Principal OT Cybersecurity Consultant Assurance and Compliance

RINA -
Genova, Liguria

Candidati adesso

Dettagli della posizione

Tempo indeterminato

Qualifiche

Gestionale
Windows
Laurea magistrale
Laurea triennale
Gestione del rischio
Recruiting
System security

Descrizione completa della posizione

Posting Date: 20 May 2026

City: Genova

Location: Genova, IT, 16129

Roma, IT, 144

Contract Type: Permanent

Division: Operating Engine

Level of experience: Senior

RINA is currently recruiting for a Principal OT Cybersecurity Consultant Assurance and Compliance to join its office in GENOA or ROME within the Operating Engine Division.

Mission

The Principal Cybersecurity Consultant Assurance and Compliance is responsible for ensuring the security, compliance, and long‑term resilience of complex IT and Operational Technology (OT) environments, with a strong focus on industrial automation, critical infrastructures, and transportation systems.
The role provides expert guidance on cybersecurity governance, risk management, and technical assurance, supporting organizations in designing, assessing, and continuously improving integrated cybersecurity frameworks aligned with international regulations and standards (e.g. CRA, NIS2, IEC 62443, ISO 27001, EN 50701, NIST).
Acting as a trusted advisor to senior stakeholders, clients, and regulators, the role drives informed decision‑making on cybersecurity risks, ensures robust protection of safety‑critical and mission‑critical systems, and promotes cybersecurity‑by‑design principles throughout the entire system lifecycle.

Key Accountabilities

'Cybersecurity Governance, Risk Management & Compliance

Define, implement, and continuously evolve integrated cybersecurity governance and risk management frameworks for complex IT and OT environments.
Lead comprehensive cybersecurity risk assessments, identifying threats, vulnerabilities, and systemic weaknesses across industrial automation plants, subsystems, and onboard/transportation systems.
Define mitigation strategies that balance cybersecurity, safety, operational continuity, and regulatory compliance.
Ensure continuous alignment with applicable international regulations and standards, including CRA, NIS2, IEC 62443, ISO 27001, EN 50701, and NIST frameworks.

Technical Assurance & Security Evaluation

Lead and oversee advanced technical assurance activities for complex and safety‑critical IT/OT systems.
Supervise and validate configuration reviews, vulnerability assessments, and security evaluations in mixed IT/OT environments.
Assess system conformance against international assurance and security standards (e.g. ISO 27001, ISO/IEC 15408, NIST SP 800 series).
Prepare and approve high‑quality technical documentation, including security assessment reports, evaluation evidence, test descriptions, and test procedures, ensuring accuracy and defensibility of conclusions.
Provide authoritative recommendations to improve system security posture and resilience.

Operational Technology & Critical Infrastructure Security

Act as subject matter expert for cybersecurity of industrial and critical infrastructure systems, including SCADA, PLCs, industrial control systems, industrial networks, and transportation/onboard platforms.
Design, assess, and validate OT network architectures based on the Purdue Model and Zone & Conduit concepts.
Support the implementation of network segmentation, system hardening, monitoring, and defense‑in‑depth measures in line with IEC 62443 and EN 50701 principles.
Promote and apply cybersecurity‑by‑design and secure‑by‑default approaches throughout the entire system lifecycle, ensuring long‑term reliability and compliance of safety‑critical systems.

Audit, Certification & Regulatory Interaction

Plan, lead, and validate internal and external cybersecurity audits to assess compliance readiness for certifications such as ISO 27001, IEC 62443, EN 50701, and CMMC.
Act as senior technical interface with certification bodies, auditors, and regulatory authorities.
Support organizations in certification processes and in maintaining continuous improvement of cybersecurity management systems over time.

Stakeholder Engagement, Advisory & Capability Development

Act as a trusted cybersecurity advisor for customers and internal stakeholders on complex or high‑risk cybersecurity topics.
Collaborate with multidisciplinary teams to embed cybersecurity, governance, and compliance requirements into engineering, operational, and business processes.
Provide technical leadership, mentoring, and guidance to cybersecurity consultants and specialists.
Deliver advanced training sessions, awareness initiatives, and technical workshops covering IT, OT, governance, and compliance best practices.

Education

Bachelor’s Degree

Master’s Degree in Computer Engineering or Cyber Security

Qualifications

'- 12–15+ years of experience in cybersecurity assurance, risk management, and compliance across IT and OT environments.

Strong hands‑on background in industrial and OT systems at plant and subsystem level.
Proven experience leading complex risk assessments, audits, and assurance activities for critical infrastructures.
Deep understanding of international cybersecurity standards, regulations, and frameworks, including: CRA, NIS2, ISO/IEC 27001, IEC 62443, EN 50701 e NIST standards and guidelines
Strong understanding of industrial networking principles, Purdue Model, Zone & Conduit architecture.
Familiarity with operating system security (Windows, Linux).
Excellent analytical, decision‑making, and communication skills. #LI-MM5

Competencies

DOMAIN & BUSINESS ACUMEN - Applying a scientific approach and critical thinking in operations and solution development within area of expertise.
FORESIGHT & INSIGHT - Context awareness adopting a systemic perspective and informed decision making.
INTERPERSONAL INFLUENCE - Skills and strategies we use to interact effectively with others.
PERSONAL EMPOWERMENT - Ownership for life, work and results, striving to grow professionally and personally.
WORKPLACE DYNAMICS - Resourcefulness in shaping progress and working efficiently.

RINA is a multinational company providing a wide range of services in the energy, marine, certification, infrastructure & mobility, industry, research & development sectors. Our business model covers the full process of project development, from concept to completion.

At RINA, we endeavor to create a work environment where every single person is valued and encouraged to develop new ideas. We provide equal employment opportunities and are committed to creating a workplace where everyone feels respected and safe from discrimination or harassment of any kind. We are also compliant to the Italian Law n. 68/99.

Candidati adesso

Strumenti per chi cerca lavoro

Strumenti Aziende

Visualizza

Resta in contatto