Operational Technology Security Analyst in Gourock

Every day, CalMac connects communities, supports island economies, and keeps people moving, safely and reliably. Behind every sailing is a complex network of operational technology, from vessel control systems to port infrastructure.

We’re looking for an Operational Technology Security Analyst to help protect the systems that keep our fleet and ports running. Our vessels, ports, and operational environments rely on secure, resilient OT systems. In this role, you’ll be at the frontline of safeguarding critical infrastructure, protecting everything from SCADA and control systems to industrial networks, ensuring CalMac can operate safely in an increasingly complex cyber threat landscape. Your work won’t just protect systems; it will support safe journeys for 5 million passengers every year.

We offer flexibility on location, with the successful candidate able to be based anywhere across the CalMac network. You’ll work on a hybrid basis from one of our port locations, with travel to our Gourock headquarters as required.

What you’ll be doing

• Secure critical OT systems – monitoring alerts, investigating threats, and strengthening system resilience
• Identify and manage risk – conducting vulnerability and risk assessments across vessels and port environments
• Own OT asset security posture – tracking assets and ensuring visibility, compliance, and protection
• Support secure design and architecture – helping shape robust OT network environments (segmentation, firewalls, DMZs)
• Respond to incidents and emerging threats – analysing attack trends and safeguarding systems against evolving risks
• Lead assurance activities – participate in audits, penetration testing, and incident simulations
• Collaborate across teams – working closely with engineering, IT, vessel crews, and third-party suppliers
• Drive awareness and improvement – championing OT cyber hygiene and continuous improvement in security practices
• Get hands-on on-site – visiting vessels and ports to support security in live, operational environments

What you’ll bring

• Experience in OT cybersecurity within industrial or critical infrastructure environments
• Strong understanding of ICS/SCADA, PLCs, RTUs, and industrial networking
• Knowledge of industrial protocols (e.g. Modbus, DNP3)
• Familiarity with frameworks such as NIST, IEC 62443, ISO 27001, and NCSC CAF
• Experience with OT monitoring tools, asset discovery, and vulnerability management
• Understanding of IT/OT convergence and associated risks
• Ability to analyse threats, respond to incidents, and improve security maturity
• Strong communication skills to engage a wide range of stakeholders, from engineers to senior leaders
• A degree in Cybersecurity, Engineering or a related discipline is beneficial, but your experience and mindset matter most.

Why join CalMac?

This is an exciting time of positive change for CalMac! As one of Scotland’s biggest employers and being awarded a 10-year CHFS3 contract, we have long-term stability and investment to continue to deliver essential services to Scotland’s communities. With an excellent salary package, this is also an opportunity to join a business that is modernising, evolving and investing in its future and where you can make a visible, lasting impact in a role with real autonomy and authority.

Package

We offer a competitive salary, very generous pension as well as agile /Hybrid Working and 37 days annual leave (pro-rata) including bank and public holidays. You will also benefit from our staff travel pass for yourself, spouse/partner, and dependents and a great working environment.

So, what are you waiting for? Apply today! We may close this vacancy to external applicants before the closing date should we receive the required quality and quantity of applications. No agencies please.