Job Title: IT Security Consultant (Manufacturing Focus)
Experience Level: 3–5 years
Reports to: Practise leader: Consulting

Location: [Hybrid / On-site] – travel to manufacturing sites required

Company Overview

Role Summary
For our Consulting division , We are seeking a detail-oriented IT Security Consultant with 3–5 years of experience to lead and support IT security audits specifically for manufacturing organizations. You will assess network architectures, access controls, backup procedures, endpoint security, and operational technology (OT) segmentation against industry standards. You will produce risk-based audit reports and actionable remediation roadmaps.

Key Responsibilities

IT Security Audit Execution

· Perform IT (General controls ) testing with the GRC | Assurance Teams for the IFC compliance

• Plan, scope, and conduct internal IT security audits for 8–12 manufacturing clients annually.
• Assess IT environments (Active Directory, firewalls, patch management, privileged access, MFA, logging/SIEM).
• Evaluate OT/IoT security where IT systems connect to production networks (PLCs, HMIs, SCADA, historians).
• Review compliance with ISO 27001, NIST CSF, IEC 62443-2-1, and GDPR (where applicable).
• Perform audit procedures including:
• Control testing (technical & administrative)
• Vulnerability assessment (non-intrusive)
• Configuration reviews (switches, firewalls, servers)
• Access control & user entitlement reviews
• Backup & disaster recovery validation
• Identify gaps in network segmentation between office IT and shop-floor OT.

Reporting & Remediation

• Document findings with clear risk ratings (Critical, High, Medium, Low).
• Provide manufacturing-specific recommendations (e.g., “air gap backup recovery,” “replace unsupported Windows 7 on HMI”).
• Present audit reports to plant managers and IT leadership.
• Track remediation progress and perform limited validation re-audits.

Compliance & Standards

• Map audit findings to regulatory requirements (e.g., CMMC, NIS2 if applicable).
• Support clients during external audits or insurance cyber assessments.

Collaboration

• Work with client maintenance and controls engineers (non-security personnel) to explain risks without jargon.
• Escalate critical findings (e.g., ransomware exposure via exposed RDP on a production server) immediately.

Required Qualifications

Experience

• 3–5 years in IT security auditing or security consulting – with at least 1 year directly auditing manufacturing, industrial, or logistics companies.
• Hands-on experience auditing: Active Directory, firewalls (rule base review), Windows/Linux servers, backup solutions, and endpoint AV/EDR.
• Familiarity with industrial protocols (Modbus, PROFINET, OPC UA) – not for deep testing, but to understand risk context.
• Experience using audit frameworks: ISO 27001, NIST 800-53 or CSF, IEC 62443 (awareness level).

Certifications (at least one)

• CISA (preferred)
• ISO 27001 Lead Auditor
• CISSP (or Associate)
• Security+
• Bonus: GICSP or ISA/IEC 62443 Cybersecurity Fundamentals

Technical skills

• Auditing vulnerability scan results (Tenable, Qualys, or Rapid7)
• Basic scripting for evidence collection (PowerShell, Python, or bash)
• Familiarity with compliance tools (e.g., Vanta, Drata, or manual checklists)

Soft skills

• Ability to interview plant operators and IT admins without creating friction.
• Clear report writing – no excessive jargon.
• Pragmatic risk mindset: “Secure enough for production uptime.”

Preferred (Nice to Have)

• Past role in managed security services or internal audit for a manufacturer.
• Understanding of ransomware impact on production schedules (e.g., downtime cost modeling).
• Experience with NIST 800-82 or C2M2.

Work Environment & Travel

• Up to 30–40% travel to manufacturing sites (safety training required – steel-toe boots, hearing protection, etc.).
• Audits are typically 1–2 weeks on-site per client, then remote for reporting.

What We Offer

• Competitive base salary + audit completion bonuses.
• Opportunity to shape security posture in critical infrastructure.

How to Apply
Send your resume and a short note describing one IT security risk specific to manufacturing you have audited or would approach.

Pay: ₹700,000.00 - ₹1,300,000.00 per year

Ability to commute/relocate:

• Ajwa Road, Vadodara, Gujarat: Reliably commute or willing to relocate with an employer-provided relocation package (Preferred)

Education:

• Bachelor's (Required)

Willingness to travel:

• 50% (Required)

Work Location: In person