Senior InfoSec Advisor (IRM Manager)

Aberdeen

3 months ago

Applications closed

Related Jobs

View all jobs

Information Security Manager

Senior Information & Cyber Security Consultant

Senior AI Automation Engineer

Head of Information Security

SOC Threat Detection Analyst

Senior Architect

We have a current opportunity for a Senior InfoSec Advisor (IRM Manager) on a 12 month PAYE contract basis. The position will be based in Aberdeen and will have a 3/2 hybrid working pattern

Key ResponsibilitiesRisk Assessment & Secure by Design

Perform structured IT and information security risk assessments and threat modelling for new IT platforms, systems, and applications and for material changes.
Provide security architecture advice (patterns, guardrails) aligned to NIST CSF / ISO 27001 and company standards.
Define and agree control selection (prevent/detect/correct) proportionate to risk, including identity, data and platform controls.
Conduct IT control walkthroughs to validate design and operating effectiveness; document evidence and issues.LOD2 Assurance & Critical Assets

Own the LOD2 assurance plan with specific focus on critical assets and safety-related systems; define test scopes, frequency and metrics.
Track high-risk deviations and risk acceptances; drive remediation and report residual risk to the CISO, CIO and business risk owners.OT / ICS Security

Own the LOD2 assurance plan across OT sites against the OT security standard, deciding the order and frequency of assessments aligned to risk and risk appetite.
Provide OT security advisory in relation to OT security standards alignment across all OT sites, advocating for segmentation, zoning, secure remote access, security monitoring and patching controls in line with ISA/IEC 62443.Supplier & Third-Party Assurance (with Procurement)

Run supplier assurance in collaboration Procurement including, pre contract due diligence, control reviews, and ongoing attestation for Suppliers and Third Parties.
Collaborate with Legal to ensure that contractual SLAs/KPIs include security requirements and be involved in remediation where gaps exist.Reporting & Governance

Maintain risk registers, control libraries and test plans; provide CIO-ready reporting on issues and residual risk.
Coordinate with the Business and 1st Line risk owners, as well as with the Assurance parties such as Internal Audit (LOD3) and the major IT and SOC managed service providers to close control gaps, and feed lessons learnt into standards and patterns.Role Dimensions
Organisation-wide information security remit across corporate IT and OT; frequent engagement with IT Operations, OT Engineering, HSSE, Finance, Procurement and Legal.
Direct influence on risk mitigation options and plans, acting as a trusted advisor.
Mix of advisory, oversight and hands-on walkthroughs; pragmatic, proportionate risk approach.Role Requirements
7+ years in information risk, security assurance or IT audit within regulated, safety-critical or industrial environments (energy/oil & gas preferred).
Strong knowledge of NIST CSF, ISO 27001, UK GDPR and supplier assurance practices; familiarity with the UK CAF is desirable.
Proven experience running compliance and assurance functions, Secure-by-Design reviews, and control testing (for design & operating effectiveness).
Solid grasp of OT/ICS risk and understanding of SCADA/PI/EC interfaces.
Skilled at stakeholder management and risk communication to senior audiences (clear, concise, business-outcome focused).
Tooling familiarity: GRC/IRM platforms (e.g., ServiceNow), and common cloud services (M365/Azure) for workflows and evidence capture.
Advantageous Certifications:
Governance & Audit: ISO 27001 Lead Auditor, CISM
Architecture & Design: SABSA, CISSP
OT/ICS: SANS GICSP, ISA/IEC 62443

Our role in supporting diversity and inclusion
As an international workforce business, we are committed to sourcing personnel that reflects the diversity and values of our client base but also that of Orion Group. We welcome the wide range of experiences and viewpoints that potential workers bring to our business and our clients, including those based on nationality, gender, culture, educational and professional backgrounds, race, ethnicity, sexual orientation, gender identity and expression, disability, and age differences, job classification and religion. In our inclusive workplace, regardless of your employment status as staff or contract, everyone is assured the right of equitable, fair and respectful treatment

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Feb 9, 2026

Careers

How Many Cyber Security Tools Do You Need to Know to Get a Cyber Security Job?

If you are trying to build or move forward in a cyber security career, it can feel like the list of tools you are expected to know never ends. One job advert asks for SIEM platforms, another mentions penetration testing tools, another lists cloud security, threat intelligence platforms, endpoint detection, scripting languages and compliance frameworks. Scroll LinkedIn and it gets worse. Everyone seems to “know” dozens of tools, certifications and platforms. Here is the reality most cyber security hiring managers agree on: they are not hiring you because you know every tool. They are hiring you because you understand risk, can think like an attacker and a defender, follow process, communicate clearly and make good decisions under pressure. Tools matter — but only when they support those outcomes. So how many cyber security tools do you actually need to know to get a job? For most job seekers, the answer is far fewer than you think. This article explains what employers really expect, which tools are essential, which are role-specific and how to focus your learning so you look credible, not overwhelmed.

Feb 3, 2026

Jobs

What Hiring Managers Look for First in Cyber Security Job Applications (UK Guide)

If you want to stand out in the highly competitive world of cyber security job applications, you need to understand what hiring managers look for before they even finish reading a CV. Cyber security hiring managers scan applications quickly and with specific priorities in mind. They assess not just your technical ability, but your judgement, professionalism, clarity, risk awareness and evidence of impact. This guide explains what hiring managers look for first in cyber security applications across roles like Security Analyst, Security Engineer, Penetration Tester, Incident Responder, Security Architect, Governance Risk and Compliance specialists and Cloud Security positions. Use this as a practical, step-by-step checklist to sharpen your CV, LinkedIn profile, cover letter and portfolio before you apply on www.cybersecurityjobs.tech .

Jan 23, 2026

Education

The Skills Gap in Cyber Security Jobs: What Universities Aren’t Teaching

Cyber security has become one of the most critical disciplines in the modern economy. From protecting financial systems and healthcare data to securing national infrastructure, cloud platforms and supply chains, cyber security professionals now sit at the frontline of digital trust. Demand for cyber security talent in the UK has surged. Job vacancies remain high, salaries continue to rise, and organisations across every sector report difficulty hiring skilled professionals. Yet despite this demand, many graduates struggle to break into cyber security roles and employers consistently report that candidates are not job-ready. The problem is not intelligence, ambition or academic effort. It is a persistent and widening skills gap between university education and real-world cyber security work. This article explores that gap in depth: what universities teach well, what they routinely miss, why the gap exists, what employers actually want, and how jobseekers can bridge the divide to build sustainable careers in cyber security.