Operating Technology Security Analyst

Portsmouth

Brief

Our client is seeking an Operating Technology Security Analyst or OT Security Analyst to join them on a permanent basis. The ideal candidate will have 1–2 years' experience acting as the cyber security subject matter expert within an OT environment and possess a good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC security principles, NIST Framework, ISO 27001, ISO27005, IEC62443 etc.

What the role entails:

Some of the main duties of the Operating Technology Security Analyst will include:

• Manage cyber security risk assessments, compliance checks, audits, and reviews to ensure that appropriate security controls are in place and highlight any deficiencies and gaps for management consideration and ensure Cyber Security controls are operating as designed.
• Provide cyber security assurance activities by ensuring implemented solutions are a replica of agreed and approved architecture definition documents
• Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite.
• Perform or participate in threat modelling exercise of all projects and provide mitigating cyber security requirements to help ensure the secure delivery of compliant systems, applications, and business processes
• Work alongside and coordinate our third–party vendors including 'managed security services provider' (MSSP), penetration testers, attack path mapping and SOC operators including following up remediation work and reports
• Work with the other teams to investigate, remediate and document cyber security incidents.
• Be part of a 24/7 on–call rota
• Work with the technical security and assurance team to help deliver new security tooling.
• Be a Security touchpoint for Project Business Analysts and Project Management.
• Provide project with security consultations, supporting OT Security projects within the Cyber programme
• Security Architecture and Design– Review both high/low level architecture definition documents for compliance against security policies, standards and regulatory requirements pertinent to OT environments
• Attend relevant Architecture Review Board and Technical Design Authority meetings providing sign–off to designs created to deliver technical solutions into the OT environment
• Produce in–flight project functional and non–functional security requirements and embed into existing processes.
• Participate in project initiatives around Governance Risk and Compliance tooling, third party risk/supplier assurance and metrics initiatives.
• Post–implementation/pre–go live auditing of initial requirements for Security OT projects, checking agreed design proposals matched against delivered solutions.
• Remain up to date on cutting–edge cloud technology.
• Operate collaboratively with the IT/OT Security Leads and the wider Corporate IT team to deliver the required solutions.

What experience you need to be the successful Operating Technology Security Analyst:

• The individual should be educated to degree level in a relevant discipline. CISM/CISSP/CCSP/TOGAF/CRISC/COMPTIA Network+/COMPTIA Security+/CCNA Security/AWS Solution Architect or equivalent certification
• Must have 1–2 years' experience acting as the cyber security subject matter expert within an OT environment
• Must have proven expertise in three of the following security domain areas, Vulnerability Assessment and Management, Physical Security, Security Risk and Compliance, Security Architecture, Endpoint Protection, Network Security, and Security Engineering
• Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC security principles, NIST Framework, ISO 27001, ISO27005, IEC62443 etc.
• Good understanding of Cyber Assurance Framework and experience with working with Regulators and providing compliance updates for OT environment
• Knowledge of the Purdue Model and experience of application of network segmentation to OT systems to bolster the cybersecurity
• Role will require Security Clearance

If you are an experienced Operating Technology Security Analyst with a passion for IT Security, looking to transition into a new role, this opportunity could be for you. Please don't hesitate to apply!