Rotork · 17 hours ago
Information Security Officer
Rochester, NY
Full-time
Hybrid
Senior Level
$95K/yr - $110K/yr
5+ years expRotork is a market-leading global flow control and instrumentation company, and they are seeking an Information Security Officer to drive and embed their information security strategy across IT and OT. This role involves leading governance, risk, and compliance initiatives, maintaining security policies, and coordinating risk remediation efforts in collaboration with various teams.
Mechanical Or Industrial Engineering
Hiring Manager
Zachary Shipley
Responsibilities
Own and evolve the information security policy framework, standards, and baselines aligned to ISO/IEC 27001, NIST CSF, and relevant IEC 62443 controls for OT
Operate the Information Security Management System (ISMS): scope management, control selection, risk treatment plans, Statement of Applicability, internal audits, and management reviews
Maintain Rotork’s Cyber and Information Security risk register and conduct regular assessments (IT and OT), providing clear risk narratives, impact analyses, and remediation plans
Lead third‑party/security due diligence and contract language (SLAs, DPAs, security schedules), including supplier onboarding, continuous monitoring, and exit controls
Define security requirements and patterns for cloud, on‑prem, network, and endpoint—including identity, privileged access, segmentation, and encryption
Partner with Enterprise Architecture and Engineering to embed secure-by-design and privacy-by-design across projects, with formal design reviews and sign‑off gates
Collaborate with SOC/IR teams to refine use cases, playbooks, and detections; ensure control effectiveness through KPIs/KRIs and continuous assurance
Drive vulnerability and patch governance - prioritization, SLA management, compensating controls - and track remediation to closure
Lead security awareness and targeted training (e.g., phishing, secure coding, OT cyber hygiene, supplier security)
Provide clear, business‑friendly reporting and metrics to leadership - risk posture, control maturity, audit findings, and improvement roadmap
Monitor compliance with emerging AI regulations and standards, including EU AI Act, UK AI principles, and ISO/IEC 42001 for AI Management Systems
Assess risks associated with AI-enabled systems, including adversarial attacks, data poisoning, and model integrity
Collaborate with internal teams to embed security and privacy-by-design in AI models and algorithms
Support Rotork’s Cyber Essentials Plus and IASME Cyber Assurance accreditation programs, ensuring all technical and procedural controls meet certification requirements
Maintain evidence packs, liaise with external assessors, and coordinate internal teams for successful audits and renewals
Qualification
Required
Degree in Computer Science, Information Security, Engineering, or a related field; or equivalent experience
At least one of the following professional certifications (or commitment to obtain within 12 months): CISSP or CISM (core), ISO/IEC 27001 Lead Implementer or Lead Auditor, CCSP (cloud) or CRISC (risk), CompTIA Security+
5+ years in information/cybersecurity roles, with demonstrable GRC ownership and risk management in complex, multi‑site environments
Hands‑on experience implementing and operating ISO 27001 and/or NIST CSF frameworks, including audits and certification cycles
Proven track record of leading remediation across vulnerability management, identity & access management, network security, and cloud security (Azure/AWS)
Vendor and third‑party risk management, including contract negotiation and continuous monitoring
Incident response participation (playbooks, table‑tops, forensics coordination, lessons learned)
Preferred
IEC 62443 certificate(s) (desirable for OT)
Practical exposure to industrial/OT security (IEC 62443 concepts, ICS/SCADA risk, segmentation, asset management) strongly preferred
Company
Rotork
Rotork is a FTSE-250 global leader in mission-critical flow control and instrumentation solutions, trusted by the world’s most essential industries - including oil & gas, water & wastewater, power generation, chemical processing, and industrial manufacturing.
1001-5000 employees
Funding
Current Stage
Late StageCompany data provided by crunchbase