Global OT Security Architect – Identity & Networks

Impala Terminals

Greater Madrid Metropolitan Area

Description

Key Responsibilities: Responsibilities include but are not limited to:

  • Network Architecture & Segmentation
  • Define and own secure OT network architecture aligned to IEC 62443 zone and conduit models utilising firewalls and data diodes.
  • Establish defense-in-depth architecture across OT, IT/OT DMZ, safety systems and remote access zones.
  • Define secure connectivity for OT–IT, OT–Cloud and vendor integrations.
  • Review and approve OT network changes for cyber-physical risk impact.
  • Integrate identity-aware networking and Zero Trust principles where operationally feasible.
  • Oversee firewall rule lifecycle management, including review, validation, documentation and periodic recertification.
  • Ensure firewall configurations support deterministic traffic, legacy protocols and high availability requirements in OT environments.
  • Remote Access (Internal & Third Party)
  • Architect and govern secure remote access solutions for OT environments, including vendor and contractor access.
  • Ensure all remote access is identity-based, least-privilege, monitored and auditable.
  • Define secure patterns for jump hosts, architectures and privileged session management.
  • Enforce segmentation and time-bound access for remote connections to OT assets.
  • Align remote access controls with safety, availability and regulatory requirements.
  • Establish incident-ready remote access capabilities, including rapid isolation and revocation.
  • Identity & Access Management (IAM)
  • Define OT-specific IAM architecture and control models aligned with risk tolerance.
  • Ability to identify and mitigate potential security risks and vulnerabilities related to identity and access management.
  • Govern the use of Active Directory and directory services in OT, including trust relationships and segmentation boundaries.
  • Ensure strong authentication (e.g., MFA, certificates) for privileged and remote OT access, adapted to operational constraints.
  • Define and oversee Identity Governance & Administration (IGA) processes for OT users, vendors and service accounts.
  • Architect and govern Privileged Access Management (PAM) for engineering systems, administrators and service accounts.
  • Manage machine and non-human identities, including certificates, keys and service accounts.
  • Ensure identity controls support availability, safety and incident response requirements.
  • Data Management (Security & Access Focused)
  • Define and govern secure OT data flows across zones, conduits and trust boundaries.
  • Ensure OT data access is identity-controlled, role-based and least-privilege.
  • Design and approve architectures for OT data integration (historians, cloud platforms etc).
  • Ensure encryption, integrity and secure transport for OT data in transit.
  • Support data classification and risk assessment for safety-critical and regulated OT data.
  • Ensure data architectures do not compromise operational availability or safety.
  • Crossover Responsibilities
  • Translate OT cyber risks into business, safety and operational risk language.
  • Support audits, regulatory assessments, and assurance activities related to OT cyber risk.
  • Act as a bridge between engineering, operations, IT and security teams.