Principal ot cybersecurity consultant assurance and compliance

Overview RINA is recruiting for a Principal OT Cybersecurity Consultant Assurance and Compliance to join its office in GENOA or ROME within the Operating Engine Division. Mission The Principal Cybersecurity Consultant Assurance and Compliance is responsible for ensuring the security, compliance, and long‑term resilience of complex IT and Operational Technology (OT) environments, with a strong focus on industrial automation, critical infrastructures, and transportation systems. The role provides expert guidance on cybersecurity governance, risk management, and technical assurance, supporting organizations in designing, assessing, and continuously improving integrated cybersecurity frameworks aligned with international regulations and standards (e.g. CRA, NIS2, IEC 62443, ISO 27001, EN 50701, NIST). Acting as a trusted advisor to senior stakeholders, clients, and regulators, the role drives informed decision‑making on cybersecurity risks, ensures robust protection of safety‑critical and mission‑critical systems, and promotes cybersecurity‑by‑design principles throughout the entire system lifecycle. Key Accountabilities Cybersecurity Governance, Risk Management & Compliance: Define, implement, and continuously evolve integrated cybersecurity governance and risk management frameworks for complex IT and OT environments. Lead comprehensive cybersecurity risk assessments, identifying threats, vulnerabilities, and systemic weaknesses across industrial automation plants, subsystems, and onboard/transportation systems. Define mitigation strategies that balance cybersecurity, safety, operational continuity, and regulatory compliance. Ensure continuous alignment with applicable international regulations and standards, including CRA, NIS2, IEC 62443, ISO 27001, EN 50701, and NIST frameworks. Technical Assurance & Security Evaluation Lead and oversee advanced technical assurance activities for complex and safety‑critical IT/OT systems. Supervise and validate configuration reviews, vulnerability assessments, and security evaluations in mixed IT/OT environments. Assess system conformance against international assurance and security standards (e.g. ISO 27001, ISO/IEC 15408, NIST SP 800 series). Prepare and approve high‑quality technical documentation, including security assessment reports, evaluation evidence, test descriptions, and test procedures, ensuring accuracy and defensibility of conclusions. Provide authoritative recommendations to improve system security posture and resilience. Operational Technology & Critical Infrastructure Security Act as subject matter expert for cybersecurity of industrial and critical infrastructure systems, including SCADA, PLCs, industrial control systems, industrial networks, and transportation/onboard platforms. Design, assess, and validate OT network architectures based on the Purdue Model and Zone & Conduit concepts. Support the implementation of network segmentation, system hardening, monitoring, and defense‑in‑depth measures in line with IEC 62443 and EN 50701 principles. Promote and apply cybersecurity‑by‑design and secure‑by‑default approaches throughout the entire system lifecycle, ensuring long‑term reliability and compliance of safety‑critical systems. Audit, Certification & Regulatory Interaction Plan, lead, and validate internal and external cybersecurity audits to assess compliance readiness for certifications such as ISO 27001, IEC 62443, EN 50701, and CMMC. Act as senior technical interface with certification bodies, auditors, and regulatory authorities. Support organizations in certification processes and in maintaining continuous improvement of cybersecurity management systems over time. Stakeholder Engagement, Advisory & Capability Development Act as a trusted cybersecurity advisor for customers and internal stakeholders on complex or high‑risk cybersecurity topics. Collaborate with multidisciplinary teams to embed cybersecurity, governance, and compliance requirements into engineering, operational, and business processes. Provide technical leadership, mentoring, and guidance to cybersecurity consultants and specialists. Deliver advanced training sessions, awareness initiatives, and technical workshops covering IT, OT, governance, and compliance best practices. Education Bachelor’s Degree in Computer Engineering or Cyber Security Master’s Degree in Computer Engineering or Cyber Security Qualifications 12–15+ years of experience in cybersecurity assurance, risk management, and compliance across IT and OT environments. Strong hands‑on background in industrial and OT systems at plant and subsystem level. Proven experience leading complex risk assessments, audits, and assurance activities for critical infrastructures. Deep understanding of international cybersecurity standards, regulations, and frameworks, including CRA, NIS2, ISO/IEC 27001, IEC 62443, EN 50701 and NIST standards and guidelines. Strong understanding of industrial networking principles, Purdue Model, Zone & Conduit architecture. Familiarity with operating system security (Windows, Linux). Excellent analytical, decision‑making, and communication skills. Competencies DOMAIN & BUSINESS ACUMEN - Applying a scientific approach and critical thinking in operations and solution development within area of expertise. FORESIGHT & INSIGHT - Context awareness adopting a systemic perspective and informed decision making. INTERPERSONAL INFLUENCE - Skills and strategies we use to interact effectively with others. PERSONAL EMPOWERMENT - Ownership for life, work and results, striving to grow professionally and personally. WORKPLACE DYNAMICS - Resourcefulness in shaping progress and working efficiently. RINA is a multinational company providing a wide range of services in the energy, marine, certification, infrastructure & mobility, industry, research & development sectors. Our business model covers the full process of project development, from concept to completion. At RINA, we endeavor to create a work environment where every single person is valued and encouraged to develop new ideas. We provide equal employment opportunities and are committed to creating a workplace where everyone feels respected and safe from discrimination or harassment of any kind. We are also compliant to the Italian Law n. 68/99. #J-18808-Ljbffr