Download the free report: "IT job market in Poland in 2025. Salaries and recruitment trends."

Download

Executive Search for an OT/IT Security Expert in Manufacturing

About the Company

Who is the client?
The client is one of the largest pharmaceutical companies in Germany. It delivers innovative and environmentally friendly solutions. At the heart of the company are advanced Research & Development (R&D) and modern production facilities.

Business context:
In the era of digital transformation, companies in this sector are increasingly integrating their IT systems with Operational Technologies (OT) that control processes in factories. While this integration is essential for efficiency, it has opened up new vectors of potential cyberattacks, threatening not only:

  • data,
  • production continuity,
  • physical safety.

The Challenge

Protecting Critical Industrial Infrastructure

Our client faced the strategic challenge of securing its most sensitive assets. Our task was to find an expert who would serve as a bridge between the IT and OT worlds. The main difficulties included:

  • Protection of Intellectual Property (IP): The company’s greatest asset lies in its unique chemical formulas and production processes. The challenge was to find a candidate who understood how to protect this data not only in office systems, but above all in systems connected to production.
  • Specifics of OT/ICS Security: The candidate needed rare expertise in securing Industrial Control Systems (ICS), SCADA networks, and PLC controllers. These skills differ completely from standard IT. An attack on such systems could halt production or even cause an environmental disaster.
  • Global and Complex Infrastructure: The client operates production facilities and laboratories worldwide. The security engineer had to be ready to work in a complex, international environment and understand the specifics of various locations.
  • Regulatory Compliance: As part of critical infrastructure, the company must meet strict standards such as the NIS2 directive and ISO 27001. The candidate needed proven experience in implementing and auditing compliance in industrial environments.
  • Legacy Systems: Many OT systems in industry are 10–20 years old and were not designed with cybersecurity in mind. The challenge was to find someone who could secure such infrastructure without costly replacement.

The Solution

The "Needle in a Haystack" Strategy

We knew that candidates with such a unique profile could not be found through a standard job posting. Our strategy was based on precision and a deep understanding of the client’s needs:

  1. Strategic Workshop with CISO and Head of Production:
    • We organized a session with key decision-makers to map out the IT and OT architecture (based on the Purdue model).
    • Together we defined that we were not looking for a “jack of all trades” but rather a specialist focused on:
      • monitoring industrial networks,
      • managing vulnerabilities in OT systems,
      • developing Incident Response plans.
  2. Targeted Sourcing in Industrial Sectors:
    • We focused our search on candidates from industries with similar specifics: energy, pharmaceuticals, automotive, and food production.
    • We leveraged specialist forums, discussion groups, and our network to reach engineers with IT/OT convergence experience.
    • In communication, we emphasized the unique opportunity to build a security strategy from scratch in a global, innovative company.
  3. Verification and Support at Every Stage:
    • Thanks to our expertise, we conducted an initial technical interview, saving managers’ time.
    • We ensured a smooth recruitment process with fast feedback and full transparency – crucial for keeping candidates engaged.

The Result

Our approach delivered measurable value for the client:

  • In numbers:
    • Within 2 weeks of starting the search, we presented 2 candidates with unique OT security experience.
    • The hired candidate had 8 years of experience, including 4 years directly securing production lines in the pharmaceutical sector.
  • Value for the client:
    • The client gained a key expert who immediately began a security audit and implemented OT network monitoring.
    • The company significantly reduced the risk of production downtime and intellectual property theft.
    • Thanks to the new hire, the company is better prepared to meet NIS2 directive requirements.

Technologies and Standards in the Project

  • Industrial Systems: SCADA, DCS, PLC
  • Standards and Regulations: NIS2, ISO 27001, ISA/IEC 62443, Purdue Model
  • Network Security: Industrial firewalls, Intrusion Detection Systems (IDS) for OT networks
  • Tools: SIEM, Vulnerability Management

Schedule a free consultation with us and hire the best employees in the Cybersecurity category.

Contact