OT/IoT Standards & Control Framework Development Analyst

About the role

The OT/IoT Standards & Control Framework Development Analyst plays a key supporting role in designing, maintaining, and improving Haleon's OT and IoT Written Standards and associated Control Frameworks. Working under the direction of the Standards & Control Framework Development Lead, the Analyst performs detailed regulatory research, documentation analysis, control mapping, and standards lifecycle management specifically for OT and IoT environments. The role ensures OT and IoT standards address the unique cybersecurity, safety, vendor dependency, change‑control, segmentation, and resilience needs of industrial control systems (ICS), building management systems (BMS), utilities, manufacturing automation, smart devices, and connected equipment. Responsibilities include supporting alignment with ISA/IEC‑62443, NIST OT cybersecurity guidance, and global standards relating to cyber‑physical systems. The Analyst helps ensure OT/IoT control requirements are incorporated into the enterprise GRC platform, and that Written Standards and controls remain harmonised across IT, OT, IoT, quality, cybersecurity, and risk domains.

Responsibilities

• Support drafting, review, and maintenance of OT and IoT Written Standards, ensuring alignment with cybersecurity, privacy, safety, regulatory, and operational requirements (including ISA/IEC‑62443, NIST OT guidance, SOx, GxP).
• Assist in developing and maintaining the OT & IoT Control Framework by performing control mapping, impact assessments, risk analysis, and documentation updates across ICS, IoT devices, and related digital operational environments.
• Maintain OT/IoT control and standards content within the Digital & Technology Management System (DTMS), ensuring correct ownership, metadata, versioning, updates, and governance cadence.
• Translate OT/IoT‑specific regulatory and operational requirements (including industrial cybersecurity regulations, quality expectations, safety guidance, secure remote access requirements, and vendor lifecycle constraints) into clear and actionable standards and control definitions.
• Work with GRC tooling teams to maintain master controls, relationships, and OT/IoT mappings within the GRC platform, ensuring end‑to‑end alignment between Written Standards, control requirements, and enterprise risk processes.
• Contribute to OT/IoT standards improvement initiatives by identifying redundant, legacy, or duplicative requirements, recommending modernised and harmonised controls, and incorporating controls relevant to remote access, segmentation, asset lifecycle, firmware management, and system hardening.
• Business Expertise
• Working knowledge of Operational Technology (OT) and IoT architectures, including ICS, SCADA, PLCs, HMIs, building management systems, manufacturing systems, connected sensors, wearables, and smart devices.
• Familiarity with OT cybersecurity standards (e.g., ISA/IEC‑62443), NIST OT cybersecurity frameworks, IoT device standards, and secure‑by‑design practices.
• Understanding of GxP, SOx, data protection, safety, and manufacturing regulatory expectations relevant to OT/IoT systems.
• Solid grasp of IT/OT convergence principles, including network segmentation, secure remote access, patching constraints, vendor‑supported change control, and operational risk.
• Foundational knowledge of GRC tooling, master control structures, and governance processes.
• Ability to translate regulatory or operational requirements into structured Written Standards that are practical for sites and engineering teams to adopt.
• Problem Solving
• Supports complex regulatory interpretation across OT/IoT cybersecurity, safety, privacy, and compliance domains.
• Helps reconcile differences between IT and OT operating requirements, identifying practical approaches that protect safety and production continuity while improving security posture.
• Assists in identifying gaps and inconsistencies in OT/IoT standards and controls, performing root‑cause analysis and recommending improvements.
• Analyses emerging OT/IoT threats (e.g., ransomware targeting ICS, supply‑chain exploits,

Benefits

Additional Information

Welcome to Haleon. We're a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we've grown, evolved and are now entering an exciting new chapter - one filled with bold ambitions and enormous opportunity. Our trusted portfolio of brands - including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® - lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science. Now it's time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose - to deliver better everyday health with humanity - at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at gsknch? Share your experience