Principal ot cybersecurity consultant assurance and compliance

Ph3Overview /h3pRINA is recruiting for a bPrincipal OT Cybersecurity Consultant Assurance and Compliance /b to join its office in bGENOA or ROME /b within the bOperating Engine /b Division. /ph3Mission /h3pThe Principal Cybersecurity Consultant Assurance and Compliance is responsible for ensuring the security, compliance, and long‑term resilience of complex IT and Operational Technology (OT) environments, with a strong focus on industrial automation, critical infrastructures, and transportation systems. The role provides expert guidance on cybersecurity governance, risk management, and technical assurance, supporting organizations in designing, assessing, and continuously improving integrated cybersecurity frameworks aligned with international regulations and standards (e.g. CRA, NIS2, IEC 62443, ISO 27001, EN 50701, NIST). Acting as a trusted advisor to senior stakeholders, clients, and regulators, the role drives informed decision‑making on cybersecurity risks, ensures robust protection of safety‑critical and mission‑critical systems, and promotes cybersecurity‑by‑design principles throughout the entire system lifecycle. /ph3Key Accountabilities /h3ulliCybersecurity Governance, Risk Management Compliance: Define, implement, and continuously evolve integrated cybersecurity governance and risk management frameworks for complex IT and OT environments. /liliLead comprehensive cybersecurity risk assessments, identifying threats, vulnerabilities, and systemic weaknesses across industrial automation plants, subsystems, and onboard/transportation systems. /liliDefine mitigation strategies that balance cybersecurity, safety, operational continuity, and regulatory compliance. /liliEnsure continuous alignment with applicable international regulations and standards, including CRA, NIS2, IEC 62443, ISO 27001, EN 50701, and NIST frameworks. /li /ulh3Technical Assurance Security Evaluation /h3ulliLead and oversee advanced technical assurance activities for complex and safety‑critical IT/OT systems. /liliSupervise and validate configuration reviews, vulnerability assessments, and security evaluations in mixed IT/OT environments. /liliAssess system conformance against international assurance and security standards (e.g. ISO 27001, ISO/IEC 15408, NIST SP 800 series). /liliPrepare and approve high‑quality technical documentation, including security assessment reports, evaluation evidence, test descriptions, and test procedures, ensuring accuracy and defensibility of conclusions. /liliProvide authoritative recommendations to improve system security posture and resilience. /li /ulh3Operational Technology Critical Infrastructure Security /h3ulliAct as subject matter expert for cybersecurity of industrial and critical infrastructure systems, including SCADA, PLCs, industrial control systems, industrial networks, and transportation/onboard platforms. /liliDesign, assess, and validate OT network architectures based on the Purdue Model and Zone Conduit concepts. /liliSupport the implementation of network segmentation, system hardening, monitoring, and defense‑in‑depth measures in line with IEC 62443 and EN 50701 principles. /liliPromote and apply cybersecurity‑by‑design and secure‑by‑default approaches throughout the entire system lifecycle, ensuring long‑term reliability and compliance of safety‑critical systems. /li /ulh3Audit, Certification Regulatory Interaction /h3ulliPlan, lead, and validate internal and external cybersecurity audits to assess compliance readiness for certifications such as ISO 27001, IEC 62443, EN 50701, and CMMC. /liliAct as senior technical interface with certification bodies, auditors, and regulatory authorities. /liliSupport organizations in certification processes and in maintaining continuous improvement of cybersecurity management systems over time. /li /ulh3Stakeholder Engagement, Advisory Capability Development /h3ulliAct as a trusted cybersecurity advisor for customers and internal stakeholders on complex or high‑risk cybersecurity topics. /liliCollaborate with multidisciplinary teams to embed cybersecurity, governance, and compliance requirements into engineering, operational, and business processes. /liliProvide technical leadership, mentoring, and guidance to cybersecurity consultants and specialists. /liliDeliver advanced training sessions, awareness initiatives, and technical workshops covering IT, OT, governance, and compliance best practices. /li /ulh3Education /h3pBachelor’s Degree in Computer Engineering or Cyber Security /ppMaster’s Degree in Computer Engineering or Cyber Security /ph3Qualifications /h3ulli12–15+ years of experience in cybersecurity assurance, risk management, and compliance across IT and OT environments. /liliStrong hands‑on background in industrial and OT systems at plant and subsystem level. /liliProven experience leading complex risk assessments, audits, and assurance activities for critical infrastructures. /liliDeep understanding of international cybersecurity standards, regulations, and frameworks, including CRA, NIS2, ISO/IEC 27001, IEC 62443, EN 50701 and NIST standards and guidelines. /liliStrong understanding of industrial networking principles, Purdue Model, Zone Conduit architecture. /liliFamiliarity with operating system security (Windows, Linux). /liliExcellent analytical, decision‑making, and communication skills. /li /ulh3Competencies /h3ulliDOMAIN BUSINESS ACUMEN - Applying a scientific approach and critical thinking in operations and solution development within area of expertise. /liliFORESIGHT INSIGHT - Context awareness adopting a systemic perspective and informed decision making. /liliINTERPERSONAL INFLUENCE - Skills and strategies we use to interact effectively with others. /liliPERSONAL EMPOWERMENT - Ownership for life, work and results, striving to grow professionally and personally. /liliWORKPLACE DYNAMICS - Resourcefulness in shaping progress and working efficiently. /li /ulpRINA is a multinational company providing a wide range of services in the energy, marine, certification, infrastructure mobility, industry, research development sectors. Our business model covers the full process of project development, from concept to completion. /ppAt RINA, we endeavor to create a work environment where every single person is valued and encouraged to develop new ideas. We provide equal employment opportunities and are committed to creating a workplace where everyone feels respected and safe from discrimination or harassment of any kind. We are also compliant to the Italian Law n. 68/99. /p /p #J-18808-Ljbffr