Position OverviewWe are seeking a highly experienced
Senior OT Cybersecurity & CRA Compliance Architect to lead cybersecurity architecture, cyber resilience, and regulatory compliance initiatives within a GMP-regulated pharmaceutical manufacturing environment.
This role will be responsible for designing, implementing, and governing secure Operational Technology (OT) environments, with a strong focus on
Rockwell Automation PLC platforms (ControlLogix, CompactLogix) and
Ignition SCADA systems. The successful candidate will play a critical role in ensuring compliance with the
EU Cyber Resilience Act (CRA),
IEC 62443/ISA99,
ISA-95,
GMP, and
FDA 21 CFR Part 11 requirements while supporting digital transformation and manufacturing modernization initiatives.
The position requires a blend of OT cybersecurity expertise, regulatory compliance knowledge, and pharmaceutical manufacturing experience.
Key ResponsibilitiesOT Cybersecurity Architecture & Strategy- Lead the development, implementation, and continuous improvement of OT cybersecurity architecture across manufacturing and laboratory environments.
- Define and maintain enterprise OT reference architectures aligned with the Purdue Enterprise Reference Architecture, including network segmentation, zones and conduits, and industrial DMZ design.
- Develop cybersecurity standards, policies, and technical guidelines for industrial control systems and manufacturing platforms.
- Collaborate with engineering, automation, validation, quality, and IT teams to integrate cybersecurity requirements into project lifecycles.
Cyber Resilience & Regulatory Compliance- Lead Cyber Resilience Act (CRA) implementation programs, readiness assessments, and remediation initiatives.
- Conduct cybersecurity gap assessments against IEC 62443, ISA99, NIST Cybersecurity Framework, and pharmaceutical industry best practices.
- Establish governance frameworks to ensure ongoing compliance with applicable regulatory and cybersecurity requirements.
- Support regulatory inspections, internal audits, and customer audits related to cybersecurity and compliance.
Industrial Control Systems Security- Secure, harden, and maintain Rockwell Automation environments, including ControlLogix, CompactLogix, FactoryTalk, and associated engineering platforms.
- Design and implement secure architectures for Ignition SCADA systems and supporting infrastructure.
- Define and maintain secure configuration baselines for servers, engineering workstations, HMIs, and industrial network components.
- Evaluate and implement cybersecurity controls for OT assets, including access management, logging, monitoring, and network security.
Risk Management & Vulnerability Management- Perform OT cybersecurity risk assessments, threat modelling, and security impact analyses.
- Identify vulnerabilities and develop mitigation strategies while maintaining validated system status.
- Define and oversee patch management and vulnerability remediation processes for validated GMP systems.
- Support incident response planning, cyber resilience testing, disaster recovery, and business continuity initiatives.
GMP, Validation & Data Integrity- Ensure compliance with GMP requirements and FDA 21 CFR Part 11 regulations, including:
- Electronic records and signatures
- Audit trail integrity
- Role-based access control (RBAC)
- Data integrity controls
- Support Computer System Validation (CSV) activities and documentation, including:
- User Requirements Specifications (URS)
- Non-Functional Requirements (NFR)
- Functional Specifications (FS)
- Design Specifications (DS)
- Installation Qualification (IQ)
- Operational Qualification (OQ)
- Performance Qualification (PQ)
- Provide cybersecurity expertise during validation and change control processes.
Stakeholder Engagement- Serve as a trusted advisor to manufacturing, quality, validation, engineering, and IT leadership teams.
- Provide technical guidance and mentorship to engineering and cybersecurity teams.
- Support strategic initiatives related to smart manufacturing, digital transformation, and OT modernization.
RequirementsRequired Qualifications- Bachelor's degree in Computer Science, Cybersecurity, Engineering, Information Technology, Automation Engineering, or a related discipline.
- 10+ years of experience in OT cybersecurity, industrial automation, or control systems engineering.
- 5+ years of experience within pharmaceutical, biotechnology, life sciences, or other regulated manufacturing environments.
- Hands-on experience with:
- Rockwell ControlLogix and CompactLogix PLC platforms
- Ignition SCADA
- Industrial networking and segmentation
- OT infrastructure hardening
- Strong knowledge of:
- EU Cyber Resilience Act (CRA)
- IEC 62443 / ISA99
- ISA-95
- NIST Cybersecurity Framework
- GMP regulations
- FDA 21 CFR Part 11
- Experience conducting cybersecurity assessments, threat modelling, and remediation planning.
- Experience supporting CSV and validation activities in regulated environments.
- Excellent communication and stakeholder management skills.
Preferred Qualifications- Professional certifications such as:
- ISC2 CISSP
- ISACA CISM
- GIAC GICSP
- IEC 62443 Cybersecurity Expert Certification
- Experience with FactoryTalk Suite, MES platforms, historians, and manufacturing execution systems.
- Knowledge of cloud-connected industrial environments and Industrial IoT security.
- Experience supporting global pharmaceutical manufacturing networks and multi-site OT environments.
Key Competencies- OT Cybersecurity Architecture
- Cyber Resilience & CRA Compliance
- Industrial Control Systems Security
- Pharmaceutical Regulatory Compliance
- Risk Assessment & Threat Modelling
- GMP & Data Integrity
- Computer System Validation (CSV)
- Stakeholder Management
- Strategic Leadership
- Problem Solving & Continuous Improvement
