Job Description

We are seeking an experienced Senior Security Governance or Cyber Security Governance with deep knowledge of OT and IT environments to support the development and implementation of robust governance frameworks, compliance strategies, and risk management processes.

The consultant will play a vital role in aligning OT cybersecurity strategy, developing and updating key governance artifacts, and supporting critical compliance initiatives including PCI-DSS.

Key Responsibilities:

• Lead the expansion and improvement of cybersecurity governance and compliance in both IT and OT environments.
• Design and implement a roadmap and operating model for IT/OT governance that aligns with business objectives.
• Develop, update, and maintain critical security governance documents such as policies, standards, and procedures, in accordance with regulatory requirements and best practices (PCI-DSS, ISO 27001, NIST CSF, ISA/IEC 62443).
• Support annual PCI-DSS assessments by coordinating with QSAs, internal teams, and business units to validate compliance and resolve findings.
• Act as SME for security requirements in cross-functional project teams, recommending and implementing appropriate controls.
• Manage third-party risk through contract reviews, vendor security assessments, and RFP processes throughout the procurement lifecycle.
• Support the GRC team in the development of security-compliant solutions and risk management strategies.
• Collaborate with stakeholders across digital transformation, product delivery, infrastructure, and audit teams to remediate risks and align with security standards.
• Maintain and organize cybersecurity audit artifacts and documentation, ensuring completeness and controlled access.
• Provide security awareness training and contribute to security education programs tailored to risk and regulatory environment.
• Use risk management and compliance tools (e.g., ServiceNow, OneTrust, AuditBoard) to support ongoing governance activities.
• Regularly communicate with internal stakeholders and escalate issues requiring further analysis to senior leadership.

Required Qualifications:

• One or more of the following certifications: CISSP, CISM, CCSP, or CISA (mandatory).
• Minimum 7+ years in information security with experience leading large-scale security projects.
• 7+ years working within OT environments, with a deep understanding of governance, risk, and compliance for OT systems.
• Proven experience developing and implementing governance frameworks, policies, standards, and security procedures.
• Strong expertise with key frameworks and standards such as PCI-DSS, NIST CSF, ISO/IEC 27001, and ISA/IEC 62443.
• Strong communication and presentation skills for engaging technical and non-technical stakeholders.
• Solid understanding of third-party risk management practices and contractual security requirements.
• Proficiency in cybersecurity risk management platforms (e.g., ServiceNow, OneTrust, AuditBoard).
• Highly organized with strong time management and prioritization skills.
• Advanced skills in Microsoft Office tools (Word, Excel, PowerPoint, Visio, PowerBI, SharePoint).