HiringCafe
Posted 3mo ago

Global OT Security Architect – Identity & Networks

@ Impala Terminals
View All Jobs
United States
OnsiteFull Time
Responsibilities:Define architecture, Govern remote, Manage IAM
Requirements Summary:Design and govern OT security, IAM, remote access, and data management for OT networks; implement Zero Trust, firewall lifecycle, and secure remote access; ensure regulatory alignment.
Technical Tools Mentioned:Zero Trust, Active Directory, Privileged Access Management, MFA, encryption
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Key Responsibilities: Responsibilities include but are not limited to:

 

1. Network Architecture & Segmentation

  • Define and own secure OT network architecture aligned to IEC 62443 zone and conduit models utilising firewalls and data diodes.

  • Establish defense-in-depth architecture across OT, IT/OT DMZ, safety systems and remote access zones.

·         Define secure connectivity for OT–IT, OT–Cloud and vendor integrations.

  • Review and approve OT network changes for cyber-physical risk impact.

  • Integrate identity-aware networking and Zero Trust principles where operationally feasible.

  • Oversee firewall rule lifecycle management, including review, validation, documentation and periodic recertification.

  • Ensure firewall configurations support deterministic traffic, legacy protocols and high availability requirements in OT environments.

2. Remote Access (Internal & Third Party)

  • Architect and govern secure remote access solutions for OT environments, including vendor and contractor access.

  • Ensure all remote access is identity-based, least-privilege, monitored and auditable.

  • Define secure patterns for jump hosts, architectures and privileged session management.

  • Enforce segmentation and time-bound access for remote connections to OT assets.

  • Align remote access controls with safety, availability and regulatory requirements.

  • Establish incident-ready remote access capabilities, including rapid isolation and revocation.

3. Identity & Access Management (IAM)

  • Define OT-specific IAM architecture and control models aligned with risk tolerance.

  • Ability to identify and mitigate potential security risks and vulnerabilities related to identity and access management.

  • Govern the use of Active Directory and directory services in OT, including trust relationships and segmentation boundaries.

  • Ensure strong authentication (e.g., MFA, certificates) for privileged and remote OT access, adapted to operational constraints.

  • Define and oversee Identity Governance & Administration (IGA) processes for OT users, vendors and service accounts.

  • Architect and govern Privileged Access Management (PAM) for engineering systems, administrators and service accounts.

  • Manage machine and non-human identities, including certificates, keys and service accounts.

  • Ensure identity controls support availability, safety and incident response requirements.

4. Data Management (Security & Access Focused)

  • Define and govern secure OT data flows across zones, conduits and trust boundaries.

  • Ensure OT data access is identity-controlled, role-based and least-privilege.

  • Design and approve architectures for OT data integration (historians, cloud platforms etc).

  • Ensure encryption, integrity and secure transport for OT data in transit.

  • Support data classification and risk assessment for safety-critical and regulated OT data.

  • Ensure data architectures do not compromise operational availability or safety.

5. Crossover Responsibilities

  • Translate OT cyber risks into business, safety and operational risk language.

  • Support audits, regulatory assessments, and assurance activities related to OT cyber risk.

  • Act as a bridge between engineering, operations, IT and security teams.