Job Description

The Information Security Officer (ISO) drives and embeds Rotork’s information security strategy across IT and OT, ensuring the confidentiality, integrity, and availability of data and systems. The role leads governance, risk, and compliance (GRC); defines and maintains security policies and controls; supports secure-by-design engineering; and coordinates risk remediation in partnership with Technology, Engineering, and Operations.

Key Responsibilities

Governance, Risk & Compliance (GRC)

• Own and evolve the information security policy framework, standards, and baselines aligned to ISO/IEC 27001, NIST CSF, and relevant IEC 62443 controls for OT.
• Operate the Information Security Management System (ISMS): scope management, control selection, risk treatment plans, Statement of Applicability, internal audits, and management reviews.
• Maintain Rotork’s Cyber and Information Security risk register and conduct regular assessments (IT and OT), providing clear risk narratives, impact analyses, and remediation plans.
• Lead third‑party/security due diligence and contract language (SLAs, DPAs, security schedules), including supplier onboarding, continuous monitoring, and exit controls.

Security Architecture & Engineering

• Define security requirements and patterns for cloud, on‑prem, network, and endpoint—including identity, privileged access, segmentation, and encryption.
• Partner with Enterprise Architecture and Engineering to embed secure-by-design and privacy-by-design across projects, with formal design reviews and sign‑off gates.

Operations & Incident Readiness

• Collaborate with SOC/IR teams to refine use cases, playbooks, and detections; ensure control effectiveness through KPIs/KRIs and continuous assurance.
• Drive vulnerability and patch governance - prioritization, SLA management, compensating controls - and track remediation to closure.

Awareness & Stakeholder Engagement

• Lead security awareness and targeted training (e.g., phishing, secure coding, OT cyber hygiene, supplier security).
• Provide clear, business‑friendly reporting and metrics to leadership - risk posture, control maturity, audit findings, and improvement roadmap.

AI Governance & Security

• Monitor compliance with emerging AI regulations and standards, including EU AI Act, UK AI principles, and ISO/IEC 42001 for AI Management Systems.
• Assess risks associated with AI-enabled systems, including adversarial attacks, data poisoning, and model integrity.
• Collaborate with internal teams to embed security and privacy-by-design in AI models and algorithms.

Cyber Essentials & IASME Cyber Assurance

• Support Rotork’s Cyber Essentials Plus and IASME Cyber Assurance accreditation programs, ensuring all technical and procedural controls meet certification requirements.
• Maintain evidence packs, liaise with external assessors, and coordinate internal teams for successful audits and renewals.

Qualifications

• Degree in Computer Science, Information Security, Engineering, or a related field; or equivalent experience.
• At least one of the following professional certifications (or commitment to obtain within 12 months):
  • CISSP or CISM (core)
  • ISO/IEC 27001 Lead Implementer or Lead Auditor
  • CCSP (cloud) or CRISC (risk)
  • CompTIA Security+
  • IEC 62443 certificate(s) (desirable for OT)

Experience

• 5+ years in information/cybersecurity roles, with demonstrable GRC ownership and risk management in complex, multi‑site environments.
• Hands‑on experience implementing and operating ISO 27001 and/or NIST CSF frameworks, including audits and certification cycles.
• Practical exposure to industrial/OT security (IEC 62443 concepts, ICS/SCADA risk, segmentation, asset management) strongly preferred.
• Proven track record of leading remediation across vulnerability management, identity & access management, network security, and cloud security (Azure/AWS).
• Vendor and third‑party risk management, including contract negotiation and continuous monitoring.
• Incident response participation (playbooks, table‑tops, forensics coordination, lessons learned).

Additional Information

Rotork is the market-leading global flow control and instrumentation company, helping our customers manage the flow of liquids, gases and powders across many industries worldwide.

Our purpose is Keeping the World Flowing for Future Generations.

For over sixty years, the world has relied on us to create the things that keep everything moving. From oil and gas to water and shipping, pharmaceuticals and food- these are the flows on which our modern world depends.

Today we're respected and admired for our people, performance and products. Our success flows from our commitment to engineering excellence, and that's what we will always pursue, safely and sustainably.

Rotork is going through an exciting period of change and growth, building on our existing market success. It's a great time to join us and make an impact in shaping the future of our business.