OT Security Engineer

We use technology to solve problems in spaces, light, and more things to come… for our customers, our communities, and our planet.

Acuity Inc. (NYSE: AYI) is a market-leading industrial technology company. We use technology to solve problems in spaces, light, and more things to come. Through our two business segments, Acuity Brands Lighting and Lighting Controls (ABL) and the Intelligent Spaces Group (ISG), we design, manufacture, and bring to market products and services that make a valuable difference in people’s lives.

We are positioned at the intersection of sustainability and technology. Our businesses develop technology that helps save our customers energy and reduce their carbon emissions. We achieve growth through the development of innovative new products and services, including lighting, lighting controls, building management solutions, and location‑aware applications.

You may utilize this posting to upload your resume and information.

We're seeking a talented OT/ICS cybersecurity specialist to join the Acuity OT/ICS Cyber Security team. You will work closely with other Supply Chain, Engineering, Cybersecurity, IT, and Risk team members to design, implement, and manage security measures for industrial control systems. This role involves conducting security assessments, identifying and mitigating risks, developing security countermeasures, and ensuring compliance with industry standards. The ideal candidate will have a strong background in both cyber security and industrial control systems, with a focus on protecting manufacturing environments.

Location is flexible — we welcome applicants from outside Monterrey!

• Assist with ICs policy review and creation when needed.
• Develop, improve, and maintain detailed processes and procedures for security activities.
• Work with engineering and site operations teams to include security in capital projects and daily activities.
• Oversee various related projects that may include numerous diverse stakeholders.

• Conduct comprehensive security risk assessments of ICs environments, including vulnerability assessments, testing, and risk analysis.
• Identify vulnerabilities and potential threats to ICs networks and systems.
• Develop and implement risk mitigation strategies to address identified risks.
• Work with gap owners to remediate identified gaps and risks.
• Ensure compliance with industry standards and regulations (e.g., ISA/IEC 62443, NIST).
• Conduct regular audits and assessments to ensure ongoing compliance.

• Design, implement, and maintain security architectures for manufacturing and distribution center systems and environments.
• Design and implement cybersecurity countermeasures and security platforms.
• Implement robust network segmentation between IT and ICs networks.

• Performed detailed analysis of new hardware and software to identify hardening opportunities.
• Assist in vulnerability identification, triage, and mitigation.

• Monitor ICs networks for security incidents, analyze threats, and respond to incidents to minimize impact and prevent recurrence.
• Develop and execute incident response plans and playbooks, and provide appropriate support in Incident Response (IR) activities.
• Investigate security incidents and perform forensic analysis.

• Work closely with IT, operations, and engineering teams to integrate security best practices into ICs design and operations.
• Provide training and awareness programs for staff on ICs security best practices.
• Collaborate with external stakeholders, including vendors and regulatory bodies.

An ICs Security Operations Specialist will have proven experience protecting industrial control systems (ICs) in critical manufacturing infrastructure:

• Bilingual and a completed degree is required.
• A working knowledge of industrial control systems (e.g., DCS, PLCs, SCADA, etc.).
• Strong understanding of cybersecurity frameworks for ICs/OT environments (ISA-99/IEC 62443, NIST SP 800-82, CIS, etc.).
• Knowledge of IT and OT security best practices; a practical understanding of the differences.
• Understanding protocols common in ICs environments (e.g., Ethernet/IP, CIP, Modbus, OPC, etc.) and industrial networking topologies (e.g., ring, star, etc.).
• Familiar with security technologies within the ICs environment such as firewalls, IDS, endpoint security solutions, access control systems, and other related security technologies.
• Strong understanding of network architecture and cybersecurity principles.
• Excellent analytical, problem‑solving, and communication skills.
• Ability to work independently and as part of a multidisciplinary team.

• #LI-DP1

We value diversity and are an equal opportunity organization. All qualified applicants will be considered for employment without regard to race, color, age, gender, sexual orientation, gender identity and expression, ethnic or national origin, disability, pregnancy, and religion.

Any unsolicited resume submitted to Acuity Inc. by a third party, such as an Agency recruiter, including unsolicited resumes sent to an Acuity Inc. mailing address, fax machine, or email address, directly to Acuity Brands employees or to the Acuity Brands resume database, shall be deemed the property of Acuity Inc.. Acuity Inc. will NOT pay a fee for any hiring resulting from the receipt of an unsolicited resume.

Any candidate for whom an Agency has submitted an unsolicited resume will be deemed by Acuity Inc. to have been referred by the Agency free of charge or fee. This includes any agency that is an approved/contracted provider but does not have the proper approvals to participate in a search.