Operational Technology Security Analyst

Every day, CalMac connects communities, supports island economies, and keeps people moving, safely and reliably. Behind every sailing is a complex network of operational technology, from vessel control systems to port infrastructure. We're looking for an Operational Technology Security Analyst to help protect the systems that keep our fleet and ports running. Our vessels, ports, and operational environments rely on secure, resilient OT systems. In this role, you'll be at the frontline of safeguarding critical infrastructure, protecting everything from SCADA and control systems to industrial networks, ensuring CalMac can operate safely in an increasingly complex cyber threat landscape. Your work won't just protect systems; it will support safe journeys for 5 million passengers every year. We offer flexibility on location, with the successful candidate able to be based anywhere across the CalMac network. You'll work on a hybrid basis from one of our port locations, with travel to our Gourock headquarters as required. What you'll be doing This is a hands-on, high-impact role where no two days are the same. You will: * Secure critical OT systems - monitoring alerts, investigating threats, and strengthening system resilience

• Identify and manage risk - conducting vulnerability and risk assessments across vessels and port environments
• Own OT asset security posture - tracking assets and ensuring visibility, compliance, and protection
• Support secure design and architecture - helping shape robust OT network environments (segmentation, firewalls, DMZs)
• Respond to incidents and emerging threats - analysing attack trends and safeguarding systems against evolving risks
• Lead assurance activities - participate in audits, penetration testing, and incident simulations
• Collaborate across teams - working closely with engineering, IT, vessel crews, and third-party suppliers
• Drive awareness and improvement - championing OT cyber hygiene and continuous improvement in security practices
• Get hands-on on-site - visiting vessels and ports to support security in live, operational environments

Do you have experience in NIST standards?, We're looking for someone who is technically capable, curious, and passionate about securing critical infrastructure:

• Experience in OT cybersecurity within industrial or critical infrastructure environments
• Strong understanding of ICS/SCADA, PLCs, RTUs, and industrial networking
• Knowledge of industrial protocols (e.g. Modbus, DNP3)
• Familiarity with frameworks such as NIST, IEC 62443, ISO 27001, and NCSC CAF
• Experience with OT monitoring tools, asset discovery, and vulnerability management
• Understanding of IT/OT convergence and associated risks
• Ability to analyse threats, respond to incidents, and improve security maturity
• Strong communication skills to engage a wide range of stakeholders, from engineers to senior leaders

A degree in Cybersecurity, Engineering or a related discipline is beneficial, but your experience and mindset matter most.

Pulled from the full job description

• Annual leave
• Company pension

Purpose-driven work - play a vital role in protecting services that island communities depend on * Real-world impact - operational environments where your work directly affects safety and reliability * Unique environment - from ports to vessels, no typical office-based security role * Collaboration and growth - work alongside experienced professionals across IT, engineering, and operations * Continuous improvement culture - shape and strengthen OT security across a national infrastructure provider Step aboard and make a difference If you're ready to take on a role where cybersecurity meets real-world operations, and where your expertise protects critical services, we want to hear from you. The interviews will take place after 1st July 2026.