Senior InfoSec Advisor (IRM Manager)

We have a current opportunity for a Senior InfoSec Advisor (IRM Manager) on a12 month PAYE contract basis. The position will be based in Aberdeen and will have a 3 / 2 hybrid working pattern

Perform structured IT and information security risk assessments and threat modelling for new IT platforms, systems, and applications and for material changes.

Provide security architecture advice (patterns, guardrails) aligned to NIST CSF / ISO 27001 and company standards.

Define and agree control selection (prevent / detect / correct) proportionate to risk, including identity, data and platform controls.

Conduct IT control walkthroughs to validate design and operating effectiveness; document evidence and issues.

Own the LOD2 assurance plan with specific focus on critical assets and safety-related systems; define test scopes, frequency and metrics.

Track high-risk deviations and risk acceptances; drive remediation and report residual risk to the CISO, CIO and business risk owners.

Own the LOD2 assurance plan across OT sites against the OT security standard, deciding the order and frequency of assessments aligned to risk and risk appetite.

Provide OT security advisory in relation to OT security standards alignment across all OT sites, advocating for segmentation, zoning, secure remote access, security monitoring and patching controls in line with ISA / IEC 62443.

Run supplier assurance in collaboration Procurement including, pre contract due diligence, control reviews, and ongoing attestation for Suppliers and Third Parties.

Collaborate with Legal to ensure that contractual SLAs / KPIs include security requirements and be involved in remediation where gaps exist.

Maintain risk registers, control libraries and test plans; provide CIO-ready reporting on issues and residual risk.

Coordinate with the Business and 1st Line risk owners, as well as with the Assurance parties such as Internal Audit (LOD3) and the major IT and SOC managed service providers to close control gaps, and feed lessons learnt into standards and patterns.

Organisation-wide information security remit across corporate IT and OT; frequent engagement with IT Operations, OT Engineering, HSSE, Finance, Procurement and Legal.

Direct influence on risk mitigation options and plans, acting as a trusted advisor.

Mix of advisory, oversight and hands-on walkthroughs; pragmatic, proportionate risk approach.

7+ years in information risk, security assurance or IT audit within regulated, safety-critical or industrial environments (energy / oil & gas preferred).

Strong knowledge of NIST CSF, ISO 27001, UK GDPR and supplier assurance practices; familiarity with the UK CAF is desirable.

Proven experience running compliance and assurance functions, Secure-by-Design reviews, and control testing (for design & operating effectiveness).

Solid grasp of OT / IC risk and understanding of SCADA / PI / EC interfaces.

Skilled at stakeholder management and risk communication to senior audiences (clear, concise, business-outcome focused).

GRC / IRM platforms (e.g., ServiceNow), and common cloud services (M365 / Azure) for workflows and evidence capture.

ISO 27001 Lead Auditor, CISM

SABSA, CISSP

SANS GICSP, ISA / IEC 62443

As an international workforce business, we are committed to sourcing personnel that reflects the diversity and values of our client base but also that of Orion Group. We welcome the wide range of experiences and viewpoints that potential workers bring to our business and our clients, including those based on nationality, gender, culture, educational and professional backgrounds, race, ethnicity, sexual orientation, gender identity and expression, disability, and age differences, job classification and religion. In our inclusive workplace, regardless of your employment status as staff or contract, everyone is assured the right of equitable, fair and respectful treatment