OT Cybersecurity Consultant

Experienced cybersecurity consultant with a focus on OT security, regulatory compliance, and maturity assessments in pharma and diagnostics, ensuring alignment with GxP, SOX, and international standards

Certified in over 15 areas, including cybersecurity auditing, ethical hacking, cloud security, and AI governance, with strong proficiency in ISO 27001, NIST CSF, NIS2, HIPAA, and the AI Act

Skilled in developing cybersecurity frameworks and tools such as ICS/OT maturity assessments and AI-based monitoring systems to strengthen security and ensure compliance

The candidate holds a PhD in IT with a focus on AI, complemented by extensive certifications, combining advanced AI expertise with deep cybersecurity knowledge for regulated industries

Development of OT security standards applicable to Solvay’s industrial sites worldwide, aligned with NIS2 Directive, CyFun Framework, KRITIS, NIST CSFv1.1, EBIOS and group policies

IT4OT Project Manager (Secure file transfer, patch management, log collection and AV signature distribution streams)

Cybersecurity program manager support for the Cyber 2028 GRC program (6 streams)

Development of project deliverables, including project risk analyses, key financial data sheets, and SteerCo meeting slide decks

Creation and implementation of an in-house Cybersecurity Center of Excellence (CCoE charter, objectives, KPIs and roadmaps), and update of the group IT security policies aligned with NIS2 Directive/NIS2UmsuCG (e.g., cyber incident response plan, third-party risk management and coordinated vulnerability disclosure)

Perform cybersecurity due diligence/audit reports for each M&A target (ISO 27001, HIPAA, PCI DSS compliance) and influence C-level decision making

Review penetration test reports, vulnerability assessments and cloud infrastructures

Create remediation plans for the acquired companies and oversee their implementation and efficient execution

Development of yearly HG Capital Cybersecurity maturity assessment

Define and implement standards applicable to M&A cybersecurity processes in collaboration with the group CISO and regional CISOs

Collaboration with the Head of Legal on the development of the AI group policy

Development of an ICS/OT Cybersecurity Maturity Assessment Tool (MaritimeSG Shipping CyberSafe Scorecard) in alignment with NIST CSF v1.1 in collaboration with the Singapore Shipping Association and the Port Authority of Singapore

Collaborate with the CISO (ex-BAE Systems, Head of Cyber Technical Services) to understand existing proposals and conduct background preparation where needed for the implementation of an AI-based Cybersecurity Monitoring and Analytics system

Development of tabletop cyber exercises for a client in Cyprus

Enhance the company’s in-house ISMS

Conduct external audits and readiness assessments on ISO 27001/NIST CSF for clients and communicate IT audit findings to management

Perform detailed validation activities, including system testing, user acceptance testing, and documentation of test results, ensuring systems function as intended on S/4HANA migration

Leadership: Manage and coach external consultants and mentor project teams

Compliance: Ensure compliance with relevant laws, regulations, and industry standards (e.g. ISO 27001 SOX, HIPAA, GDPR, GxP)

Conduct internal audits and assessments on SOX security controls (Awarded Roche Diploma in ICFR for IT)

Development of an AI auditing framework

CSV: Point of Contact for all CSV related matters for GxP Computerized Systems and act as an interface between IT and Business for IT Compliance topics in relation to GxP classified Computer Systems (SAP FI, CO, IM, WM, QC, SD, Procurement, Site Services, PLM, MM and MDG, GRC, Ariba, SAP Solutions Manager, SAP Basis)

Risk management: Identify, assess, and prioritize information security and data privacy risks to the organization's data, systems, and processes. Review and approve security risk assessments, Data Protection Impact Assessments, electronic records/electronic signatures risk assessments

Security Architecture, Design and Implementation: Ensure that security and data integrity is integrated into the design and implementation of systems, applications and infrastructure

Identify the adequate security solutions required and lead their implementations. Conduct quality assurance on systems documentation and deliverables