OT Cybersecurity Senior GRC Analyst

At Jacobs, we're challenging today to reinvent tomorrow by solving the world's most critical problems for thriving cities, resilient environments, mission-critical outcomes, operational advancement, scientific discovery and cutting-edge manufacturing, turning abstract ideas into realities that transform the world for good.

Your impact

At Jacobs, we're redefining how critical infrastructure is secured and governed in an increasingly connected world. We're looking for a Senior OT Cybersecurity Governance, Risk, and Compliance (GRC) Analyst with deep experience in industrial environments such as SCADA, DCS, and PLC systems. This is a strategic and client-facing role, shaping our broader OT cybersecurity initiatives and strengthening how risk and compliance are managed across global programs.

You'll lead and mature OT risk management and compliance initiatives aligned with frameworks such as NIST 800-82, ISA/IEC 62443, NIST CSF, ISO 27001, NERC CIP, and NIS 2. You'll drive governance models, compliance frameworks, and cross-program integration that connect Jacobs' technical excellence with operational security outcomes.

As a senior member of our cyber team, you'll bring demonstrated success in leading audit readiness, control maturity assessments, and risk-based governance for industrial systems. You'll bridge the gap between IT and OT, translating compliance strategy into actionable safeguards that protect critical operations and infrastructure. With strong executive presence and the ability to align stakeholders across engineering, IT, and leadership, you'll play a central role in Jacobs' mission to define the industry standard in OT cybersecurity and lead the market in resilience and trust.

Core Competencies

• OT/ICS Security Governance & Risk Management
• Compliance Frameworks NIST 800-82, ISA/IEC 62443, NIST CSF, ISO 27001, NERC CIP, NIS 2
• Risk Assessment & Control Validation (IT and OT)
• Audit Readiness & Evidence Management
• Vendor and Supply Chain Risk Oversight
• Compliance Metrics & Reporting (KRI/KPI)
• OT Vulnerability and Configuration Management
• Cybersecurity Awareness & Training Leadership

Job Responsibilities

• Lead and mature the OT cybersecurity risk management program, ensuring compliance with NIST 800-82, ISA/IEC 62443, and corporate governance policies
• Perform control design and effectiveness reviews for industrial environments (SCADA, DCS, PLC systems), identifying compliance gaps and risk mitigation strategies
• Coordinate internal and external audits, ensuring evidence collection, control mapping, and timely remediation of findings
• Develop and maintain cybersecurity policies, standards, and control frameworks tailored to OT operations
• Serve as a liaison between engineering, IT, and compliance teams, ensuring security controls align with operational safety and availability goals
• Manage vendor security assessments for OT asset owners, integrators, and managed service providers
• Monitor and report cybersecurity compliance metrics and risk dashboards to leadership, supporting continuous improvement initiatives
• Conduct enterprise-wide risk and control assessments for IT and OT environments, using frameworks such as NIST CSF, ISO 27001, and NERC CIP
• Author and maintain information security policies, risk registers, and control matrices

Here's what you'll need

Experience & Education

• 5+ years of experience in cybersecurity GRC practice area
• Bachelors Degree in cybersecurity, engineering, or related field preferred(sufficient years of experience may be used in lieu of degree)

Relevant Certifications

• Global Industrial Cyber Security Professional (GICSP) – GIAC
• Certified Information Systems Security Professional (CISSP) – (ISC)²
• Certified Information Security Manager (CISM) – ISACA
• Certified Information Systems Auditor (CISA) – ISACA
• ISO 27001 Lead Implementer or Auditor
• CompTIA Security+ or CySA+ (as foundational credentials)

Technical Proficiencies

• Frameworks NIST CSF, NIST 800-53, NIST 800-82, ISA/IEC 62443, ISO 27001, NERC CIP, NIS 2
• Tools , Nessus, Splunk, Wireshark, Tripwire, Archer GRC, ServiceNow GRC, Power BI (for reporting)
• Systems SCADA, DCS, PLC (Rockwell, Siemens, Schneider), HMI, Historian Servers
• Security Processes Risk Assessments, Vulnerability Management, Control Testing, Audit Coordination
• Networking & Protocols Modbus, DNP3, OPC UA, VLANs, Firewalls, VPNs

We offer

• Rewarding employment Full-time employment with a salary that matches your qualifications.
• Hybrid work model Enjoy the flexibility of working from home, with just several office days per month.
• Flexible hours Start your day anytime between 730 and 1000 AM.
• Comprehensive benefits Including Lux Med medical care, psychological support, life insurance, My Benefit cafeteria system, Multisport card co-financing, and a car/bike park sharing system.
• Co-financed holidays Enjoy "Wczasy pod Gruszą" for a well-deserved break.
• Global projects Engage in exciting international projects.
• Inclusive networks Join our diverse employee networks like Women's Network, OneWorld, PRISM, Careers Network, Green Team, SpeakUp, Collectively, and more.
• Continuous learning Participate in our Graduate Development Program, Learners' Community, and self-learning platforms.
• Language courses Enhance your skills with courses in English, German, and Polish.

We know that if we are inclusive, we're more connected, and if we are diverse, we're more creative. We accept people for who they are, regardless of age, disabilities, gender identity, gender expression, marital status, mental health, race, faith or belief, sexual orientation, socioeconomic background, and whether you're pregnant or on family leave. Find out more about life at Jacobs. As a Disability Confident employer, we will interview all disabled applicants who meet the criteria for a vacancy. If you require further support or reasonable adjustments with regards to the recruitment process (for example, you require the application form in a different format), please contact the team

Your application experience is important to us, and we're keen to adapt to make every interaction even better. If you require further support or reasonable adjustments with regards to the recruitment process (for example, you require the application form in a different format), please contact the team via Careers Support.