IM&T Senior Cybersecurity Consultant & ISO 27001 Program Controller

Our client is seeking a highly skilled IM&T Senior Cybersecurity Consultant & ISO 27001 Program Controller to lead and support the implementation of IT & OT cybersecurity programs and ensure ongoing compliance with ISO 27001 standards. This critical role will be instrumental in executing the client's ISMS Phase 7 Program while strengthening cybersecurity governance, risk management, and assurance capabilities across diverse digital and operational landscapes.

• Oversee and manage IT & OT cybersecurity management systems in compliance with industry standards.
• Lead multiple full-cycle implementations of ISA 62443 and ISO 27001:2022 ISMS frameworks.
• Conduct and report on comprehensive IT & OT cybersecurity risk assessments and propose mitigation strategies.
• Perform internal audits, compliance checks, and site security gap assessments across multiple locations.
• Manage the ISO 27001 certification and surveillance audit process.
• Develop, review, and maintain cybersecurity governance documentation and policies.
• Act as a subject matter expert in ISO 27001 and ISA 62443, advising on secure system design, deployment, and operations.
• Collaborate with cross-functional teams to deploy and maintain a secure IT/OT environment.
• Conduct cybersecurity training, awareness sessions, and mentor internal teams.
• Ensure effective execution of the client's Cybersecurity Discipline Controls Assurance Framework (DCAF).

• Graduate or postgraduate degree, or equivalent experience in ISMS and cybersecurity.
• 20+ years of experience in IT cybersecurity management systems.
• 10+ years in IT/OT auditing and cybersecurity reporting.
• 5+ years in OT security, preferably within industrial or energy sectors.
• Demonstrated experience in:
  • At least 2 ISA 62443 implementations.
  • At least 5 ISO 27001:2022 implementations.
• Strong project management skills with expertise in cybersecurity risk management and mitigation.
• Excellent written and verbal communication skills in English.

• ISO 27001:2022 Lead Auditor
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified in Governance of Enterprise IT (CGEIT)
• Global Industrial Cybersecurity Professional (GICSP)
• Shell OT Security & DCAF Trainings
• ITIL V3 Foundation

ISA 62443 (IC33M, IC34M, IC37M), GRID, GCIP, CEH, OSCP, GCIA, GCIH, Security+

• Deep understanding of OT cybersecurity standards (ISA/IEC 62443, NIST, ISO 27000 family).
• Proven leadership in managing cybersecurity compliance programs within complex enterprise and industrial environments.
• Ability to work independently and collaboratively in a multicultural, cross-disciplinary setting.
• Strategic thinker with strong analytical, organizational, and mentorship capabilities.

This is a unique opportunity to contribute to a forward-thinking cybersecurity strategy and play a pivotal role in protecting vital infrastructure. The role offers a challenging environment, cross-functional collaboration, and a chance to shape a secure digital future with a leading industry client.