IT/OT Risk Contractor

OT Risk Analyst – Contract – Hybrid

We are working with a large, regulated organisation delivering Critical National Infrastructure (CNI) services. Operating across complex IT and OT environments, the organisation places strong emphasis on cyber resilience, regulatory compliance, and effective OT risk management.

They are seeking an OT Risk Analyst to support their Governance, Risk & Compliance (GRC) function. This is a hands-on delivery role focused on identifying, assessing, and managing OT cyber risks across operational environments, ensuring risks are understood, proportionately treated, and accurately reported.

The role reports into the Information Security Manager and works closely with OT engineering, IT security teams, risk owners, and third-party suppliers to ensure operational cyber risks are visible, controlled, and aligned to business and safety priorities.

What you’ll be doing

  • Deliver qualitative and quantitative OT cyber risk assessments using recognised risk management approaches
  • Identify, assess, document, and monitor OT and ICS security risks across enterprise and operational environments
  • Maintain accurate and up-to-date risk registers, including risk treatment plans, control profiles, and supporting evidence
  • Work with OT stakeholders (engineering, operations, maintenance) to understand asset criticality, safety impacts, and operational constraints
  • Support the wider GRC function by gathering OT risk-related data and contributing to mitigation planning, reporting, and governance forums
  • Support supply chain and third-party OT cyber risk assessments, working with assurance teams to assess vendor connectivity, remote access, and managed service risks
  • Contribute to the development of OT risk quantification capability, translating technical risk into business impact (including safety, availability, regulatory exposure, and financial outcomes)
  • Support compliance with internal controls and external regulatory and legislative requirements (including those relevant to CNI and OT environments)

What you’ll bring

  • 3–5 years’ experience in cyber / information security risk, with demonstrable exposure to OT/ICS environments
  • Strong understanding of risk frameworks such as ISO 27005, OCTAVE, FAIR/FAST
  • Exposure to OT and regulatory standards/frameworks such as IEC 62443, NIS / CAF (or NIS-D CAF), NIST Cybersecurity Framework & ISO 27001
  • Hands-on experience conducting risk assessments and supporting ongoing risk management (registers, treatments, reporting)
  • Strong stakeholder skills, able to engage technical and non-technical teams across IT, OT, and the wider business
Apply Now
Apply Now

Job Details

Company
Bestman Solutions
Location
London, UK
Posted