OT Security Engineer

As OT Security Engineer, you will work in collaboration with the Sector Cyber Organization to assure the secure operations of a site, protecting against business interruption due to internal and external incidents. Reporting to the Automation Manager, you will be a member of the Engineering site team.

1. Lead implementation of site Cybersecurity initiatives in alignment with global standards, policies, and guidelines.
2. Promote security culture and drive continuous improvement efforts in the area of cybersecurity.
3. Provide cybersecurity direction to local Manufacturing, Engineering, Automation, QC Labs, and Digital teams.
4. Manage cybersecurity in site Business Continuity Plan, site risk register, follow up with stakeholders, and provide global visibility.
5. Carry out internal OT cybersecurity assessments and represent the site in cybersecurity audits.
6. Orchestrate Security Incident Management process as a Single Point of Contact for a local site and the CISO Organizations.
7. Manage OT security risk situations, elaborating a roadmap for cybersecurity mitigation and remediation actions.
8. Implement the actions defined in the cybersecurity roadmap for OT equipment and systems.
9. Support local OT teams focusing on patching, antivirus, backup & restore, remote maintenance, and asset inventory.
10. Support local OT teams on the integration of equipment and systems of the Production and Lab areas to existing industrial communication networks following the global and local standards.

1. You have a Graduate Degree in the field of Automation, Industrial IT/OT, Cybersecurity, or comparable.
2. You have around 5 years of experience in the pharmaceutical industry or similar, as a project manager commissioning and troubleshooting automation systems and assets, participating in projects for the integration of OT equipment in the IT/OT networks, managing cybersecurity risks, and defining and implementing cybersecurity mitigation and remediation actions.
3. You have experience in a GxP regulated environment, defining functional specifications, SOPs, and maintaining them updated.
4. You have experience in life cycle management of applications, incident management, and change management protocols.
5. Knowledge of industry-leading cybersecurity standards: ISA, IEC, ISO, NIST, Namur, ENISA, BSI is appreciated.
6. You have experience in cybersecurity assessments and audits.
7. You have experience working with Siemens PLCs, Wonderware SCADAs, Siemens HMI systems, as well as Virtual Infrastructures, Industrial communications, and Databases.
8. You have strong stakeholder management, communication, and organizational skills to work with local and global colleagues.
9. You are fluent in Spanish and English.