Renata
Back to jobs
T

OT Cyber-Security – GRC

Trafigura
Madrid - Impala OfficePosted 1 months ago
Full-timeonsite
Apply NowAsk Renata

Job Description

Key Responsibilities: Responsibilities include but are not limited to:

 

1. Audits & Assurance

  • Plan, coordinate and support OT security audits, assessments and self-assessments across sites and regions.

  • Act as the primary interface for internal audit, external auditors, regulators and assessors on OT security matters.

  • Ensure audit findings are risk-assessed, prioritised, tracked and remediated in collaboration with stakeholders.

  • Maintain evidence, documentation and artefacts required to demonstrate compliance.

  • Support alignment and assurance activities with applicable OT cybersecurity standards and regulations.

2. Risk Management

  • Lead and maintain OT cyber risk assessments, considering security, safety, environmental, assets and regulatory impacts aligned to 62443.

  • Ensure OT risks are documented, owned and aligned with risk management frameworks.

  • Define and maintain risk registers, including threat, vulnerability and consequence-based risks.

  • Support risk treatment planning and track risk acceptance, mitigation and residual risk decisions.

  • Translate technical OT risks into clear, business-relevant risk statements for leadership and governance committees.

3. Supply Chain & Third-Party Risk Management

  • Own and maintain OT security requirements for suppliers, consultants and vendors.

  • Assess and manage third-party cyber risks associated with OT systems, software, hardware and remote access.

  • Support secure onboarding and ongoing assurance of critical OT suppliers and service providers.

  • Ensure contractual and procurement processes include appropriate OT security access, and resilience requirements.

  • Monitor and respond to supply-chain-related vulnerabilities, advisories and incidents.

4. External Compliance Training & Awareness

  • Own and coordinate OT security strategy for training and awareness for internal teams, contractors and relevant third parties.

  • Ensure training content reflects real OT risks, regulatory expectations and operational realities.

  • Support compliance-driven training obligations required by regulators, customers/contractual commitments.

  • Promote a risk-aware and safety-conscious security culture across engineering and operations.

  • Track and report on training and awareness completion and effectiveness where required.

5. Incident Response (IR)

  • Support and govern OT-specific incident response planning and readiness.

  • Ensure OT incident response procedures are aligned with safety, operational and regulatory requirements.

  • Coordinate OT involvement during incidents, including forensics, reporting and post-incident reviews.

  • Ensure lessons learned are captured and translated into improvements to controls and processes.

6. Business Continuity & Disaster Recovery (BCP/DR)

  • Support the development and governance of OT business continuity and disaster recovery plans.

  • Ensure BCP/DRP reflects realistic OT recovery scenarios, dependencies and constraints.

  • Align OT recovery objectives with safety, production and regulatory expectations.

  • Participate in and support BCP/DRP testing, exercises and reviews.

  • Ensure cyber-related disruptions are considered within operational resilience planning.

7. Crossover Responsibilities

  • Act as a central point of coordination between security, engineering, operations, legal. HSEQ and compliance.

  • Maintain OT security policies, standards and procedures within the GRC domain.

  • Support executive and board reporting on OT security risk, compliance status and resilience.

Drive continuous improvement of the OT security governance framework CSMS.

Knowledge, Skills and Abilities

 

  • 5-7 years’ strong knowledge of OT cybersecurity governance, risk and compliance.  

  • Strong expertise of IEC 62443 series.

  • Understanding of cyber/physical risk, safety, environmental, assets and regulatory impacts.

  • Experienced understanding of industrial environments, OT lifecycles and operational constraints.

  • Skilled in conducting/coordinating OT security audits, assessments, compliance activities and maintaining risk registers.

  • Able to support IR, BCP and DRP planning and exercising.

  • Delivering and coordinating OT training and awareness strategies.

  • Expert in preparing clear documentation, evidence and executive-level reporting. 

  • Ability to communicate complex risk clearly to technical and non-technical audiences.

  • Ability to work across global and regulated environments.

Cross-team collaboration, attention to detail, documentation discipline, risk communication & continuous improvement mindset

See Your Match Score

Sign up and Renata will show you how this job matches your skills and experience.

Get Started Free
About Trafigura
OT Cyber-Security – GRC at Trafigura | Renata