Conduct cybersecurity risk assessments across IT and OT environments.
Partner with project and application teams to embed security-by-design practices throughout the lifecycle, from procurement to design and implementation.
Review and guide project risk assessments, ensuring findings and mitigation controls are adequate.
Perform network and system architecture reviews, to ensure alignment with security requirements and industry best practices.
Represent clients in vendor and stakeholder discussions, providing subject matter expertise.
Support compliance and governance activities, including audits, gap assessments, and reporting against regulatory and industry requirements.
Develop, evaluate, and maintain cybersecurity policies, standards, and procedures in line with frameworks such as ISO/IEC 27001 and applicable regulatory expectations.
Contribute to the development of security awareness programs and other client-specific initiatives.
Provide input into cybersecurity roadmaps and strategic initiatives, to support planning for emerging threats and regulatory expectations.
Requirements
7+ years of experience in cybersecurity, with exposure to GRC, risk assessments and CISO office functions.
Proven experience conducting risk assessments and guiding security-by-design practices across IT and OT environments.
Strong understanding of OT and IT security concepts, technologies, and associated risks.
Familiarity with recognized security frameworks and standards such as ISO/IEC 27001 and NIST.
Strong communication and interpersonal skills, with the ability to represent clients in discussions and work effectively with both technical and non-technical stakeholders.
Certifications such as CISSP, CISM, CISA, or CRISC are preferred.