- Company Name
- Bestman Solutions
- Job Title
- Risk Management Specialist
- Job Description
-
**Job Title:**
OT Risk Management Specialist (Contract – Hybrid)
**Role Summary:**
Deliver end‑to‑end OT/ICS cyber risk assessments and governance for a regulated critical national infrastructure provider. Independently identify, quantify, and manage OT cyber risks, maintain risk registers, and communicate risk impact to business and senior stakeholders.
**Expectations:**
- Work autonomously with minimal supervision.
- Translate technical OT risks into clear business, safety, and regulatory implications.
- Influence and challenge senior engineering and operational leaders.
- Contribute to maturity of OT risk methodology and compliance programs.
**Key Responsibilities:**
- Conduct qualitative and quantitative OT cyber risk assessments using ISO 27005, OCTAVE, FAIR/FAST or similar.
- Identify, document, and treat OT/ICS risks across operational and enterprise environments.
- Own and maintain comprehensive OT risk registers (risk statements, treatments, control evidence).
- Engage with OT engineers, operations, and maintenance teams to assess asset criticality and safety impact without disrupting services.
- Provide risk‑based input to governance forums, reporting, and assurance activities.
- Support third‑party and supply‑chain OT risk assessments (remote access, MSPs, vendor connectivity).
- Ensure compliance with IEC 62443, NIS/CAF, NIST CSF, ISO 27001 and other relevant regulations.
- Drive continuous improvement of OT risk quantification and decision‑making processes.
**Required Skills:**
- 3–5+ years experience in cyber/information security risk, with hands‑on OT/ICS exposure.
- Proven ability to independently deliver full‑cycle risk assessments.
- Strong knowledge of risk frameworks (ISO 27005, OCTAVE, FAIR/FAST) and OT standards (IEC 62443, NIS/CAF, NIST CSF, ISO 27001).
- Excellent stakeholder engagement and senior‑level communication skills.
- Analytical judgment, documentation proficiency, and delivery‑focused mindset.
**Required Education & Certifications:**
- Bachelor’s degree in Computer Science, Information Security, Engineering, or related field (or equivalent experience).
- Relevant certifications preferred (e.g., CISSP, CISA, GICSP, IEC 62443‑related certs).