing various cybersecurity tasks for Indian operations.
• Strong cross-cultural communication skills, able to coordinate needs between headquarters and local teams.

5Language and Certifications

• Proficient in English (working language), with Chinese communication skills as a plus.
• Preference for holders of certifications such as GICSP, IEC 62443 series. CISSP, CISA, CISM, CRISC,