What are the responsibilities and job description for the Senior OT Cybersecurity & CRA Compliance Architect position at Arnex Solutions LLC?
Team,
We have below new requirement from the client, please work on it.
Title: Senior OT Cybersecurity & CRA Compliance Architect (Pharma - Rockwell / Ignition)
Role Summary
We are seeking an experienced OT Cybersecurity Architect to lead cybersecurity, cyber resilience, and regulatory compliance initiatives in a GMP-regulated pharmaceutical environment. The role focuses on Rockwell PLC (ControLogix/CompactLogix) systems, Ignition SCADA, and compliance with EU Cyber Resilience Act (CRA), IEC 62443/ISA99, ISA 95, GMP, and FDA 21 CFR Part 11.
Key Responsibilities
- Lead CRA implementation and gap assessments for OT systems.
- Define and maintain global OT reference architecture (Purdue model, zones & conduits, DMZ).
- Secure and harden Rockwell PLCs and Ignition SCADA environments.
- Perform OT cyber risk assessments and threat modelling.
- Implement secure configuration baselines for servers and engineering workstations.
- Ensure compliance with GMP & FDA 21 CFR Part 11 (audit trails, electronic records, RBAC).
- Support Computer System Validation (CSV) documentation (URS/NFR/FS/DS/IQ/OQ/PQ).
- Define patch management and vulnerability handling processes for validated OT systems.
- Support audit readiness and regulatory inspections.
Required Skills & Expertise
OT & Automation
- Rockwell ControlLogix / CompactLogix
- Studio 5000
- EtherNet/IP
- Ignition SCADA configuration & security
- OPC / Industrial protocols
Cybersecurity
- IEC 62443 implementation
- Network segmentation & firewall design
- Secure remote access architecture
- Vulnerability & patch management (OT context)
- Threat modeling & risk assessment
Regulatory & Compliance
- EU Cyber Resilience Act (CRA)
- GMP (Pharma manufacturing systems)
- FDA 21 CFR Part 11
- Computer Svstem Validation (CSV)
Change control in regulated environments
System Hardening
System Hardening
- Windows Server hardening (SCADA, Historian,
- Engineering Stations)
- Active Directory design and security for OT domains
- CIS benchmarks & security baseline implementation
- Group Policy (GPO) hardening and privilege management
- Application whitelisting (e.g., AppLocker)
- Secure service configuration & port minimization
- Local admin restriction & credential protection
- Secure RDP configuration & jump server model
- Patch validation in GMP-regulated environments
- Backup integrity verification & disaster recovery validation
- Log configuration, retention & audit trail protection
Experience Required
- 8 years in OT / ICS cybersecurity
- 3 years in Pharma or regulated industry
- Hands-on experience with Rockwell PLC and Ignition
SCADA
- Experience implementing IEC 62443 controls
Preferred Certifications
- IEC 62443 Cybersecurity Expert
- GICSP / CISSP
- Rockwell Automation certifications
Salary : $60 - $80