Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity.
Our trusted portfolio of brands – including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science.
Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.
About the role
The OT/IoT Standards & Control Framework Development Analyst plays a key supporting role in designing, maintaining, and improving Haleon’s OT and IoT Written Standards and associated Control Frameworks. Working under the direction of the Standards & Control Framework Development Lead, the Analyst performs detailed regulatory research, documentation analysis, control mapping, and standards lifecycle management specifically for OT and IoT environments.
The role ensures OT and IoT standards address the unique cybersecurity, safety, vendor dependency, change‑control, segmentation, and resilience needs of industrial control systems (ICS), building management systems (BMS), utilities, manufacturing automation, smart devices, and connected equipment.
Responsibilities include supporting alignment with ISA/IEC‑62443, NIST OT cybersecurity guidance, and global standards relating to cyber‑physical systems.
The Analyst helps ensure OT/IoT control requirements are incorporated into the enterprise GRC platform, and that Written Standards and controls remain harmonised across IT, OT, IoT, quality, cybersecurity, and risk domains.
Role Responsibilities
Support drafting, review, and maintenance of OT and IoT Written Standards, ensuring alignment with cybersecurity, privacy, safety, regulatory, and operational requirements (including ISA/IEC‑62443, NIST OT guidance, SOx, GxP).
Assist in developing and maintaining the OT & IoT Control Framework by performing control mapping, impact assessments, risk analysis, and documentation updates across ICS, IoT devices, and related digital operational environments.
Maintain OT/IoT control and standards content within the Digital & Technology Management System (DTMS), ensuring correct ownership, metadata, versioning, updates, and governance cadence.
Translate OT/IoT‑specific regulatory and operational requirements (including industrial cybersecurity regulations, quality expectations, safety guidance, secure remote access requirements, and vendor lifecycle constraints) into clear and actionable standards and control definitions.
Work with GRC tooling teams to maintain master controls, relationships, and OT/IoT mappings within the GRC platform, ensuring end‑to‑end alignment between Written Standards, control requirements, and enterprise risk processes.
Contribute to OT/IoT standards improvement initiatives by identifying redundant, legacy, or duplicative requirements, recommending modernised and harmonised controls, and incorporating controls relevant to remote access, segmentation, asset lifecycle, firmware management, and system hardening.
Business Expertise
Working knowledge of Operational Technology (OT) and IoT architectures, including ICS, SCADA, PLCs, HMIs, building management systems, manufacturing systems, connected sensors, wearables, and smart devices.
Familiarity with OT cybersecurity standards (e.g., ISA/IEC‑62443), NIST OT cybersecurity frameworks, IoT device standards, and secure‑by‑design practices.
Understanding of GxP, SOx, data protection, safety, and manufacturing regulatory expectations relevant to OT/IoT systems.
Solid grasp of IT/OT convergence principles, including network segmentation, secure remote access, patching constraints, vendor‑supported change control, and operational risk.
Foundational knowledge of GRC tooling, master control structures, and governance processes.
Ability to translate regulatory or operational requirements into structured Written Standards that are practical for sites and engineering teams to adopt.
Problem Solving
Supports complex regulatory interpretation across OT/IoT cybersecurity, safety, privacy, and compliance domains.
Helps reconcile differences between IT and OT operating requirements, identifying practical approaches that protect safety and production continuity while improving security posture.
Assists in identifying gaps and inconsistencies in OT/IoT standards and controls, performing root‑cause analysis and recommending improvements.
Analyses emerging OT/IoT threats (e.g., ransomware targeting ICS, supply‑chain exploits, sensor spoofing) and incorporates relevant insights into standards updates.
Balances global standardisation with local site operational constraints and vendor limitations.
Nature & Area of Impact
Contributes to the global OT/IoT governance model across manufacturing, supply chain, utilities, laboratories, and facilities.
Supports the organisation’s ability to meet regulatory compliance, cybersecurity expectations, safety requirements, and internal audit obligations for cyber‑physical environments.
Enhances consistency, clarity, and efficiency across OT and IoT control adoption at global sites.
Improves organisational resilience by strengthening OT/IoT control definitions, documentation, and lifecycle management.
Interactions / Interpersonal Skills
Works closely with the Standards & Control Framework Development Lead for direction, prioritisation, quality assurance, and approvals.
Coordinates with site engineering teams, manufacturing system owners, facilities teams, cybersecurity teams, IoT product owners, GRC tooling teams, quality, internal audit, and risk stakeholders.
Communicates OT/IoT standard expectations clearly to both technical OT personnel and non‑technical stakeholders.
Requires strong analytical writing skills to convert complex technical and regulatory requirements into concise and consistent documentation.
Ability to collaborate across engineering, IT, security, and operational teams in fast‑moving, high‑constraint environments.
Why you?
Basic Qualifications:
Bachelor’s degree in engineering, Information Systems, Industrial Control Systems, Cybersecurity, or a related field.
5 –7 years in OT cybersecurity, engineering, IoT device governance, technology risk, or compliance.
Experience working with OT/ICS systems, IoT architectures, or digital manufacturing environments.
Foundational understanding of risk management, cybersecurity, and compliance frameworks.
Exposure to control frameworks and standards development processes.
Experience supporting documentation lifecycle management and governance processes.
Preferred Qualifications:
Training in OT cybersecurity, IoT security, or GRC frameworks (ISA/IEC‑62443, NIST CSF, ITIL, ISO 27001).
Experience in regulated environments (GxP manufacturing, consumer health, pharma, or industrial sectors).
Familiarity with OT/IoT threat landscapes, asset lifecycle, segmentation, and secure remote access patterns.
Required Licenses/Certifications:
Desirable: ISA/IEC 62443 Cybersecurity Fundamentals, ITIL Foundation, ISO 27001, or ISACA associate certifications.
Job Posting End Date
2026-06-26
Haleon are committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where different backgrounds and views are valued and respected – all in support of understanding and best serving the needs of our consumers and unleashing the full potential of our people. It’s important to us that Haleon is a place where all our employees feel they truly belong.
During the application process, we may ask you to share some personal information, which is entirely voluntary. This information ensures we meet certain regulatory and reporting obligations and supports the development, refinement, and execution of our inclusion and belonging programmes that are open to all Haleon employees.
The personal information you provide will be kept confidential, used only for legitimate business purposes, and will never be used in making any employment decisions, including hiring decisions.
If you require a reasonable adjustment or accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific adjustments you are requesting. We’ll provide all reasonable adjustments to support you throughout the recruitment process and treat all information you provide us in confidence.
The Haleon recruitment team will contact you using a Haleon email account (@haleon.com). If you are not sure whether the email you received is from Haleon, please get in touch.
