Senior IT Data Security & OT Risk Engineer

Who we are:

Were transforming one of the worlds oldest industries with cutting-edge technology and an innovative approach. Backed by top-tier investors and recognized by Time as one of the best Inventions of 2024 and Fast Company as one of 2024s Next Big Things in Tech Electra is scaling rapidly and were looking for bold driven individuals to help us reshape the future of iron production. If youre ready to make a real impact in a company thats redefining heavy industry for a cleaner smarter world we want to hear from you.

What you will do:

The Senior IT Data Security & OT Risk Engineer is a senior-level individual contributor responsible for safeguarding Electras information and operational technology assets worldwide. This role leads security engineering initiatives risk management programs and compliance adoption across IT and OT environments.

Beyond technical execution this position also plays a critical role in the development of IT security policies standards and guidelines in partnership with leadership. Acting as a subject matter expert the engineer helps shape Electras security strategy ensuring policies are practical compliant with international regulations and aligned with business objectives.

Responsibilities include:

• Lead the design implementation and governance of IT/OT security frameworks across enterprise and industrial systems
• Collaborate with the Director of IT and leadership team to develop update and enforce IT security policies standards and procedures
• Ensure that policies align with NIST CSF 2.0 ISO/IEC 27001 IEC 62443 and global regulatory frameworks (e.g. GDPR NIS Directive CCPA)
• Partner with the Staff Network Administrator to embed policy-driven controls into network segmentation access and firewall strategies
• Conduct risk assessments threat modeling and penetration testing translating findings into updated policy and governance requirements
• Develop incident response and escalation policies; ensure playbooks are current and aligned with business continuity goals
• Monitor compliance with policies across global teams; recommend corrective actions when gaps are identified
• Mentor IT staff on both technical and governance aspects of data security and risk
• Communicate policy changes and risk posture updates to leadership ensuring executive alignment and informed decision-making
• Stay current with emerging threats regulations and industry standards; proactively recommend policy adjustments to maintain Electras resilience

What we need you to bring to the team:

• Bachelors degree in Cybersecurity Computer Science or related field
• Professional certifications such as CISSP CISM CISA CCSP or IEC 62443 are strongly preferred
• 8 years of experience in IT security with at least 3 years in OT or ICS environments (excluding internships co-ops and other school projects)
• Proven experience developing and implementing security policies governance frameworks and risk management strategies in collaboration with IT leadership
• Expertise in ISO 27001 NIST CSF IEC 62443 and regulatory compliance requirements including GDPR NIS Directive and SOC 2
• Strong technical background with hands-on expertise in SIEM EDR IAM DLP firewalls IDS/IPS and cloud security platforms
• Ability to translate complex risk findings into actionable policies and standards understood by both technical and business stakeholders
• Excellent communication collaboration and influence skills with the ability to work closely with senior leadership and cross-functional teams
• Applies advanced professional knowledge business acumen and company objectives to develop and resolve complex technical and governance challenges
• Provides creative and effective solutions to highly complex issues requiring in-depth evaluation of multiple variables
• Directs the application of established security principles while guiding the development of new policies standards and practices
• Understands interrelationships across disciplines and works effectively on complex cross-functional initiatives
• Exercises judgment in selecting and adapting methods techniques and evaluation criteria to achieve departmental and organizational objectives
• Builds and maintains networks with key contacts outside of direct expertise and leverages influence across the business
• Adapts communication style and uses persuasion to deliver messages that align with enterprise-wide security and business goals
• Frequently advises others on complex cybersecurity and governance matters and may lead teams accountable for delivering tactical business targets