The Role
Our client, a QLD Government agency, is seeking an experienced Cybersecurity Business Analyst to join their team. This role involves evaluating, analysing, and enhancing cybersecurity practices within Operational Technology (OT) environments to align with industry standards and business objectives.
Key Responsibilities:
* Collaborate with OT, IT, and service providers to document current practices, technology configurations, and workflows.
* Conduct thorough cybersecurity assessments of OT assets, networks, and processes to identify vulnerabilities and risks.
* Analyse OT-specific cybersecurity risks in relation to regulatory requirements and industry standards (ISO 27001, ISM).
* Identify gaps between current OT security practices and desired security posture.
* Develop actionable recommendations to mitigate identified gaps.
* Work with cross-functional teams to refine OT cybersecurity policies, procedures, and guidelines.
* Ensure alignment between OT cybersecurity policies and broader organisational frameworks.
* Define a secure, scalable, and operationally efficient OT cybersecurity future state.
* Provide input on OT security projects, including scoping, prioritisation, and resource estimation.
* Document findings, analysis, and recommendations in detailed reports.
* Prepare regular status updates and reports for senior leadership.
Qualifications and Experience:
* Bachelor's degree in Cybersecurity, Information Technology, Engineering, or a related field.
* 3+ years of experience as a Cybersecurity Business Analyst, preferably in OT/industrial environments.
* Hands-on experience with OT cybersecurity practices.
* Preferred certifications include CISSP, CISM, ISA/IEC 62443, or similar.
Skills:
* Knowledge of cybersecurity standards relevant to OT (e.g., IEC 62443, NIST 800-82).
* Strong analytical, problem-solving, and critical-thinking abilities.
* Excellent communication and collaboration skills.