Job SummaryWe are seeking an experienced Security Analyst to evaluate, assess, and mitigate information security, privacy, and compliance risks across both Information Technology (IT) and Operational Technology (OT) environments. The ideal candidate will have strong expertise in risk management, security controls, cloud security, and industry compliance frameworks. ### Key Responsibilities Evaluate information security, privacy, and compliance risks across IT and OT systems Conduct detailed written risk and compliance assessments using recognised industry frameworks Identify, triage, and prioritise security risks, and develop effective mitigation plans Assess commercial off-the-shelf (COTS) and custom-developed systems for alignment with security policies, standards, laws, and regulations Evaluate and validate security controls within cloud environments Collaborate with cross-functional teams to remediate system and application vulnerabilities Support risk management initiatives, including third-party and vulnerability management Perform threat assessments and support incident response activities for IT and OT systems ### Required Experience 7+ years of experience evaluating information security, privacy, and compliance for IT and/or OT systems 7+ years of experience conducting written security, privacy, and/or AI risk and compliance assessments using frameworks such as NIST, CIS Critical Security Controls, ISO/IEC 27001, or equivalent 5+ years of experience triaging security risks and developing mitigation strategies, with or without vendor involvement 5+ years of experience evaluating COTS and custom business systems against IT/OT security policies, standards, regulations, and industry best practices 5+ years of experience assessing security controls in cloud environments 5+ years of experience working with cross-functional teams to mitigate or remediate vulnerabilities 4+ years of experience in risk management (including third-party risk), vulnerability management, and security programme management 4+ years of experience in threat assessment and/or incident response management ### EducationBachelors degree or higher in one or more of the following fields: Information Security Information Assurance Cybersecurity Computer Science Information Science Information Systems Management Digital Forensics Compliance and Risk Management ### Certifications (One or More Required) GIAC: GICSP, GSEC ISC: CISSP, CCSP, ISSAP, ISSEP, SSCP, CGRC, CSSLP CompTIA: Cloud+, Network+, Security+, CySA+ Privacy & Governance: GCSA, CIPT, CIPP, CIPM Risk Management: CRISC * Or other relevant cybersecurity, privacy, AI, or risk management certifications
