Job Description

The OT Cybersecurity Operations Analyst is responsible for ensuring the security and integrity of the organization’s Operational Technology (OT) systems. This role involves monitoring, analyzing, and responding to security incidents, as well as implementing and maintaining security measures to protect OT environments from cyber threats.

Main Responsibilities

• Monitor OT Systems: Continuously monitor OT networks and systems for security breaches, anomalies, and potential threats.
• Incident Response: Lead and coordinate the response to cybersecurity incidents, including containment, eradication, and recovery efforts.
• Vulnerability Management: Conduct regular vulnerability assessments and penetration testing on OT systems to identify and mitigate security risks.
• Security Policies and Procedures: Implement, and enforce security policies, procedures, and best practices for OT environments.
• Threat Intelligence: Gather and analyze threat intelligence to stay informed about emerging threats and vulnerabilities relevant to OT environments.
• Security Reporting: Prepare detailed reports on security incidents, vulnerabilities, and remediation efforts for management and stakeholders.
• Documentation: Maintain detailed records of security incidents, vulnerabilities, and remediation efforts.
• Compliance: Ensure compliance with relevant regulations, standards, and frameworks (e.g., NIST, IEC 62443)

Position Challenges

• Complexity of OT Systems: Operational Technology (OT) environments often include a wide range of legacy systems and proprietary technologies, making it challenging to implement standardized cybersecurity measures.
• Outsourced Security Services: Relying on third-party vendors for security services can introduce risks related to vendor management and service quality.
• Evolving Threat Landscape: The cybersecurity threat landscape is constantly changing, requiring continuous monitoring, updating, and adaptation of security strategies to protect against new vulnerabilities and attack vectors.
• Regulatory Compliance: Keeping up with and ensuring compliance with various industry regulations and standards (e.g., NIST, ISO 27001) can be demanding and time-consuming.
• Cultural and Organizational Resistance: Implementing new cybersecurity measures may face resistance from staff who are accustomed to existing processes and may not fully understand the importance of cybersecurity.
• Time Zone Differences: Coordinating activities and meetings across different time zones can be challenging. It requires careful planning to ensure that all team members can participate effectively

Qualifications

• Education: Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• Experience: Minimum of 3-5 years of experience in cybersecurity, with a focus on OT environments.
• Certifications: Relevant certifications such as CISSP, CISM, GICSP, or equivalent.
• Compliance: Knowledge of regulatory requirements and industry standards related to OT cybersecurity.

Skills:

• Strong understanding of OT systems and protocols (e.g., SCADA, DCS, PLCs).
• Proficiency in cybersecurity tools and technologies (e.g., SIEM, IDS/IPS, firewalls).
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.

Internal/External Relations

INTERNAL

• Operations and Technology
• IT Cyber security Operations
• IT Service management
• Local IT

EXTERNAL

• IBM – Managed Service Provider
• Claroty – Threat detection platform
• External Auditors for IEC 62443

CEMEX Diversity and Inclusion Statement

At CEMEX, we recognize the diversity of the world in which we live and in which we do business. We respect diversity, we address the inclusion and non-discrimination of any talented person, regardless of gender, physical ability, age, sexual orientation, culture, ethnicity, religion, political affiliation, marital status, pregnancy / maternity / paternity, and nationality. We promote a culture of equity for the construction of a sustainable business and the well-being and development of CEMEX employees.