Operations Technology Cybersecurity Manager 1

Location: 

Monterrey, Nuevo Leon, Mexico

Requisition ID:  42376
Department:  Business

Nemak is dedicated to developing technological solutions that make sustainable mobility possible.

We are committed to working together across disciplines to drive innovation and to shape the future of automotive lightweighting.

Global Operations Technology Cybersecurity Manager

 

Objective

Develop and implement an Operations Technology Cybersecurity Program (OT Cybersecurity Program) to improve the security posture in our production plants globally to reduce the likelihood of cybersecurity-related disruptions.

The OT Cybersecurity Program should aim to ensure business's continuity and resiliency to protect our manufacturing operations.

 

Main Responsibilities

  • Develop and execute a comprehensive Global Security Strategy: Create and implement a strategic plan to safeguard the organization's operations technology systems and infrastructure.                                                 
  • Risk assessment and management: Identify potential vulnerabilities and risks within the operations technology environment and develop strategies to mitigate them effectively.
  • Security policy and procedure development: Establish and enforce security policies, standards, and procedures that align with industry best practices and regulatory requirements.                                                                                                                            
  • Incident response and management: Develop and oversee protocols for handling security incidents, including investigation, containment, and recovery.                             
  • Security awareness and training: Implement training programs to enhance OT Staff understanding of security threats, promote a culture of security awareness, and ensure compliance with security policies.                                                                                            
  • Evaluate relationships with vendors and service providers to ensure their adherence to security requirements and standards and define proper controls to reduce the risk of a security incident.
  • Security audits and compliance: Ensure regular audits and assessments are conducted to evaluate the effectiveness of security controls and address any identified gaps.               
  • Security architecture and technology: Collaborate with IT teams to design and implement secure network infrastructure, access controls, and monitoring systems for operations technology.                                                                                                                                   
  • Define processes to report incidents and properly communicate them to the management and organization. Define processes to have a global overview of incidents, and vulnerabilities, and define risk mitigation measures.                                                        
  • Define, plan, implement and monitor the controls to reduce the risk associated to cyberattacks in plant operations globally at Nemak.
  • Collaborate with Plant Managers, Operations Directors and OT Staff in the plants to ensure controls and processes are implemented to improve cybersecurity posture in the plants.
  • Develop a strategic plan and measures to protect and secure the technology systems in plant operations to ensure business's continuity and resilience.
  • Collaborate with Plant Managers, Operations Directors and OT Staff in the plants to ensure controls and processes are implemented to improve cybersecurity posture in the plants.

 

Position Requirements

  • Bachelor's Degree in Industrial Engineering, Mechatronic Engineering and Systems Engineering. Master degree is desirable
  • Experience required: Cybersecurity Frameworks: NIST, ISO27001, CIS, Risk Assessment and Management, Incident Response and Forensics, Network and Infrastructure Design, Industrial Control Systems (ICS).
  • Solid experience in information security, with a focus on operational technology (OT) systems
  • In-depth knowledge of OT systems, protocols, and technologies, including SCADA, PLC, DCS, and industrial control systems (ICS)
  • Strong understanding of cyber threats and vulnerabilities specific to OT environments, and experience implementing security controls to mitigate risks.
  • Knowledge on relevant regulations and standards, such as NIST SP 800-82, IEC 62443, and ISO 27001.
  • Experience with security assessment tools and techniques, including vulnerability scanning and penetration testing of OT systems.
  • Strong project management skills with the ability to prioritize and manage multiple initiatives simultaneously.
  • Excellent analytical and problem-solving skills, with the ability to quickly identify and resolve security issues.
  • Strong communication and leadership skills, with the ability to collaborate effectively with cross-functional teams and senior management.
  • Relevant certifications such as CISSP, CISM, GIAC GICSP, or equivalent are highly desirable.
  • Experience defining and implementing Information Security OT Strategies.
  • Self-Motivation and initiative
  • Advanced English and Spanish.

 

At Nemak, Diversity, Equity and Inclusion (D&I) play a fundamental role in everything we do and are the underlying platform on which our culture is built. We foster a culture that is safe, respectful, fair and inclusive for all of our employees and job applicants. Our value proposition relies on innovation and cross-cultural teamwork, which is only possible when we strive for belonging and commitment to Diversity, Equity and Inclusion. We understand the impact equality and of varied perspectives that welcome better ideas to solve complex problems for improvement and transformation.

