Senior IT Data Security & OT Risk Engineer

We're transforming one of the world’s oldest industries with cutting-edge technology and an innovative approach. Backed by top-tier investors and recognized by Time as one of the "best Inventions of 2024" and Fast Company as one of 2024's "Next Big Things in Tech", Electra is scaling rapidly and we're looking for bold, driven individuals to help us reshape the future of iron production. If you're ready to make a real impact in a company that's redefining heavy industry for a cleaner, smarter world, we want to hear from you.

The Senior IT Data Security & OT Risk Engineer is a senior-level individual contributor responsible for safeguarding Electra’s information and operational technology assets worldwide. This role leads security engineering initiatives, risk management programs, and compliance adoption across IT and OT environments.

Beyond technical execution, this position also plays a critical role in the development of IT security policies, standards, and guidelines in partnership with leadership. Acting as a subject matter expert, the engineer helps shape Electra’s security strategy, ensuring policies are practical, compliant with international regulations, and aligned with business objectives.

Responsibilities include:

• Lead the design, implementation, and governance of IT/OT security frameworks across enterprise and industrial systems

• Collaborate with the Director of IT and leadership team to develop, update, and enforce IT security policies, standards, and procedures

• Ensure that policies align with NIST CSF 2.0, ISO/IEC 27001, IEC 62443, and global regulatory frameworks (e.g., GDPR, NIS Directive, CCPA)

• Partner with the Staff Network Administrator to embed policy-driven controls into network segmentation, access, and firewall strategies

• Conduct risk assessments, threat modeling, and penetration testing, translating findings into updated policy and governance requirements

• Develop incident response and escalation policies; ensure playbooks are current and aligned with business continuity goals

• Monitor compliance with policies across global teams; recommend corrective actions when gaps are identified

• Mentor IT staff on both technical and governance aspects of data security and risk

• Communicate policy changes and risk posture updates to leadership, ensuring executive alignment and informed decision-making

• Stay current with emerging threats, regulations, and industry standards; proactively recommend policy adjustments to maintain Electra’s resilience

What we need you to bring to the team:

• Bachelor’s degree in Cybersecurity, Computer Science, or related field

• Professional certifications such as CISSP, CISM, CISA, CCSP, or IEC 62443 are strongly preferred

• 8+ years of experience in IT security with at least 3 years in OT or ICS environments (excluding internships, co-ops, and other school projects)

• Proven experience developing and implementing security policies, governance frameworks, and risk management strategies in collaboration with IT leadership

• Expertise in ISO 27001, NIST CSF, IEC 62443, and regulatory compliance requirements, including GDPR, NIS Directive, and SOC 2

• Strong technical background with hands-on expertise in SIEM, EDR, IAM, DLP, firewalls, IDS/IPS, and cloud security platforms

• Ability to translate complex risk findings into actionable policies and standards understood by both technical and business stakeholders

• Excellent communication, collaboration, and influence skills with the ability to work closely with senior leadership and cross-functional teams

• Applies advanced professional knowledge, business acumen, and company objectives to develop and resolve complex technical and governance challenges

• Provides creative and effective solutions to highly complex issues requiring in-depth evaluation of multiple variables

• Directs the application of established security principles while guiding the development of new policies, standards, and practices

• Understands interrelationships across disciplines and works effectively on complex, cross-functional initiatives

• Exercises judgment in selecting and adapting methods, techniques, and evaluation criteria to achieve departmental and organizational objectives

• Builds and maintains networks with key contacts outside of direct expertise and leverages influence across the business

• Adapts communication style and uses persuasion to deliver messages that align with enterprise-wide security and business goals

• Frequently advises others on complex cybersecurity and governance matters and may lead teams accountable for delivering tactical business targets

• What we want you to bring to the team:

• 
  

• Bachelor’s degree in Cybersecurity, Computer Science, or related field

• 10+ years of experience in IT security with at least 3 years in OT or ICS environments

• Experience in international manufacturing or energy sectors with multi-country compliance requirements

• Familiarity with Microsoft security stack, including Sentinel, Defender, Entra, and Purview

• Exposure to policy-driven OT risk governance and industrial cybersecurity maturity models

• Ability to work on significant and unique issues requiring evaluation of complex or intangible factors

• Strong conceptual thinking skills to understand advanced issues and implications in cybersecurity and compliance

• Exercises independent judgment in determining methods, techniques, and evaluation criteria to achieve results

• Accountable for results that may impact the entire IT security function and business operations