Ot Risk

**OT Risk & Compliance**:
**Date**:Nov 2, 2023

**Location**: MONTERREY, MX

**Company**:NEORIS

We are **NEORIS** **As a digital accelerator we help companies step into the future Currently we are looking for a OT Risk & Compliance.

**RESPONSIBILITIES**:

- Define OT Cybersecurity policies.
- Develop metrics framework that effectively measures Cybersecurity risks for OT
- Performs OT risk assessments of existing or new services and technologies, along with business counterparts.
- Define OT Security Standards (NIST, IEC, etc.) coordinate implementation and certifications with OT Regional and Local Teams
- Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
- Communicates risk assessment findings to risk owners and custodians and governance teams.
- Follow all OT Cybersecurity risk remediation protocols to ensure issues are mitigated, risks are accounted for, and exceptions are tracked in accordance with frameworks, policies and standards set by the organization.
- Assists to perform and responding to audits, penetration tests and vulnerability assessments.
- Develops, reviews, implements and maintains targeted Cybersecurity awareness program to mitigate human risks on OT environments.
- Coordinate with IT Cybersecurity Governance Risk & Compliance team

**REQUIREMENTS**:

- BS or MA in computer science, information security, cybersecurity or a related field
- 3+ years of experience in an IT audit or enterprise risk management (ERM) role
- 3+ years of experience with regulatory compliance and information security management frameworks (e.g., IS0 27000, COBIT, NIST 800, etc.

Desired, but not required:

- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM)
- Knowledge on NIST 800 OT cybersecurity controls

Knowledge and Skills
- An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- An ability to effectively influence others to modify their opinions, plans or behaviors
- Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, and effectively assessing the priority and time required to complete each part
- An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside cybersecurity in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance
- Strong problem-solving and trouble-shooting skills

**OFFER**:

- Professional Growth
- Dynamic work environment
- Competitive Salary
- Attractive Benefits Plan
- Statutory and higher benefits
- Development Opportunities

Risk Management, Information Security, Information Systems, Compliance, Computer Science, Finance, Technology, Legal