Cyber Risk Analyst (Operational Technology / OT) Utilities 1 day per week in Warwick 6 months £600 per day
In short: We're seeking a Cyber Risk Analyst with good experience in Operational Technology to perform risk assessments for Critical National Infrastructure. We're open to various OT backgrounds ie Gas, Electricity, Oil, Pharma, Nuclear. The main objective is understanding the IEC62443 framework and how risk is assessed, documented and remediated across OT assets.
Job purpose:
Responsible for managing, leading, controlling, and supporting the Security Risk process, inclusive of physical, OT, CNI and IT environments.
Managing and developing a new security risk framework covering business, supply chain and operational risk management.
Representing security risk on the central enterprise risk working group.
Ensuring stakeholders are fully engaged with the security risk framework, including senior leaders.
Collating various metrics and systems including business, IT and Systems Operator and Transmission Operator risk to provide a single risk view.
Adhering to all IT and Security Risk standards and procedures as determined by the risk governance team.
Define Risk Management Information and Key Risk Indicators for all levels of the business.
Point of contact for periodic risk assessments and risk audits with external government entities, including NIS annual assessments.
Identifying new or changed risks including risk mitigation steps as part of a cohesive risk management plan.
Key accountabilities:
Plan, design and implement an overall security risk management process in line with CISO expectations.
Undertake risk assessments, analysing risks, identifying and estimating risk criteria.
Evaluate risk by benchmarking estimated risks with established risk criteria.
Establish and quantify Security and Business Risk appetite.
Report risk at various levels and for differing audiences.
Liaise with external risk governance including risk obligations under the NIS Regulations (CAF).
Provide risk analysis to support regulatory submissions.
Liaise with legal, procurement and contract business functions supporting customer and supplier risk assessments.
Provide risk insight for company insurance policies including IT and cyber risk.
Conduct policy and process assessments and audits.
Provide support, education and training advice to build risk awareness.
Knowledge and experience:
A good extensive knowledge of Risk Management including the establishment of new risk management frameworks.
An understanding of Business, IT and Cyber risk.
Proven leadership, stakeholder management, communication and presentation skills.
A good track record of delivering complex problem solving with resilience and ability to cope under pressure.
Demonstratable technical acumen, analytical and planning skills with a focus on detail.
Commercial and financial awareness.
Candidates will ideally show evidence of the above in their CV in order to be considered.