Information Security Officer

About The Position

Requirements

• Degree in Computer Science, Information Security, Engineering, or a related field; or equivalent experience.
• At least one of the following professional certifications (or commitment to obtain within 12 months): CISSP or CISM (core) ISO/IEC 27001 Lead Implementer or Lead Auditor CCSP (cloud) or CRISC (risk) CompTIA Security+ IEC 62443 certificate(s) (desirable for OT)
• 5+ years in information/cybersecurity roles, with demonstrable GRC ownership and risk management in complex, multi‑site environments.
• Hands‑on experience implementing and operating ISO 27001 and/or NIST CSF frameworks, including audits and certification cycles.
• Proven track record of leading remediation across vulnerability management, identity & access management, network security, and cloud security (Azure/AWS).
• Vendor and third‑party risk management, including contract negotiation and continuous monitoring.
• Incident response participation (playbooks, table‑tops, forensics coordination, lessons learned).

Nice To Haves

• Practical exposure to industrial/OT security (IEC 62443 concepts, ICS/SCADA risk, segmentation, asset management) strongly preferred.

Responsibilities

• Own and evolve the information security policy framework, standards, and baselines aligned to ISO/IEC 27001, NIST CSF, and relevant IEC 62443 controls for OT.
• Operate the Information Security Management System (ISMS): scope management, control selection, risk treatment plans, Statement of Applicability, internal audits, and management reviews.
• Maintain Rotork’s Cyber and Information Security risk register and conduct regular assessments (IT and OT), providing clear risk narratives, impact analyses, and remediation plans.
• Lead third‑party/security due diligence and contract language (SLAs, DPAs, security schedules), including supplier onboarding, continuous monitoring, and exit controls.
• Define security requirements and patterns for cloud, on‑prem, network, and endpoint—including identity, privileged access, segmentation, and encryption.
• Partner with Enterprise Architecture and Engineering to embed secure-by-design and privacy-by-design across projects, with formal design reviews and sign‑off gates.
• Collaborate with SOC/IR teams to refine use cases, playbooks, and detections; ensure control effectiveness through KPIs/KRIs and continuous assurance.
• Drive vulnerability and patch governance - prioritization, SLA management, compensating controls - and track remediation to closure.
• Lead security awareness and targeted training (e.g., phishing, secure coding, OT cyber hygiene, supplier security).
• Provide clear, business‑friendly reporting and metrics to leadership - risk posture, control maturity, audit findings, and improvement roadmap.
• Monitor compliance with emerging AI regulations and standards, including EU AI Act, UK AI principles, and ISO/IEC 42001 for AI Management Systems.
• Assess risks associated with AI-enabled systems, including adversarial attacks, data poisoning, and model integrity.
• Collaborate with internal teams to embed security and privacy-by-design in AI models and algorithms.
• Support Rotork’s Cyber Essentials Plus and IASME Cyber Assurance accreditation programs, ensuring all technical and procedural controls meet certification requirements.
• Maintain evidence packs, liaise with external assessors, and coordinate internal teams for successful audits and renewals.