Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Conduct OT cyber risk assessments and manage risks across operational environments.
- Company: Join a leading organisation delivering Critical National Infrastructure services.
- Benefits: Hybrid work model, competitive pay, and opportunities for professional growth.
- Why this job: Make a real impact on cyber resilience in a dynamic and critical sector.
- Qualifications: 3-5 years in cyber security risk with knowledge of OT/ICS environments.
- Other info: Collaborative culture with strong emphasis on compliance and safety.
The predicted salary is between 36000 - 60000 £ per year.
We are working with a large, regulated organisation delivering Critical National Infrastructure (CNI) services. Operating across complex IT and OT environments, the organisation places strong emphasis on cyber resilience, regulatory compliance, and effective OT risk management.
They are seeking an OT Risk Analyst to support their Governance, Risk & Compliance (GRC) function. This is a hands-on delivery role focused on identifying, assessing, and managing OT cyber risks across operational environments, ensuring risks are understood, proportionately treated, and accurately reported.
The role reports into the Information Security Manager and works closely with OT engineering, IT security teams, risk owners, and third-party suppliers to ensure operational cyber risks are visible, controlled, and aligned to business and safety priorities.
What you’ll be doing:
- Deliver qualitative and quantitative OT cyber risk assessments using recognised risk management approaches.
- Identify, assess, document, and monitor OT and ICS security risks across enterprise and operational environments.
- Maintain accurate and up-to-date risk registers, including risk treatment plans, control profiles, and supporting evidence.
- Work with OT stakeholders (engineering, operations, maintenance) to understand asset criticality, safety impacts, and operational constraints.
- Support the wider GRC function by gathering OT risk-related data and contributing to mitigation planning, reporting, and governance forums.
- Support supply chain and third-party OT cyber risk assessments, working with assurance teams to assess vendor connectivity, remote access, and managed service risks.
- Contribute to the development of OT risk quantification capability, translating technical risk into business impact (including safety, availability, regulatory exposure, and financial outcomes).
- Support compliance with internal controls and external regulatory and legislative requirements (including those relevant to CNI and OT environments).
What you’ll bring:
- 3–5 years’ experience in cyber / information security risk, with demonstrable exposure to OT/ICS environments.
- Strong understanding of risk frameworks such as ISO 27005, OCTAVE, FAIR/FAST.
- Exposure to OT and regulatory standards/frameworks such as IEC 62443, NIS / CAF (or NIS-D CAF), NIST Cybersecurity Framework & ISO 27001.
- Hands-on experience conducting risk assessments and supporting ongoing risk management (registers, treatments, reporting).
- Strong stakeholder skills, able to engage technical and non-technical teams across IT, OT, and the wider business.
IT/OT Risk Contractor in City of London employer: Bestman Solutions
Contact Detail:
Bestman Solutions Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land IT/OT Risk Contractor in City of London
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend relevant meetups or webinars, and don’t be shy about asking for informational interviews. The more connections we make, the better our chances of landing that OT Risk Analyst gig.
✨Tip Number 2
Show off your skills! Prepare a portfolio or case studies that highlight your experience with risk assessments and management in OT environments. We want to demonstrate how we can add value to the team right from the get-go.
✨Tip Number 3
Practice makes perfect! Get comfortable with common interview questions related to cyber resilience and risk management. We should also be ready to discuss specific frameworks like ISO 27005 or NIST, as they might come up during the chat.
✨Tip Number 4
Apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we often have insider tips and updates on new roles that could be a perfect fit for us.
We think you need these skills to ace IT/OT Risk Contractor in City of London
Some tips for your application 🫡
Tailor Your CV: Make sure your CV speaks directly to the job description. Highlight your experience in cyber and information security risk, especially in OT/ICS environments. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about OT risk management and how your background makes you a perfect fit for our team. Keep it engaging and relevant to the role.
Showcase Your Skills: Don’t just list your skills; demonstrate them! Provide examples of how you've conducted risk assessments or managed risk registers in previous roles. We love seeing real-world applications of your expertise.
Apply Through Our Website: We encourage you to apply through our website for a smoother process. It helps us keep track of your application and ensures you don’t miss any important updates from us. Plus, it’s super easy!
How to prepare for a job interview at Bestman Solutions
✨Know Your Risk Frameworks
Make sure you brush up on key risk frameworks like ISO 27005 and IEC 62443 before the interview. Being able to discuss these frameworks confidently will show that you understand the foundations of OT risk management and can apply them in real-world scenarios.
✨Prepare for Technical Questions
Expect some technical questions related to cyber security and OT environments. Review your past experiences with risk assessments and be ready to share specific examples of how you've identified and managed risks in previous roles. This will demonstrate your hands-on experience.
✨Engage with Stakeholders
Since this role involves working closely with various teams, think about how you can showcase your stakeholder engagement skills. Prepare examples of how you've successfully collaborated with both technical and non-technical teams to achieve common goals in risk management.
✨Understand the Business Impact
Be prepared to discuss how technical risks translate into business impacts, including safety and financial outcomes. Showing that you can connect the dots between risk management and business priorities will set you apart as a candidate who understands the bigger picture.
