Senior OT Cybersecurity & CRA Compliance Architect

Senior Ot Cybersecurity & Cra Compliance Architect

We are seeking a highly experienced Senior OT Cybersecurity & CRA Compliance Architect to lead cybersecurity architecture, cyber resilience, and regulatory compliance initiatives within a GMP-regulated pharmaceutical manufacturing environment.

This role will be responsible for designing, implementing, and governing secure Operational Technology (OT) environments, with a strong focus on Rockwell Automation PLC platforms (Control Logix, Compact Logix) and Ignition SCADA systems. The successful candidate will play a critical role in ensuring compliance with the EU Cyber Resilience Act (CRA), IEC 62443/ISA
99, ISA-95, GMP, and FDA 21 CFR Part 11 requirements while supporting digital transformation and manufacturing modernization initiatives.

The position requires a blend of OT cybersecurity expertise, regulatory compliance knowledge, and pharmaceutical manufacturing experience.

• Lead the development, implementation, and continuous improvement of OT cybersecurity architecture across manufacturing and laboratory environments.
• Define and maintain enterprise OT reference architectures aligned with the Purdue Enterprise Reference Architecture, including network segmentation, zones and conduits, and industrial DMZ design.
• Develop cybersecurity standards, policies, and technical guidelines for industrial control systems and manufacturing platforms.
• Collaborate with engineering, automation, validation, quality, and IT teams to integrate cybersecurity requirements into project life cycles.

• Lead Cyber Resilience Act (CRA) implementation programs, readiness assessments, and remediation initiatives.
• Conduct cybersecurity gap assessments against IEC 62443, ISA
  99, NIST Cybersecurity Framework, and pharmaceutical industry best practices.
• Establish governance frameworks to ensure ongoing compliance with applicable regulatory and cybersecurity requirements.
• Support regulatory inspections, internal audits, and customer audits related to cybersecurity and compliance.

• Secure, harden, and maintain Rockwell Automation environments, including Control Logix, Compact Logix, Factory Talk, and associated engineering platforms.
• Design and implement secure architectures for Ignition SCADA systems and supporting infrastructure.
• Define and maintain secure configuration baselines for servers, engineering workstations, HMIs, and industrial network components.
• Evaluate and implement cybersecurity controls for OT assets, including access management, logging, monitoring, and network security.

• Perform OT cybersecurity risk assessments, threat modelling, and security impact analyses.
• Identify vulnerabilities and develop mitigation strategies while maintaining validated system status.
• Define and oversee patch management and vulnerability remediation processes for validated GMP systems.
• Support incident response planning, cyber resilience testing, disaster recovery, and business continuity initiatives.

• Ensure compliance with GMP requirements and FDA 21 CFR Part 11 regulations, including:
• Electronic records and signatures
• Audit trail integrity
• Role-based access control (RBAC)
• Data integrity controls
• Support Computer System Validation (CSV) activities and documentation, including:
• User Requirements Specifications (URS)
• Non-Functional Requirements (NFR)
• Functional Specifications (FS)
• Design Specifications (DS)
• Installation Qualification (IQ)
• Operational Qualification (OQ)
• Performance Qualification (PQ)
• Provide cybersecurity expertise during validation and change control processes.

• Serve as a trusted advisor to manufacturing, quality, validation, engineering, and IT leadership teams.
• Provide technical guidance and mentorship to engineering and cybersecurity teams.
• Support strategic initiatives related to smart manufacturing, digital transformation, and OT modernization.