Architecte Automatisme et Cybersécurité OT Conformité CRA - …, Strasbourg

Description du poste

We are seeking a candidate with expertise in OT cybersecurity architecture to support cybersecurity, cyber resilience, and regulatory compliance initiatives within a GMP-regulated pharmaceutical environment. The scope of services includes systems based on Rockwell PLC (ControlLogix / CompactLogix) and iFIX SCADA, with consideration for applicable regulations and standards including the EU Cyber Resilience Act (CRA), IEC 62443 / ISA99, ISA-95, GMP, and FDA 21 CFR Part 11.Scope of Services

Perform CRA gap assessments for OT systems and propose remediation roadmaps. Provide guidance for the definition and evolution of the OT reference architecture (Purdue model, zones&conduits, DMZ). Assess and recommend security hardening measures for Rockwell PLC and iFIX SCADA environments. Conduct OT cybersecurity risk assessments and threat modeling. Define secure configuration baselines for OT servers and engineering workstations. Provide recommendations to support compliance with GMP and FDA 21 CFR Part 11 (audit trails, electronic records, RBAC).Contribute to Computer System Validation (CSV) documentation (URS, NFR, FS, DS, IQ, OQ, PQ) where cybersecurity requirements are involved. Propose patch management and vulnerability management processes adapted to validated OT environments. Provide expertise and documentation to support audit preparation and regulatory inspections.FR

Réaliser des évaluations d’écart (gap assessments) par rapport au CRA pour les systèmes OT et proposer des feuilles de route de remédiation. Fournir des orientations pour la définition et l’évolution de l’architecture de référence OT (modèle Purdue, zones et conduits, DMZ). Évalueret recommander des mesures de renforcement de la sécurité pour les environnements Rockwell PLC et iFIX SCADA.Mener des analyses de risques cybersécurité OT et des exercices de modélisation des menaces. Définir des configurations sécurisées de référence pour les serveurs OT et les postes de travail d’ingénierie. Fournir des recommandations pour soutenir la conformité aux exigences GMP et FDA 21 CFR Part 11 (pistes d’audit, enregistrements électroniques, contrôle d’accès basé sur les rôles – RBAC).Contribuerà la documentation de validation des systèmes informatisés (CSV) — URS, NFR, FS, DS, IQ, OQ, PQ — lorsque des exigences de cybersécurité sont impliquées. Proposer des processus de gestion des correctifs et des vulnérabilités adaptés aux environnements OT valides. Apporter son expertise et la documentation nécessaire pour soutenir la préparation des audits et les inspections réglementaires.Profil recherché

OT&Automation

Rockwell ControlLogix / CompactLogix Studio 5000 EtherNet/IP iFIX SCADA configuration&security OPC / Industrial protocols

Cybersecurity

IEC 62443 implementation Network segmentation&firewall design Secure remote access architecture Vulnerability&patch management (OT context) Threat modeling&risk assessment

Regulatory&Compliance

EU Cyber Resilience Act (CRA) GMP (Pharma manufacturing systems) FDA 21 CFR Part 11 Computer System Validation (CSV) Change control in regulated environments

System Hardening

Windows Server hardening (SCADA, Historian, Engineering Stations) Active Directory design and security for OT domains CIS benchmarks&security baseline implementation Group Policy (GPO) hardening and privilege management Application whitelisting (e.g., AppLocker) Secure service configuration&port minimization Local admin restriction&credential protection Secure RDP configuration&jump server model Patch validation in GMP-regulated environments

Meeting facilitation in an international environment Advanced English level Remote work may be authorized up to a maximum of two days per week, subject to compatibility with project requirements and manager approval. Preferred Certifications

Expert cybersécurité EC 62443 – GICSP / CISSP Certification Rockwell Automation

#J-18808-Ljbffr