Title: OT Risk Analyst Location: ALTA is supporting a 6-month contract opportunity working 100% remote. Position is remote however core hours need to align with US Central Time Zone. The Operational Technology (OT) Risk Analyst will assist with the Global Technology (GT), Operational Technology (OT) and Third Party Risk (TPR) programs to identify, treat and reduce risk related to the insecure use of plant-specific technology, third party technology and service providers for Global Technology. The Analyst will lead, take-charge, engage in team related events and when needed individually manage assessments and remediation, including tracking and reporting progress, of security control gaps. Additionally, the Analyst will leverage various sources of data to assess the security program and associated practices, highlight risks and control gaps associated with the Vendor/Third Party’s security program, categorize the potential risks based on severity, and identify potential mitigation strategies. The Analyst will participate in onboarding and maintain ongoing due diligence of risk associated with third party relationships; compile, review, and analyze risk and control information to formulate recommendations and create metrics and reports for management review and decision making. Working as part of a team, the Analyst will collaborate with various GT, OT and Business resources to evaluate financial, operational, governance, process, and efficiency considerations; so that a holistic overview with cradle to grave scope for threats, vulnerabilities and risks and can become interwoven into IT Risk, Third Party Risk and OT Risk accordingly. Additionally, the analyst will be responsible for identifying and tracking continuous monitoring activities to ensure the risks associated with active suppliers has not changed or exceeded risk tolerance thresholds. IN THIS ROLE, YOU WILL: + Integrate the Risk Management Framework (RMF) process within the OT (facility/plant) environment to ensure Threats, Vulnerabilities and Risks are treated throughout the RMF lifecycle. + Mature the tiering methodologies and improve processes or features within OneTrust to maintain tiering data for Assets and Third Parties. + Collaborate and contribute with the creation, documentation, and implementation of repeatable processes for onboarding, ongoing monitoring and offboarding of OneTrust Third Party and OT relationships. + Determine how the risk domains applicable to the OT, TPR, GT Risk environments impact Operational and Enterprise level risk. + Establish OneTrust Risk Dashboards and reporting with advanced metrics. + Contributes with monthly and quarterly metrics or as-required reporting to management by analyzing and reporting on IT security controls and risk exposure. WHAT YOU NEED TO APPLY: + Direct experience with Plant automation system and tools, network security, endpoint security and managing corresponding threats, vulnerabilities and risk mitigation framework lifecycle. + Five to Ten (5-10) years direct experience in a Third-Party Risk Analyst role is required. + A Bachelor's or Master’s degree in Computer Science, Cyber-Security or in a technology/information security-related field is preferred and can substitute degree in lieu of some actual experience. + Experience with a Governance-Risk-Compliance (GRC) software suite (OneTrust, Archer, Xacta, Workiva, etc.) is required; prefer direct experience with OneTrust. + Must be able to demonstrate a strong understanding of Security Control Frameworks (ISO, NIST, HIPAA, PCI, SOX) is required; prefer multiple framework experience vs a single framework experience. + Any “one” certification in; CISSP, CRISC, CASP, CYSA or Security+ CE is preferred. Ref: #860-IT Cincinnati System One, and its subsidiaries including Joulé, ALTA IT Services, CM Access, TPGS, and MOUNTAIN, LTD., are leaders in delivering workforce solutions and integrated services across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible full-time employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan. System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.