Senior Security Specialist

The Senior Security Specialist is a key senior individual contributor within our global security organization. This role focuses on security oversight, risk-based decision-making, and trusted advisory support across Xellias global IT and OT landscape.

The Senior Security Specialist serves as a high-level reviewer, challenger, and partner to technology and business teams - ensuring that security solutions are fit for purpose, aligned to business requirements, and address real-world risks.

The role requires strong technical breadth , but places even greater emphasis on communication, influence, stakeholder management, and security intuition . Success in this role depends on understanding how the organization truly operates, building trust-based relationships, and helping teams make pragmatic, risk-informed security decisions.

Key Responsibilities

Security Oversight & Risk-Based Review

• Act as a senior security reviewer for IT and OT initiatives, assessing solutions against business requirements, threat scenarios, and risk exposure , not just technical design documents
• Review and challenge security designs, configurations, and operational practices across infrastructure, cloud, applications, identity, and OT environments
• Provide clear, practical recommendations that balance security, usability, cost, and operational realities

Stakeholder Engagement & Influence

• Build trusted advisory relationships with Global IT, Infrastructure, Business Applications, IAM, Compliance, OT, and external partners
• Translate complex security topics into clear, actionable guidance for both technical and non-technical stakeholders
• Influence security outcomes through collaboration and credibility , not authority
• Act as a bridge between security teams, delivery teams, and leadership - ensuring shared understanding of risk and priorities

Broad Security Domain Coverage

• Maintain broad hands-on and conceptual exposure across multiple security domains, including:
• Security Operations (SOC, monitoring, incident response)
• Governance, Risk, and Compliance (GRC)
• Cloud security (Azure preferably)
• Identity and Access Management
• Endpoint and network security
• Vulnerability and risk management
• Support risk assessments, remediation planning, and exception handling with a business-context-driven mindset
• Collaborate with SOC and external partners on incident handling, root cause analysis, and lessons learned

Security Operations & Continuous Improvement

• Provide senior oversight of day-to-day security operations, monitoring, and incident handling activities
• Review incident trends, vulnerabilities, and control gaps to identify systemic weaknesses and improvement opportunities
• Contribute to the evolution of security policies, standards, and guidelines based on operational experience and emerging threats
• Use security metrics and KPIs (e.g., incident trends, MTTR, remediation timelines) to support informed decision-making

Cloud, IAM & Technology Enablement

• Review and advise on secure cloud configurations, identity controls, conditional access, and MFA strategies
• Support secure adoption of new technologies by ensuring risks are understood and mitigated appropriately
• Provide oversight and guidance on the use and optimization of security tools (e.g., vulnerability management, EDR, logging, IAM), without acting as the primary tool owner

OT Security (Advisory & Oversight Focus)

• Provide senior security oversight for OT environments, focusing on risk visibility, governance, and operational alignment
• Review OT security architectures, assessments, and incident response approaches in collaboration with OT teams
• Help balance security controls with safety, availability, and operational continuity requirements
• Support OT security awareness by translating cyber risks into operational impact

Governance, Audit & Awareness

• Support internal and external audits by providing risk context, evidence explanations, and remediation guidance
• Contribute to security awareness and education initiatives, particularly for non-security audiences
• Promote a risk-aware culture rather than a compliance-only mindset

Required Qualifications

• Bachelors degree in Computer Science, Information Security, or a related field
• 5+ years of experience in information security across multiple domains (operations, risk, cloud, IAM, or OT)
• Strong understanding of security principles, enterprise risk management, and modern threat landscapes
• Demonstrated ability to communicate, influence, and build trust across diverse stakeholder groups
• Broad technical knowledge with the ability to assess solutions holistically rather than at component level

Preferred Qualifications

• Industry certifications such as CISSP, CCSP, CISM, CRISC, or equivalent
• Experience working closely with SOC teams and managed security service providers
• Familiarity with common security and compliance frameworks (e.g., NIST, ISO 27001, CIS)
• Experience in regulated or complex enterprise environments
• Strong analytical mindset combined with practical, business-oriented judgment