The organisation is a large public-sector transport operator whose IT Security department manages protection across corporate IT and operational technology systems. This role exists to strengthen enterprise-level risk management by delivering cybersecurity risk assessments and IT maturity assessment work, and it requires a certified practitioner with hands-on experience in risk management and CISSP certification.
The mission
The IT Security department is responsible for governance and implementation of security controls across IT, OT and IIoT environments that support critical operational services. The work focuses on assessing cybersecurity threats, validating control processes and ensuring compliance with the organisation's enterprise risk principles. You will contribute to a programme of risk assessments tied to change initiatives, OT system updates and process improvement projects.
Day to day you will report to the IT Security Manager and work across security, operations and engineering teams to operationalize enterprise cyber risk management. You will deliver structured risk assessments, maintain accurate remediation and status reporting for the IS security governance register, and propose measurable mitigations that teams can implement. The role is senior and intended to embed repeatable, organisation-wide risk practices.
Your responsibilities
- Lead and deliver cybersecurity risk assessments for IT, OT and IIoT changes, producing clear findings and prioritised remediation plans
- Own and maintain accurate remediation reporting within the IS security governance register, ensuring actions progress to closure
- Operationalize enterprise cyber risk management practices and align assessments with the organisation's risk principles and compliance requirements
- Advise project and operations teams on practical mitigations, translating technical findings into implementable controls and acceptance criteria
- Identify gaps or obstacles in existing risk and control processes, design pragmatic improvements and support their adoption
- Support risk assessments of control processes and attestations, contributing to periodic maturity reviews
Your profile
Essential skills
- CISSP certification, required
- Senior-level experience in cybersecurity risk management across IT and OT or industrial environments
- Proven capability performing IT maturity assessment and producing maturity improvement roadmaps
- Strong experience with enterprise risk frameworks and third-party cyber risk assessment
- Comfortable engaging multiple stakeholders, translating technical risk into business decisions and prioritised remediation
Languages
- English, C1