IT/OT Compliance Senior Analyst

This position is responsible for monitoring, managing, and closing existing OT compliance issues, while ensuring that OT systems—including industrial control systems (ICS), SCADA, IoT devices, and plant‑level automation—comply with internal security standards as well as global frameworks such as IEC 62443, NIS2, TISAX, ISO 27019, or ISO 27001.

In carrying out these functions, the analyst’s responsibilities include the identification, evaluation, and interpretation of regulatory, statutory, and operational security requirements, control deficiencies, and cyber/operational risks affecting production environments.

The position may be based in Bucharest and reports directly to the Senior IT Compliance Manager, while closely collaborating with Engineering, Maintenance, and EHS teams.

Essential Duties and Responsibilities

• Design, coordinate, and execute OT‑focused audit processes (e.g., NIS2, IEC 62443, operational risk audits) to assess and measure compliance across industrial control systems, automation networks, and plant operations.
• Monitor advancements in industrial cybersecurity standards and sector frameworks (e.g., IEC 62443, ISO 27019, NIS2, TISAX where applicable) to ensure organizational readiness and compliance alignment.
• Develop, recommend, and establish OT security controls and procedures to protect operational assets against unauthorized access, manipulation, physical sabotage, system downtime, or safety‑impacting events.
• Assist in identifying and mitigating vulnerabilities across ICS/SCADA systems, PLCs and OT networks.
• Provide consulting and support to system owners, custodians, engineering teams, and plant personnel in defining and deploying cost‑effective OT security controls in industrial environments.
• Support OT asset inventory accuracy, network segmentation efforts, remote access governance, and hardening of industrial devices.
• Ensure controls and operational practices remain compliant as systems evolve, technologies change, or regulatory expectations increase.
• Participate in the development, review, and lifecycle maintenance of OT security policies and standards to safeguard operational environments from unauthorized or accidental modification, shutdown, or operational disruption.

Requirements:

• A bachelor’s degree in computer science, automation, industrial engineering, information technology, or a related field.
• Certifications such as IEC 62443 Expert or Maintenance Specialist, CISSP, CISM, ISO 27001 Internal/Lead Auditor, or NIST CSF practitioner are preferred.
• Experience in implementing and managing information security programs or projects, including KRI creation and maintenance
• Minimum 2+ years of experience in OT cybersecurity, industrial automation security, compliance, governance, or risk management within manufacturing, energy, automotive, or critical infrastructure environments.
• Experience working with ICS/SCADA systems, operational risk assessments, or OT security compliance frameworks is highly desirable.
• Excellent communication, organizational, and problem‑solving skills.
• Proven ability to build strong relationships with Operations, Engineering, and Plant leadership stakeholders.
• Strong multitasking skills with the ability to support multiple simultaneous compliance initiatives.
• Ability to work collaboratively within cross‑functional teams, while maintaining professionalism, independence, and confidentiality.

#LI-AG