Architecte Automatisme et Cybersécurité OT Conformité CRA - CDI

Description du poste

We are seeking a candidate with expertise in OT cybersecurity architecture to support cybersecurity, cyber resilience, and regulatory compliance initiatives within a GMP-regulated pharmaceutical environment.

The scope of services includes systems based on Rockwell PLC (ControlLogix / CompactLogix) and iFIX SCADA, with consideration for applicable regulations and standards including the EU Cyber Resilience Act (CRA), IEC 62443 / ISA99, ISA-95, GMP, and FDA 21 CFR Part 11.

Scope of Services

• Perform CRA gap assessments for OT systems and propose remediation roadmaps.
• Provide guidance for the definition and evolution of the OT reference architecture (Purdue model, zones & conduits, DMZ).
• Assess and recommend security hardening measures for Rockwell PLC and iFIX SCADA environments.
• Conduct OT cybersecurity risk assessments and threat modeling.
• Define secure configuration baselines for OT servers and engineering workstations.
• Provide recommendations to support compliance with GMP and FDA 21 CFR Part 11 (audit trails, electronic records, RBAC).
• Contribute to Computer System Validation (CSV) documentation (URS, NFR, FS, DS, IQ, OQ, PQ) where cybersecurity requirements are involved.
• Propose patch management and vulnerability management processes adapted to validated OT environments.
• Provide expertise and documentation to support audit preparation and regulatory inspections.

FR

• Réaliser des évaluations d’écart (gap assessments) par rapport au CRA pour les systèmes OT et proposer des feuilles de route de remédiation.
• Fournir des orientations pour la définition et l’évolution de l’architecture de référence OT (modèle Purdue, zones et conduits, DMZ).
• Évaluer et recommander des mesures de renforcement de la sécurité pour les environnements Rockwell PLC et iFIX SCADA.
• Mener des analyses de risques cybersécurité OT et des exercices de modélisation des menaces.
• Définir des configurations sécurisées de référence pour les serveurs OT et les postes de travail d’ingénierie.
• Fournir des recommandations pour soutenir la conformité aux exigences GMP et FDA 21 CFR Part 11 (pistes d’audit, enregistrements électroniques, contrôle d’accès basé sur les rôles – RBAC).
• Contribuer à la documentation de validation des systèmes informatisés (CSV) — URS, NFR, FS, DS, IQ, OQ, PQ — lorsque des exigences de cybersécurité sont impliquées.
• Proposer des processus de gestion des correctifs et des vulnérabilités adaptés aux environnements OT valides.
• Apporter son expertise et la documentation nécessaire pour soutenir la préparation des audits et les inspections réglementaires.

Profil recherché

• OT & Automation
  • Rockwell ControlLogix / CompactLogix
  • Studio 5000
  • EtherNet/IP
  • iFIX SCADA configuration & security
  • OPC / Industrial protocols
• Cybersecurity
  • IEC 62443 implementation
  • Network segmentation & firewall design
  • Secure remote access architecture
  • Vulnerability & patch management (OT context)
  • Threat modeling & risk assessment
• Regulatory & Compliance
  • EU Cyber Resilience Act (CRA)
  • GMP (Pharma manufacturing systems)
  • FDA 21 CFR Part 11
  • Computer System Validation (CSV)
  • Change control in regulated environments
• System Hardening
  • Windows Server hardening (SCADA, Historian, Engineering Stations)
  • Active Directory design and security for OT domains
  • CIS benchmarks & security baseline implementation
  • Group Policy (GPO) hardening and privilege management
  • Application whitelisting (e.g., AppLocker)
  • Secure service configuration & port minimization
  • Local admin restriction & credential protection
  • Secure RDP configuration & jump server model
  • Patch validation in GMP-regulated environments
• Meeting facilitation in an international environment
• Advanced English level

Remote work may be authorized up to a maximum of two days per week, subject to compatibility with project requirements and manager approval.

Preferred Certifications

• Expert cybersécurité EC 62443 – GICSP / CISSP
• Certification Rockwell Automation