 

We are proud to have bias-free conditions of employment, including recruiting, hiring, placement, and promotions, and we welcome all our employees and job applicants. We strongly prohibit any form of workplace harassment or discrimination based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status.

Global Operations Technology Cybersecurity Manager

 

Objective

Develop and implement an Operations Technology Cybersecurity Program (OT Cybersecurity Program) to improve the security posture in our production plants globally to reduce the likelihood of cybersecurity-related disruptions.

The OT Cybersecurity Program should aim to ensure business's continuity and resiliency to protect our manufacturing operations.

 

Main Responsibilities

  • Develop and execute a comprehensive Global Security Strategy: Create and implement a strategic plan to safeguard the organization's operations technology systems and infrastructure.                                                 
  • Risk assessment and management: Identify potential vulnerabilities and risks within the operations technology environment and develop strategies to mitigate them effectively.
  • Security policy and procedure development: Establish and enforce security policies, standards, and procedures that align with industry best practices and regulatory requirements.                                                                                                                            
  • Incident response and management: Develop and oversee protocols for handling security incidents, including investigation, containment, and recovery.                             
  • Security awareness and training: Implement training programs to enhance OT Staff understanding of security threats, promote a culture of security awareness, and ensure compliance with security policies.                                                                                            
  • Evaluate relationships with vendors and service providers to ensure their adherence to security requirements and standards and define proper controls to reduce the risk of a security incident.
  • Security audits and compliance: Ensure regular audits and assessments are conducted to evaluate the effectiveness of security controls and address any identified gaps.               
  • Security architecture and technology: Collaborate with IT teams to design and implement secure network infrastructure, access controls, and monitoring systems for operations technology.                                                                                                                                   
  • Define processes to report incidents and properly communicate them to the management and organization. Define processes to have a global overview of incidents, and vulnerabilities, and define risk mitigation measures.                                                        
  • Define, plan, implement and monitor the controls to reduce the risk associated to cyberattacks in plant operations globally at Nemak.
  • Collaborate with Plant Managers, Operations Directors and OT Staff in the plants to ensure controls and processes are implemented to improve cybersecurity posture in the plants.
  • Develop a strategic plan and measures to protect and secure the technology systems in plant operations to ensure business's continuity and resilience.
  • Collaborate with Plant Managers, Operations Directors and OT Staff in the plants to ensure controls and processes are implemented to improve cybersecurity posture in the plants.

 

Position Requirements

  • Bachelor's Degree in Industrial Engineering, Mechatronic Engineering and Systems Engineering. Master degree is desirable
  • Experience required: Cybersecurity Frameworks: NIST, ISO27001, CIS, Risk Assessment and Management, Incident Response and Forensics, Network and Infrastructure Design, Industrial Control Systems (ICS).
  • Solid experience in information security, with a focus on operational technology (OT) systems
  • In-depth knowledge of OT systems, protocols, and technologies, including SCADA, PLC, DCS, and industrial control systems (ICS)
  • Strong understanding of cyber threats and vulnerabilities specific to OT environments, and experience implementing security controls to mitigate risks.
  • Knowledge on relevant regulations and standards, such as NIST SP 800-82, IEC 62443, and ISO 27001.
  • Experience with security assessment tools and techniques, including vulnerability scanning and penetration testing of OT systems.
  • Strong project management skills with the ability to prioritize and manage multiple initiatives simultaneously.
  • Excellent analytical and problem-solving skills, with the ability to quickly identify and resolve security issues.
  • Strong communication and leadership skills, with the ability to collaborate effectively with cross-functional teams and senior management.
  • Relevant certifications such as CISSP, CISM, GIAC GICSP, or equivalent are highly desirable.
  • Experience defining and implementing Information Security OT Strategies.
  • Self-Motivation and initiative
  • Advanced English and Spanish.

 

At Nemak, Diversity, Equity and Inclusion (D&I) play a fundamental role in everything we do and are the underlying platform on which our culture is built. We foster a culture that is safe, respectful, fair and inclusive for all of our employees and job applicants. Our value proposition relies on innovation and cross-cultural teamwork, which is only possible when we strive for belonging and commitment to Diversity, Equity and Inclusion. We understand the impact equality and of varied perspectives that welcome better ideas to solve complex problems for improvement and transformation.

 

We are proud to have bias-free conditions of employment, including recruiting, hiring, placement, and promotions, and we welcome all our employees and job applicants. We strongly prohibit any form of workplace harassment or discrimination based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status.