Orion Group

We have a current opportunity for a Senior InfoSec Advisor (IRM Manager) on a 12 month PAYE contract basis Key Responsibilities Discovery & Portfolio Shaping Run discovery with process owners; agree scope, outcomes and success measures; map AS-IS / TO-BE and identify simplification opportunities. Elicit and document requirements (user stories/use cases, acceptance criteria); maintain traceability into testing and release. Shape a value-based roadmap and backlog (configuration vs. enhancement vs. process change) with clear options and impacts. Delivery & Change Enablement Build and manage plans, RAID and release calendars; govern scope and change control. Coordinate UAT, readiness, training and communications; run cutover/hypercare and track benefits realisation. Provide concise status/risk reporting to functional leadership and PMO. Integrations, Data & Non-Functionals Lead outcomes across APIs/middleware and batch/file jobs; agree monitoring and error-handling standards with AMS. Embed Non-Functional Requirements, performance, availability, supportability and ensuring solutions are supportable by operations. Champion data quality, reconciliations and reporting enablement; maintain interface contracts and runbooks. Controls, Risk & Compliance Embed SoD, Joiner-Mover-Leaver and GDPR controls; maintain audit-ready evidence. Coordinate with Information Risk Management and Architecture on risk acceptance and remediation. Vendor & AMS Governance Act as day-to-day interface to AMS and ISVs: prioritise backlog, agree estimates/timelines; manage SOWs, Service Level Agreements, KPIs and Service Improvement Plans. Ensure clean handover to BAU with updated documentation and knowledge articles. Service Operations (SME / L3 coordination) Serve as functional SME and L3 escalation: triage complex issues and direct AMS/vendors to resolution. Maintain support models, runbooks and knowledge articles; track service KPIs and drive SIPs. Role Dimensions Multi-application portfolio spanning finance, procurement, maintenance and document/collaboration solutions. Complex stakeholder set across business functions, AMS and ISVs; measurable outcomes and adoption focus. Role Requirements 7+ years in application change delivery as a PM/BA across enterprise platforms. Proven delivery of enhancements/upgrades/integrations with AMS/ISVs; strong UAT, cutover and hypercare leadership. Integration literacy (APIs/middleware), data quality mindset and documentation discipline; ways of working aligned to ITIL v4 and PMO governance. Excellent stakeholder communication; experience with IT Service Management (ITSM) tools (e.g., ServiceNow) and Agile/Scrum or PRINCE2. Our role in supporting diversity and inclusion As an international workforce business, we are committed to sourcing personnel that reflects the diversity and values of our client base but also that of Orion Group. We welcome the wide range of experiences and viewpoints that potential workers bring to our business and our clients, including those based on nationality, gender, culture, educational and professional backgrounds, race, ethnicity, sexual orientation, gender identity and expression, disability, and age differences, job classification and religion. In our inclusive workplace, regardless of your employment status as staff or contract, everyone is assured the right of equitable, fair and respectful treatment.

We have a current opportunity for a Senior InfoSec Advisor (IRM Manager) on a 12 month PAYE contract basis. The position will be based in Aberdeen and will have a 3/2 hybrid working pattern Key ResponsibilitiesRisk Assessment & Secure by Design Perform structured IT and information security risk assessments and threat modelling for new IT platforms, systems, and applications and for material changes. Provide security architecture advice (patterns, guardrails) aligned to NIST CSF / ISO 27001 and company standards. Define and agree control selection (prevent/detect/correct) proportionate to risk, including identity, data and platform controls. Conduct IT control walkthroughs to validate design and operating effectiveness; document evidence and issues. LOD2 Assurance & Critical Assets Own the LOD2 assurance plan with specific focus on critical assets and safety-related systems; define test scopes, frequency and metrics. Track high-risk deviations and risk acceptances; drive remediation and report residual risk to the CISO, CIO and business risk owners. OT / ICS Security Own the LOD2 assurance plan across OT sites against the OT security standard, deciding the order and frequency of assessments aligned to risk and risk appetite. Provide OT security advisory in relation to OT security standards alignment across all OT sites, advocating for segmentation, zoning, secure remote access, security monitoring and patching controls in line with ISA/IEC 62443. Supplier & Third-Party Assurance (with Procurement) Run supplier assurance in collaboration Procurement including, pre contract due diligence, control reviews, and ongoing attestation for Suppliers and Third Parties. Collaborate with Legal to ensure that contractual SLAs/KPIs include security requirements and be involved in remediation where gaps exist. Reporting & Governance Maintain risk registers, control libraries and test plans; provide CIO-ready reporting on issues and residual risk. Coordinate with the Business and 1st Line risk owners, as well as with the Assurance parties such as Internal Audit (LOD3) and the major IT and SOC managed service providers to close control gaps, and feed lessons learnt into standards and patterns. Role Dimensions Organisation-wide information security remit across corporate IT and OT; frequent engagement with IT Operations, OT Engineering, HSSE, Finance, Procurement and Legal. Direct influence on risk mitigation options and plans, acting as a trusted advisor. Mix of advisory, oversight and hands-on walkthroughs; pragmatic, proportionate risk approach. Role Requirements 7+ years in information risk, security assurance or IT audit within regulated, safety-critical or industrial environments (energy/oil & gas preferred). Strong knowledge of NIST CSF, ISO 27001, UK GDPR and supplier assurance practices; familiarity with the UK CAF is desirable. Proven experience running compliance and assurance functions, Secure-by-Design reviews, and control testing (for design & operating effectiveness). Solid grasp of OT/ICS risk and understanding of SCADA/PI/EC interfaces. Skilled at stakeholder management and risk communication to senior audiences (clear, concise, business-outcome focused). Tooling familiarity: GRC/IRM platforms (e.g., ServiceNow), and common cloud services (M365/Azure) for workflows and evidence capture. Advantageous Certifications: Governance & Audit: ISO 27001 Lead Auditor, CISM Architecture & Design: SABSA, CISSP OT/ICS: SANS GICSP, ISA/IEC 62443 Our role in supporting diversity and inclusion As an international workforce business, we are committed to sourcing personnel that reflects the diversity and values of our client base but also that of Orion Group. We welcome the wide range of experiences and viewpoints that potential workers bring to our business and our clients, including those based on nationality, gender, culture, educational and professional backgrounds, race, ethnicity, sexual orientation, gender identity and expression, disability, and age differences, job classification and religion. In our inclusive workplace, regardless of your employment status as staff or contract, everyone is assured the right of equitable, fair and respectful treatment.

