Role description
Job Title: CISO
Location: Bokaro,Jharkhand | Experience: 5 Years +
Who We Are
STL Digital, we don’t just build software; we engineer digital transformations. We partner with global enterprises with a comprehensive portfolio of services, including Product Engineering, Cloud and Cybersecurity, Data and AI, and Enterprise SaaS.
Role Purpose
The Chief Information Security Officer (CISO) is responsible for establishing, implementing, and governing the enterprise-wide cybersecurity strategy of the steel plant, covering IT, OT (Operational Technology), ICS/SCADA systems, industrial automation, and digital manufacturing platforms.
The role ensures protection of critical infrastructure, production continuity, worker safety, intellectual property, and regulatory compliance against cyber threats.
Key Responsibilities
1. Cybersecurity Strategy & Governance
- Define and execute the cybersecurity vision, strategy, and roadmap aligned with business goals, safety standards, and digital transformation initiatives.
- Establish cybersecurity governance frameworks, policies, standards, and procedures for IT and OT environments.
- Report cybersecurity posture, risks, and incidents to the Executive Committee / Board.
2. OT / ICS Security (Core Responsibility)
- Own cybersecurity across PLC, DCS, SCADA, MES, Level 1–3 automation systems, and plant-floor networks.
- Implement security controls for blast furnaces, rolling mills, coke ovens, power plants, and material handling systems.
- Ensure segmentation between IT and OT networks (ISA/IEC 62443 zones & conduits).
- Lead OT risk assessments, threat modeling, and vulnerability management.
- Manage secure remote access for OEMs, integrators, and maintenance vendors.
3. Risk Management & Compliance
- Identify, assess, and mitigate cyber risks impacting production, safety, and compliance.
- Ensure compliance with applicable standards and regulations such as:
- ISO 27001 / ISO 22301
- IEC 62443 (Industrial Automation & Control Systems)
- NIST Cybersecurity Framework
- IT Act, CERT-In directives, sectoral cyber advisories
- DPDP Act
- Support internal/external audits and regulatory inspections.
4. Incident Response & Crisis Management
- Establish and lead Cyber Incident Response & Crisis Management for IT and OT incidents.
- Develop and test Cyber Disaster Recovery & Business Continuity Plans, especially for production-critical systems.
- Coordinate with CERT-In, law enforcement, OEMs, and cybersecurity vendors during major incidents.
- Lead post-incident reviews and corrective action plans.
5. Security Operations
- Oversee SOC operations, SIEM, SOAR, threat intelligence, and OT security monitoring tools.
- Ensure continuous monitoring of plant networks and critical assets.
- Govern patching, vulnerability remediation, asset inventory, and endpoint protection across IT & OT.
6. Digital Transformation & New Technologies
- Secure Industry 4.0 initiatives, including:
- IIoT platforms
- AI/ML-based quality & predictive maintenance systems
- Cloud, data lakes, and analytics platforms
- Perform cybersecurity reviews for new plants, expansions, and modernization projects from design stage.
7. Vendor & Third-Party Risk Management
- Evaluate and govern cybersecurity risks from OEMs, system integrators, contractors, and SaaS vendors.
- Enforce cybersecurity clauses in contracts and SLAs.
- Conduct vendor security audits and access reviews.
8. Awareness, Culture & Training
- Drive cybersecurity awareness across corporate office, plant operations, and shop-floor personnel.
- Conduct phishing drills, tabletop exercises, and OT-specific training for engineers and operators.
- Build a security-first culture without impacting production efficiency.
Qualifications & Experience
Education
- Bachelor’s degree in Engineering / Computer Science / IT
Experience
- 5+ years in IT/OT, cybersecurity, or industrial technology
- Strong experience in manufacturing, steel, metals, power, or heavy industry
Certifications (Preferred)
- CISSP, CISM, CISA
- ISO 27001 Lead Implementer / Auditor
Key Competencies
- Deep understanding of industrial automation & production environments
- Strong stakeholder management and crisis leadership
- Balance between plant availability, safety, and cybersecurity
- Risk-based decision-making
- Ability to translate technical risk into business impact
Success Metrics
- Reduction in cyber incidents affecting production
- OT security maturity improvement
- Audit & regulatory compliance scores
- Incident response time and recovery metrics
- Security awareness effectiveness
Skills
About Sterlite Technologies Limited
About STL - STL is a leading global optical and digital solutions company providing advanced offerings to build 5G, Rural, FTTx, Enterprise and Data Centre networks. About STL Digital - STL Digital, a wholly owned subsidiary of STL, is a global IT services and consulting company dedicated to delivering exceptional digital transformation experiences for enterprises with a comprehensive portfolio of services, including product engineering, cloud and cyber security, data and AI, and enterprise SaaS.
