Risk Management Specialist
Posted Today by Bestman Solutions
Negotiable
Undetermined
Hybrid
London Area, United Kingdom
Summary: The OT Risk Specialist role involves managing and assessing operational technology (OT) cyber risks within a highly regulated environment that supports Critical National Infrastructure services. The position requires a hands-on approach to risk management, focusing on practical ownership and clear communication with various stakeholders. The specialist will independently conduct risk assessments and maintain risk registers while ensuring compliance with regulatory obligations. This role emphasizes the importance of translating technical risks into business impacts and improving risk management practices.
Key Responsibilities:
- Independently deliver qualitative and quantitative OT cyber risk assessments, using recognised risk methodologies and sound professional judgement.
- Identify, assess, document, and actively manage OT and ICS cyber risks across operational and enterprise environments.
- Own and maintain OT risk registers end-to-end, including risk statements, treatments, control profiles, and supporting evidence.
- Engage directly with OT stakeholders (engineering, operations, maintenance) to understand asset criticality, safety implications, and operational constraints without disrupting live services.
- Translate technical OT risk into clear business impact, covering safety, availability, regulatory exposure, and financial risk.
- Support supply chain and third-party OT cyber risk assessments, including remote access, managed service providers, and vendor connectivity.
- Provide credible input into governance forums, reporting, and assurance activities, representing OT risk with authority and clarity.
- Contribute to the ongoing maturity of OT risk and risk quantification practices, improving consistency and decision-making.
- Support compliance with internal controls and external regulatory and legislative obligations relevant to CNI and OT environments.
Key Skills:
- 3–5+ years’ experience in cyber or information security risk, with practical exposure to OT / ICS environments.
- Proven experience delivering risk assessments independently, from scoping through to treatment and reporting.
- Strong working knowledge of risk frameworks such as ISO 27005, OCTAVE, FAIR / FAST, with the ability to apply them pragmatically.
- Exposure to OT and regulatory standards including IEC 62443, NIS / CAF (or NIS-D CAF), NIST CSF, ISO 27001.
- Confidence engaging and challenging senior technical and operational stakeholders without escalation or supervision.
- A delivery mindset: comfortable making decisions, documenting risk clearly, and moving work forward without hand-holding.
Salary (Rate): undetermined
City: London Area
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: undetermined
Seniority Level: undetermined
Industry: Other
OT Risk Specialist – Contract – Hybrid
We are supporting a large, highly regulated organisation delivering Critical National Infrastructure services. The environment spans complex IT and OT estates, where cyber risk directly intersects with safety, availability, and regulatory obligations. They are seeking an OT Risk Specialist to strengthen their Governance, Risk & Compliance capability. This is a hands-on, delivery-focused role for a risk specialist who can independently identify, assess, articulate, and drive the management of OT cyber risk across live operational environments. This role is not about frameworks for the sake of frameworks. It is about practical risk ownership, clear judgement, and credible challenge. You will be trusted to operate with minimal hand-holding, working directly with engineers, risk owners, and leadership to ensure OT risks are properly understood and proportionately treated.
What you’ll be doing
- Independently deliver qualitative and quantitative OT cyber risk assessments, using recognised risk methodologies and sound professional judgement
- Identify, assess, document, and actively manage OT and ICS cyber risks across operational and enterprise environments
- Own and maintain OT risk registers end-to-end, including risk statements, treatments, control profiles, and supporting evidence
- Engage directly with OT stakeholders (engineering, operations, maintenance) to understand asset criticality, safety implications, and operational constraints without disrupting live services
- Translate technical OT risk into clear business impact, covering safety, availability, regulatory exposure, and financial risk
- Support supply chain and third-party OT cyber risk assessments, including remote access, managed service providers, and vendor connectivity
- Provide credible input into governance forums, reporting, and assurance activities, representing OT risk with authority and clarity
- Contribute to the ongoing maturity of OT risk and risk quantification practices, improving consistency and decision-making
- Support compliance with internal controls and external regulatory and legislative obligations relevant to CNI and OT environments
What you’ll bring
- 3–5+ years’ experience in cyber or information security risk, with practical exposure to OT / ICS environments
- Proven experience delivering risk assessments independently, from scoping through to treatment and reporting
- Strong working knowledge of risk frameworks such as ISO 27005, OCTAVE, FAIR / FAST, with the ability to apply them pragmatically
- Exposure to OT and regulatory standards including IEC 62443, NIS / CAF (or NIS-D CAF), NIST CSF, ISO 27001
- Confidence engaging and challenging senior technical and operational stakeholders without escalation or supervision
- A delivery mindset: comfortable making decisions, documenting risk clearly, and moving work forward without hand-holding