Operational Technology Security Consultant

The Operational Technology (OT) Cybersecurity Consultant assesses the security posture and maturity of OT environments for clients across manufacturing, energy, utilities, and other critical infrastructure sectors. This role involves conducting stakeholder interviews, reviewing OT documentation, evaluating security practices against industry frameworks, and developing maturity assessment reports with remediation recommendations. The Consultant presents findings and strategic guidance to clients while working with Project Managers, Directors, and Delivery teams to manage project scope and timelines.

• Maintain current knowledge of OT security standards, regulatory developments, and industry trends through ongoing professional development and relevant certifications
• Support and guide OT risk and security discussions with technical teams, operations staff, and executive stakeholders
• Conduct stakeholder interviews and review OT-related policies, procedures, architecture documentation, and compliance records to understand organizational OT environments and priorities
• Assess client environments against OT security practices and compliance posture against IEC 62443, NIST SP 800-82, NIST CSF, NERC CIP, NIS2 Directive, EU Cyber Resilience Act, C2M2, and other relevant OT standards and frameworks
• Develop maturity assessment and benchmarking reports identifying OT security gaps, current state findings, and prioritized remediation recommendations
• Develop sequenced remediation roadmaps with prioritized activities, timelines, and implementation guidance to address identified OT security gaps
• Advise clients on OT security program structure, governance frameworks, organizational roles and responsibilities, and recommended policies and procedures
• Present assessment findings, risk analysis, and strategic recommendations to clients and their leadership through executive briefings and detailed reports
• Support other Cyber Risk Advisory consulting engagements when necessary to maintain team capacity

• At least 4 years of working experience in operational technology security, OT risk assessment, or related infrastructure security roles
• Bachelor's degree in Engineering, Computer Science, Information Systems, or related field, or equivalent combination of education and experience demonstrating OT security expertise
• Direct experience in OT environments such as manufacturing, energy, utilities, or other critical infrastructure sectors
• Hands-on experience with Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems
• Knowledge of control system technologies, industrial automation architectures, and OT-specific networking environments
• Expertise in OT security assessment frameworks including IEC 62443, NIST SP 800-82, and industry-specific requirements such as NERC CIP
• Understanding of emerging OT regulatory requirements including NIS2 Directive, EU Cyber Resilience Act, and other sector-specific directives
• Strong analytical and critical thinking abilities
• Strong oral and written communication skills when presenting technical findings to both technical and non-technical audiences

• GICSP (Global Industrial Cyber Security Professional) certification
• CISM certification
• CISSP certification
• GRID (GIAC Response and Industrial Defense) certification
• GCIH (GIAC Certified Incident Handler) certification
• C2M2 (Cybersecurity Capability Maturity Model) assessment experience
• NIST Cybersecurity Framework (CSF) assessment and implementation experience
• Incident response experience in OT or critical infrastructure environments
• Business continuity or disaster recovery experience in OT environments
• Experience with safety-critical systems and understanding of functional safety standards (IEC 61508, ISO 10218)
• Technical writing experience for policy and procedure development
• Cloud platform experience relevant to OT environments or industrial IoT implementations