Title: Operational Technology Security Analyst
Reference No: 2150
Company: FTSE 100
Location: London or Peterborough
Reports to Operational Technology Security Consultant
Salary: Up to £71,600 (depending upon experience)
Benefits: 25 days annual leave per annum
10% matched pension contribution
Life assurance 4x pensionable salary (as a member of the pension scheme)
Access to a discounts platform
Access to a business car (if needed for work)
Duration 6 month fixed-term contract.
The Role
The Operational Technology Security Analyst will support the Operational Technology Security Consultant to offer guidance to businesses to understand their risk, identify mitigating actions and develop remediation plans, develop standards, achieve compliance to the corporate policy and support project delivery.
Key Responsibilities
• Thought leadership, Influence and Deliver Cyber Risk Assurance for the OT environments.
• Responsible for holding to account operational areas, owners of risk and suppliers to deliver against the Group, OT Cyber Security strategy, programmes, and requirements.
• To partner effectively with businesses and wider internal teams (e.g., audit) to eliminate overlaps and provide a holistic and consistent OT cyber security position including key initiatives such as resilience.
• Support the creation and implementation of an enhanced Operational Technology Cyber Risk Management framework for the group. Working closely with OT Security Lead and key stakeholders to support businesses in identifying, assessing, and managing their cyber risks.
• Ensure consistent and continual alignment to the business and GCS strategy through oversight of a Cyber Risk Management framework, activities and processes including all aspects of the metrics/reporting.
• Monitor and drive rollout of the cyber governance, risk, and compliance programme for information security.
• Collate OT cyber risks for reporting to the board.
• Support maintaining the information security policy set for the group. Working closely with the OT Security Lead to continuously improve Group IS policies and guidelines to ensure policies remain current and appropriate.
• Provide support, advice and guidance to the businesses to help them maintain robust OT controls to protect manufacturing and logistics operations
• Perform post incident reviews for impactful incidents across the group, including a detailed analysis of root cause, detection, response and recovery activities. Facilitate workshops with the incident response teams to identify areas for improvement, applying lessons learned across the group.
• Provide assurance over the maturity of business unit OT security mitigation programmes.
• Monitor global OT security trends, technologies, and regulations to ensure these are considered in Group initiatives and business unit programmes to protect systems.
• Lead or support group initiatives to help businesses address common areas of OT risk and avoid a duplication of effort.
• Support the development and rollout of a framework for performing OT security assessments across the group.
Knowledge & Experience
• Awareness and knowledge across different frameworks such as IEC62443, NIST for OT, COMAH etc
• Experience of risk identification and business impact analysis in manufacturing and logistics environments
• Good understanding of the OT risks, issues and controls associated with OT systems, networks and applications that are commonly encountered within a logistics or manufacturing environment.
• Experience of technology project delivery
• Knowledge of Industrial network protocols
• Excellent verbal and written skills, including the ability to draft concise, well written and accurate incident reports to support any regulatory disclosures.
• Experience of project delivery processes/methodologies and ensuring security by design.
• Strong team building, motivation and communication skills to work as an effective member of the GCS team.
Operational Responsibility
• Owns the relationships between the group cyber security team and business operational, engineering and IT teams
• Provide support to businesses with OT technologies
• Influences group OT security strategy
Contacts & Communication
• Owns the relationships between the group cyber security team and business operational, engineering and IT teams
• Provide support to businesses with OT technologies
• Influences group OT security strategy
• Multiple senior stakeholders where influence and nuanced communications are key.
• Engineering managers, Operational managers, Heads of Security and Security Working Group.
• Good communicator, high credibility, and influence. Critical in building relationships between the centre and operational teams in our businesses.
• 3rd party suppliers
• Engage with Third Parties / indirect teams that increase shared knowledge and are a good fit.