OT Security Risk Manager - Hybrid/Warwick - £80k

OT Security Risk Manager - Warwick

Job Title: OT Security Risk Manager

Location: Hybrid/Warwick - 2 days in office per week

Contract Details: Full-time, Permanent

Salary: £60,000 - £80,000 annually

About Our Client:

Our client, a prominent player in the Utilities sector, is dedicated to facilitating safe, dependable, and efficient energy connections. They uphold a steadfast commitment to operational excellence, ensuring the seamless functioning of their energy network to deliver high-quality service to their customers.

Responsibilities:

As the OT Security Risk Manager, you will lead the Security Risk Team, responsible for evaluating cyber and physical risks and providing data-driven insights to guide strategic decision-making. Focusing on Operational Technology (OT) and its associated IT ecosystems, including control centres, Optel Network & Services, critical data centres, and substations, you will develop an overarching cyber risk management strategy and establish a cohesive framework.

Your responsibilities will include:

• Crafting and implementing the company's OT Cyber Risk Framework
• Establishing uniform protocols for identifying, documenting, and addressing OT Cyber Security risks company-wide
• Engaging with senior leadership and external stakeholders to align on the organisation's Cyber Risk Framework
• Collaborating with interdisciplinary teams to devise customised risk management solutions tailored to specific cyber challenges
• Supervising a team of specialists in Operational Technology Cyber risk management
• Delivering comprehensive reports on risk assessment, mitigation strategies, and investment priorities

Essential Skills, Qualifications, Experience:

• Proven track record in applying risk assessment methodologies such as NIST 800-30, ISO27005, IEC 62443, FAIR
• Familiarity with industry best practises and security control frameworks including NIST 800 53, ISO 27001, IEC 62443, NIST CSF, NCSC CAF
• Experience implementing security risk management frameworks such as NIST 800-39, 800-37
• Ability to effectively communicate complex concepts to senior stakeholders
• Basic understanding of ICS/SCADA frameworks like the IEC 62443 framework

Desirable Skills, Qualifications, Experience:

• Knowledge of UK Network & Information Systems (NIS) Regulations
• Previous involvement in Cyber Security initiatives
• Familiarity with MITRE ATT&CK framework
• Prior experience in risk management within an Operational Technology environment
• Leadership and team management experience, preferably in critical infrastructure settings
• Proficiency in Microsoft Office Suite, particularly Excel and SharePoint
• Familiarity with Power BI and Visio
• Relevant Information Security certifications such as CISSP, CISM, CISA
• Ability to obtain and maintain security clearance

Technologies:

• Cyber Security
• Risk Management
• Cyber Risk
• NIS Regulations
• Client Engagement
• Team Leadership (Direct supervision of 6 staff, oversight of 10-20)
• Continuous Improvement
• Centralised Security
• Governance Meetings
• Control Centres
• Critical Data Centres
• Substations
• Optel Network and Services

How to Apply:

If you possess a strong background in Risk Management and are committed to safeguarding critical systems in the Utilities sector, we invite you to apply. Please submit your updated resume along with a cover letter highlighting your relevant expertise and qualifications.

Adecco is a disability-confident employer. It is important to us that we run an inclusive and accessible recruitment process to support candidates of all backgrounds and all abilities to apply. Adecco is committed to building a supportive environment for you to explore the next steps in your career. If you require reasonable adjustments at any stage, please let us know and we will be happy to support you.

KEYWORDS:
Cyber Security / Cyber Sec / Risk Management / Risk / Cyber Risk / NIS Regulations / Network and Information Systems Regulations / Client Liaison / Team Lead / Continuous Improvement / Central Security / Governance Meetings / Control Centres / Critical / Cyber Security / Cyber Sec / Risk Management / Risk / Cyber Risk / NIS Regulations / Network and Information Systems Regulations / Client Liaison / Team Lead / Continuous Improvement / Central Security / Governance Meetings / Control Centres / Critical / Cyber Security / Cyber Sec / Risk Management / Risk / Cyber Risk / NIS Regulations / Network and Information Systems Regulations / Client Liaison / Team Lead / Continuous Improvement / Central Security / Governance Meetings / Control Centres / Critical / Cyber Security / Cyber Sec / Risk Management / Risk / Cyber Risk / NIS Regulations / Network and Information Systems Regulations / Client Liaison / Team Lead / Continuous Improvement / Central Security / Governance Meetings / Control Centres / Critical /