Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead IT and OT security risk assessments and ensure robust cyber resilience.
- Company: Join a leading Oil & Gas Operator focused on digital security.
- Benefits: Competitive salary, career growth, and the chance to make a real impact.
- Why this job: Shape the future of security in a critical industry and work with cutting-edge technology.
- Qualifications: Experience in information security, risk assurance, and strong communication skills.
- Other info: Dynamic role with opportunities for professional development and strategic influence.
The predicted salary is between 48000 - 72000 ÂŁ per year.
Our Oil & Gas Operator client is currently recruiting for a pivotal role focused on embedding security across digital and operational technology (OT) environments, ensuring resilience against evolving cyber threats. The successful candidate will lead 2nd Line of Defence (LOD2) IT and Information Security risk assurance across IT and OT. Acting as a “Secure by Design” advisor, you will set assurance plans for critical assets, conduct risk assessments for new platforms and applications, advise on security architecture and OT standards, and drive supplier assurance in partnership with Procurement. You will track high‑risk deviations, oversee remediation plans, and provide clear, business‑focused risk reporting to senior stakeholders.
Key Responsibilities
- Risk Assessment & Secure by Design: Perform structured IT and information security risk assessments and threat modelling for new platforms, systems, applications, and material changes. Provide security architecture guidance (patterns and guardrails) aligned to recognised frameworks such as NIST CSF and ISO 27001. Define and agree proportionate control selection (prevent, detect, correct), including identity, data, and platform controls. Conduct IT control walkthroughs to validate design and operating effectiveness; document evidence and findings.
- LOD2 Assurance & Critical Assets: Own and deliver the LOD2 assurance plan, with specific focus on critical assets and safety‑related systems. Define assurance scopes, frequency, and performance metrics. Track high‑risk deviations and risk acceptances, drive remediation, and report residual risk to senior stakeholders and business risk owners.
- OT / ICs Security: Lead LOD2 assurance across OT sites against established OT security standards, determining assessment frequency aligned to risk appetite. Provide advisory support on OT security alignment, advocating segmentation, zoning, secure remote access, monitoring, and patching controls in line with ISA/IEC 62443 principles.
- Supplier & Third‑Party Assurance: Deliver supplier assurance activities in collaboration with Procurement, including pre‑contract due diligence, control reviews, and ongoing attestations. Partner with Legal to ensure contractual SLAs and KPIs embed security requirements, supporting remediation where gaps are identified.
- Reporting & Governance: Maintain risk registers, control libraries, and assurance test plans. Provide clear, executive‑ready reporting on issues and residual risk. Collaborate with 1st Line risk owners, Internal Audit (LOD3), and managed service providers to close control gaps and feed lessons learned into standards and patterns.
Skills & Experience
- Experience in information risk, security assurance, or IT audit within regulated, safety‑critical, or industrial environments (energy/oil & gas experience advantageous).
- Strong working knowledge of NIST CSF, ISO 27001, UK GDPR, and supplier assurance practices; familiarity with the UK CAF desirable.
- Proven experience leading compliance and assurance functions, Secure‑by‑Design reviews, and control testing (design and operating effectiveness).
- Solid understanding of OT/ICS risk, including exposure to SCADA and industrial control system interfaces.
- Excellent stakeholder management and communication skills, with the ability to present risk clearly and concisely to senior audiences.
- Familiarity with GRC/IRM platforms (e.g., ServiceNow) and common cloud environments such as M365 and Azure for workflow and evidence management.
Advantageous Certifications
- Governance & Audit: ISO 27001 Lead Auditor, CISM
- Architecture & Design: SABSA, CISSP
- OT / ICs: SANS GICSP, ISA/IEC 62443
This is an excellent opportunity to play a strategic role in strengthening enterprise‑wide security assurance across both IT and OT environments within a complex, safety‑critical setting.
Senior Infosec Advisor employer: Orion Group
Contact Detail:
Orion Group Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Infosec Advisor
✨Tip Number 1
Network like a pro! Attend industry events, webinars, or local meetups related to information security. It's all about making connections and getting your name out there. You never know who might have the inside scoop on job openings!
✨Tip Number 2
Show off your expertise! Create a personal blog or LinkedIn posts sharing insights on ISO 27001, risk assessments, or OT security. This not only showcases your knowledge but also positions you as a thought leader in the field.
✨Tip Number 3
Prepare for interviews by practising common questions related to information security and risk management. Use the STAR method (Situation, Task, Action, Result) to structure your answers. We want you to shine when discussing your experience with stakeholders!
✨Tip Number 4
Don't forget to apply through our website! It’s the best way to ensure your application gets noticed. Plus, we love seeing candidates who are proactive and engaged with our platform. Let's get you that Senior Infosec Advisor role!
We think you need these skills to ace Senior Infosec Advisor
Some tips for your application 🫡
Tailor Your CV: Make sure your CV speaks directly to the role of Senior Infosec Advisor. Highlight your experience with ISO 27001, risk assessments, and any relevant certifications. We want to see how your skills align with our needs!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how you can contribute to our mission. Be sure to mention specific experiences that relate to the job description.
Showcase Your Stakeholder Management Skills: Since this role involves communicating with senior stakeholders, make sure to highlight your experience in managing relationships and presenting complex information clearly. We love seeing examples of how you've done this in the past!
Apply Through Our Website: We encourage you to apply through our website for a smoother application process. It helps us keep track of your application and ensures you don’t miss out on any important updates from us!
How to prepare for a job interview at Orion Group
✨Know Your Frameworks
Make sure you’re well-versed in NIST CSF and ISO 27001. Brush up on how these frameworks apply to risk assessments and security architecture, as you'll likely be asked to discuss how you would implement them in real-world scenarios.
✨Prepare for Scenario Questions
Expect questions that ask you to walk through your approach to risk assessments or supplier assurance activities. Prepare specific examples from your past experience where you successfully identified risks and implemented controls, especially in safety-critical environments.
✨Showcase Your Stakeholder Management Skills
Since this role involves reporting to senior stakeholders, be ready to demonstrate your communication skills. Think of examples where you’ve effectively communicated complex security issues in a clear and concise manner to non-technical audiences.
✨Understand the Business Context
Research the company’s operations in the oil and gas sector. Understand their specific challenges regarding IT and OT security. This will help you tailor your responses and show that you can align security strategies with business objectives.