Senior Security Specialist

The Senior Security Specialist is a key senior individual contributor within our global security organization. This role focuses on security oversight, risk-based decision-making, and trusted advisory support across Xellia’s global IT and OT landscape.The Senior Security Specialist serves as a high-level reviewer, challenger, and partner to technology and business teams - ensuring that security solutions are fit for purpose, aligned to business requirements, and address real-world risks.The role requires strong technical breadth, but places even greater emphasis on communication, influence, stakeholder management, and security intuition. Success in this role depends on understanding how the organization truly operates, building trust-based relationships, and helping teams make pragmatic, risk-informed security decisions.Key ResponsibilitiesSecurity Oversight & Risk-Based Review- Act as a senior security reviewer for IT and OT initiatives, assessing solutions against business requirements, threat scenarios, and risk exposure, not just technical design documents - Review and challenge security designs, configurations, and operational practices across infrastructure, cloud, applications, identity, and OT environments - Provide clear, practical recommendations that balance security, usability, cost, and operational realitiesStakeholder Engagement & Influence- Build trusted advisory relationships with Global IT, Infrastructure, Business Applications, IAM, Compliance, OT, and external partners - Translate complex security topics into clear, actionable guidance for both technical and non-technical stakeholders - Influence security outcomes through collaboration and credibility, not authority - Act as a bridge between security teams, delivery teams, and leadership - ensuring shared understanding of risk and prioritiesBroad Security Domain Coverage- Maintain broad hands-on and conceptual exposure across multiple security domains, including: - Security Operations (SOC, monitoring, incident response) - Governance, Risk, and Compliance (GRC) - Cloud security (Azure preferably) - Identity and Access Management - Endpoint and network security - Vulnerability and risk management - Support risk assessments, remediation planning, and exception handling with a business-context-driven mindset - Collaborate with SOC and external partners on incident handling, root cause analysis, and lessons learnedSecurity Operations & Continuous Improvement- Provide senior oversight of day-to-day security operations, monitoring, and incident handling activities - Review incident trends, vulnerabilities, and control gaps to identify systemic weaknesses and improvement opportunities - Contribute to the evolution of security policies, standards, and guidelines based on operational experience and emerging threats - Use security metrics and KPIs (e.g., incident trends, MTTR, remediation timelines) to support informed decision-makingCloud, IAM & Technology Enablement- Review and advise on secure cloud configurations, identity controls, conditional access, and MFA strategies - Support secure adoption of new technologies by ensuring risks are understood and mitigated appropriately - Provide oversight and guidance on the use and optimization of security tools (e.g., vulnerability management, EDR, logging, IAM), without acting as the primary tool ownerOT Security (Advisory & Oversight Focus)- Provide senior security oversight for OT environments, focusing on risk visibility, governance, and operational alignment - Review OT security architectures, assessments, and incident response approaches in collaboration with OT teams - Help balance security controls with safety, availability, and operational continuity requirements - Support OT security awareness by translating cyber risks into operational impactGovernance, Audit & Awareness- Support internal and external audits by providing risk context, evidence explanations, and remediation guidance - Contribute to security awareness and education initiatives, particularly for non-security audiences - Promote a risk-aware culture rather than a compliance-only mindsetRequired Qualifications- Bachelor’s degree in Computer Science, Information Security, or a related field - 5+ years of experience in information security across multiple domains (operations, risk, cloud, IAM, or OT) - Strong understanding of security principles, enterprise risk management, and modern threat landscapes - Demonstrated ability to communicate, influence, and build trust across diverse stakeholder groups - Broad technical knowledge with the ability to assess solutions holistically rather than at component levelPreferred Qualifications- Industry certifications such as CISSP, CCSP, CISM, CRISC, or equivalent - Experience working closely with SOC teams and managed security service providers - Familiarity with common security and compliance frameworks (e.g., NIST, ISO 27001, CIS) - Experience in regulated or complex enterprise environments - Strong analytical mindset combined with practical, business-oriented judgment

Apply Now