We are seeking an Applications Specialist to support Hydrocarbon Accounting systems aplications, particularly SAP FI/CO/MM integration with SCADA Lead the change and optimisation agenda for hydrocarbon accounting and production reporting using Energy Components. Operate as a hybrid Project Manager and Business Analyst. Shape scope with Operations and Finance; translate allocation and metering requirements into robust designs; and lead delivery with AMS/ISVs to land releases safely (UAT, cutover, communications and benefits). Provide light-touch Service Operations leadership as functional SME (L3 escalation and vendor coordination). Key Responsibilities Discovery & Business Analysis Run discovery with Operations/Finance; agree scope and outcomes; map AS-IS / TO-BE for allocation, reconciliation and reporting processes. Capture requirements and acceptance criteria; maintain traceability through testing and release; document functional options and impacts. Plan around month/quarter-end calendars to minimise risk to close activities. Delivery & Close Calendars Build/manage plans, RAID and release calendars; coordinate UAT, readiness, comms and training; run cutover/hypercare and track benefits. Provide clear status/risk reporting to stakeholders and PMO; log assumptions and manage change control. Integrations & Data Quality Lead outcomes across connections with plant data historians (e.g., OSIsoft PI) and Supervisory Control and Data Acquisition (SCADA), and integrations to SAP Financial Accounting/Controlling (FI/CO) / Materials Management (MM) and analytics platforms. Define data quality KPIs, exception handling patterns and recovery procedures; maintain interface contracts and runbooks. Embed Non-Functional Requirements for performance, availability and supportability; ensure solutions are supportable by operations. Regulatory, JV & Audit Design controls and documentation to meet regulatory and Joint Venture reporting expectations; maintain audit-ready evidence. Coordinate with IRM/Architecture on risk acceptance and remediation; manage data retention and evidence trails. Vendor & AMS Governance Act as day-to-day interface to AMS and ISVs: prioritise backlog, agree estimates/timelines; manage SOWs/SLAs/KPIs/SIPs. Ensure clean handover to BAU with up-to-date knowledge articles and support models. Service Operations (SME / L3 coordination) Serve as functional SME and L3 escalation: triage allocation exceptions, metering anomalies and data quality issues; direct AMS/vendors to resolution. Maintain close/calendar playbooks, evidence packs and knowledge articles; drive SIPs from incident/problem reviews. Role Dimensions Direct impact on production reporting accuracy, commercial outcomes and regulatory/JV obligations. Multi-party delivery with AMS, ISVs and plant data teams; offshore data dependencies. Role Requirements 7+ years delivering change across hydrocarbon accounting/production reporting (preferably Energy Components). Strong BA/PM track record across requirements, UAT, release; familiarity with PI/SCADA and SAP FI/CO/MM integrations. Evidence-led approach to reconciliation and variance analysis; experience with audit and regulatory submissions. Excellent stakeholder management; ITIL v4/PMO governance; clear written documentation and communication. Our role in supporting diversity and inclusion As an international workforce business, we are committed to sourcing personnel that reflects the diversity and values of our client base but also that of Orion Group. We welcome the wide range of experiences and viewpoints that potential workers bring to our business and our clients, including those based on nationality, gender, culture, educational and professional backgrounds, race, ethnicity, sexual orientation, gender identity and expression, disability, and age differences, job classification and religion. In our inclusive workplace, regardless of your employment status as staff or contract, everyone is assured the right of equitable, fair and respectful treatment.