Global OT Security Architect – Identity & Networks

*
* Key Responsibilities:

*
* * Responsibilities include but are not limited to:
* ** 1. Network Architecture & Segmentation
*** Define and own secure OT network architecture aligned to IEC 62443 zone and conduit models utilising firewalls and data diodes.
* Establish defense-in-depth architecture across OT, IT/OT DMZ, safety systems and remote access zones.
· Define secure connectivity for OT–IT, OT–Cloud and vendor integrations.
* Review and approve OT network changes for cyber-physical risk impact.
* Integrate identity-aware networking and Zero Trust principles where operationally feasible.
* Oversee firewall rule lifecycle management, including review, validation, documentation and periodic recertification.
* Ensure firewall configurations support deterministic traffic, legacy protocols and high availability requirements in OT environments.
** 2. Remote Access (Internal & Third Party)
*** Architect and govern secure remote access solutions for OT environments, including vendor and contractor access.
* Ensure all remote access is identity-based, least-privilege, monitored and auditable.
* Define secure patterns for jump hosts, architectures and privileged session management.
* Enforce segmentation and time-bound access for remote connections to OT assets.
* Align remote access controls with safety, availability and regulatory requirements.
* Establish incident-ready remote access capabilities, including rapid isolation and revocation.
** 3. Identity & Access Management (IAM)
*** Define OT-specific IAM architecture and control models aligned with risk tolerance.
* Ability to identify and mitigate potential security risks and vulnerabilities related to identity and access management.
* Govern the use of Active Directory and directory services in OT, including trust relationships and segmentation boundaries.
* Ensure strong authentication (e.g., MFA, certificates) for privileged and remote OT access, adapted to operational constraints.
* Define and oversee Identity Governance & Administration (IGA) processes for OT users, vendors and service accounts.
* Architect and govern Privileged Access Management (PAM) for engineering systems, administrators and service accounts.
* Manage machine and non-human identities, including certificates, keys and service accounts.
* Ensure identity controls support availability, safety and incident response requirements.
** 4. Data Management (Security & Access Focused)
*** Define and govern secure OT data flows across zones, conduits and trust boundaries.
* Ensure OT data access is identity-controlled, role-based and least-privilege.
* Design and approve architectures for OT data integration (historians, cloud platforms etc).
* Ensure encryption, integrity and secure transport for OT data in transit.
* Support data classification and risk assessment for safety-critical and regulated OT data.
* Ensure data architectures do not compromise operational availability or safety.
** 5. Crossover Responsibilities
*** Translate OT cyber risks into business, safety and operational risk language.
* Support audits, regulatory assessments, and assurance activities related to OT cyber risk.
* Act as a bridge between engineering, operations, IT and security teams.
** WHO WE ARE
** At Impala, we store and handle the essential energies and resources that matter, helping global supply meet demand more effectively.

We’re a leading global storage infrastructure operator that stores, handles and moves the essential resources people depend on.
** WHAT WE DO
** At Impala we provide reliable and sustainable end-to-end services to our global partners for the smooth supply of liquid energy and base metals that are critical to everyday life, through our portfolio of 30 terminals in 15 countries across Latin and Central America, Europe and UK, Africa and Australasia.

We design, develop and operate key infrastructure and logistics assets across multiple modes of transport, from inland areas of production and consumption to our network of inland ports and deep-sea terminals. Our infrastructure platform serves as a one-stop-shop, allowing us to provide tailored and efficient services to store and move commodities for our customers,…