Benefits: 13th Month Salary

Key Responsibilities

Strategic Leadership & Programme Direction

Define and direct OT cybersecurity initiatives that improve the security posture of company's global OT environments, aligned with the Group Cybersecurity Framework (based on NIST CSF).

Lead and manage a team of OT cybersecurity engineers and analysts, ensuring consistent and effective cyber programme implementation across all markets (Singapore, India, UK, China, Southeast Asia, Middle East).

Own the OT cybersecurity roadmap, including technology refresh, tool adoption, and capability uplift aligned with company's Cybersecurity Framework objectives.

Drive continuous improvement of end-to-end OT threat detection, incident response, and vulnerability management processes.

Report to senior leadership on OT cybersecurity risk posture, programme effectiveness, and key metrics via the Monthly Cybersecurity Committee and ExCom briefings.

OT Security Architecture & Engineering

Lead the design and implementation of secure OT network architectures across CII and non-CII sites, ensuring proper segmentation (Purdue Model Levels 0–3.5), data diodes, firewalls, and secure communication protocols.

Oversee hardening of ICS assets including DCS, SCADA, HMI, PLC, RTU, and engineering workstations across power generation, water treatment, wind, and solar sites.

Drive secure IT/OT integration initiatives, including edge-to-cloud OT architectures, ensuring audit-ready baselines and compliance with international OT security standards.

Provide Security by Design (SBD) advisory for all new OT projects, including vendor remote operations, ensuring security requirements are embedded from the tender stage through go-live.

Risk Management & Regulatory Compliance

Lead risk assessments and Threat Risk Assessments (TRAs) across OT environments, ensuring compliance with NIST CSF, ISO 27001:2022, IEC 62443, and Singapore's CII regulations (CCoP by CSA, WSCP by PUB).

Ensure alignment with company's Operational Technology (OT) Security Policy, Group Cybersecurity Policy, and the Security Requirement – OT Centralised framework.

Ensure regulatory and compliance adherence across global frameworks (ISO 27001, NIST, CCoP, PDPA, GDPR) and local requirements.

Lead audit readiness — prepare for and represent OT cybersecurity during CSA, PUB, and internal assurance reviews.

Security Operations & Incident Response

Oversee OT security monitoring operations, including SIEM integration (Google SecOps), OT-specific tools (Claroty, Nozomi), and endpoint protection across all sites.

Lead investigation and remediation of major OT cyber security incidents, coordinating with internal teams (O&M, Maintenance IAC, Group Digital) and external incident response partners.

Ensure all alerts are managed per company's Security Operations Standard and incident response procedures.

Monitor the threat landscape — track APT campaigns, regional threat intelligence, and adapt OT defences accordingly.

Vendor & Third-Party Security Management

Enforce company's vendor security requirements, including NDA, GT&C, DPA, ISO 27001/SOC 2 compliance, and independent penetration testing for all OT-related vendors.

Oversee OT vendor cybersecurity assessments, including evaluating remote monitoring and control proposals.

Ensure maintenance contracts for key OT systems include patching, support, SLA, and IR reporting requirements.

People Development & Collaboration

Build, mentor, and grow the OT cybersecurity team, promoting continuous improvement and professional development.

Collaborate with Cyber Tech Risk, Cyber Operations, Cyber Threat Defence, and Cyber Assurance teams.

Drive cybersecurity awareness training for plant personnel, ensuring frequency of at least once per year with regular awareness messaging.

Ensure the team stays updated with the latest advancements in OT cybersecurity technologies, global threat landscape, and regulatory developments.

Requirements

Education

Bachelor's degree in Computer Science, Engineering, Cybersecurity, Control Systems, or a related field.

Experience

Minimum 8–12 years of experience in cybersecurity, with at least 5 years specialising in OT/ICS/SCADA environments, preferably in energy, utilities, or critical infrastructure.

At least 3 years in a leadership or management role, leading cybersecurity teams or programmes.

Well-experienced in at least one major industrial control system (e.g., Siemens PCS 7, ABB 800xA, Honeywell PKS, GE Mark VIe, Schneider Electric).

Hands-on experience in security operations, engineering, architecture, and GRC.

Technical Skills

Area Requirements

Standards & Frameworks IEC 62443, NIST CSF, ISA/IEC standards, WSCP (PUB), CCoP (CSA), ISO 27001, PDPA, GDPR

Industrial Protocols Modbus, OPC DA/UA, IEC 61850, DNP3

OT Security Tools Claroty, Nozomi, Dragos, or equivalent ICS cybersecurity platforms

Security Operations SIEM (Google SecOps / Splunk), SOAR, EDR/XDR, vulnerability management (Tenable, SNYK)

Network & Architecture Firewalls, data diodes, network segmentation (Purdue Model), secure remote access, IT/OT convergence

ICS/SCADA Systems DCS, SCADA, HMI, PLC, RTU — hardening, configuration, and lifecycle management

Cloud & Integration Azure cloud OT governance, edge-to-cloud OT architecture, SD-WAN, IPSEC tunnels

Risk & Compliance Threat Risk Assessments, Business Impact Assessments, Security by Design, vendor security assessments

Certifications (Preferred)

CISM (Certified Information Security Manager)

CRISC (Certified in Risk and Information Systems Control)

CISSP (Certified Information Systems Security Professional)

GICSP (Global Industrial Cyber Security Professional)

SANS ICS/OT certifications (e.g., ICS515, ICS410)

CCNP, PCNSE, NSE 4+ are advantageous

Soft Skills

Strong communication and presentation skills — ability to convey complex OT security issues to technical and non-technical stakeholders, including ExCom and Board-level reporting.

Excellent problem-solving, analytical, and strategic thinking skills.

Proven track record in leading and managing diverse teams, promoting continuous improvement.

Ability to navigate multi-market, multi-cultural environments across company's global operations.