Operational Technology Security Consultant

About The Position

Requirements

• At least 4 years of working experience in operational technology security, OT risk assessment, or related infrastructure security roles
• Bachelor's degree in Engineering, Computer Science, Information Systems, or related field, or equivalent combination of education and experience demonstrating OT security expertise
• Direct experience in OT environments such as manufacturing, energy, utilities, or other critical infrastructure sectors
• Hands-on experience with Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems
• Knowledge of control system technologies, industrial automation architectures, and OT-specific networking environments
• Expertise in OT security assessment frameworks including IEC 62443, NIST SP 800-82, and industry-specific requirements such as NERC CIP
• Understanding of emerging OT regulatory requirements including NIS2 Directive, EU Cyber Resilience Act, and other sector-specific directives
• Strong analytical and critical thinking abilities
• Strong oral and written communication skills when presenting technical findings to both technical and non-technical audiences

Nice To Haves

• GICSP (Global Industrial Cyber Security Professional) certification
• CISM certification
• CISSP certification
• GRID (GIAC Response and Industrial Defense) certification
• GCIH (GIAC Certified Incident Handler) certification
• C2M2 (Cybersecurity Capability Maturity Model) assessment experience
• NIST Cybersecurity Framework (CSF) assessment and implementation experience
• Incident response experience in OT or critical infrastructure environments
• Business continuity or disaster recovery experience in OT environments
• Experience with safety-critical systems and understanding of functional safety standards (IEC 61508, ISO 10218)
• Technical writing experience for policy and procedure development
• Cloud platform experience relevant to OT environments or industrial IoT implementations

Responsibilities

• Maintain current knowledge of OT security standards, regulatory developments, and industry trends through ongoing professional development and relevant certifications
• Support and guide OT risk and security discussions with technical teams, operations staff, and executive stakeholders
• Conduct stakeholder interviews and review OT-related policies, procedures, architecture documentation, and compliance records to understand organizational OT environments and priorities
• Assess client environments against OT security practices and compliance posture against IEC 62443, NIST SP 800-82, NIST CSF, NERC CIP, NIS2 Directive, EU Cyber Resilience Act, C2M2, and other relevant OT standards and frameworks
• Develop maturity assessment and benchmarking reports identifying OT security gaps, current state findings, and prioritized remediation recommendations
• Develop sequenced remediation roadmaps with prioritized activities, timelines, and implementation guidance to address identified OT security gaps
• Advise clients on OT security program structure, governance frameworks, organizational roles and responsibilities, and recommended policies and procedures
• Present assessment findings, risk analysis, and strategic recommendations to clients and their leadership through executive briefings and detailed reports
• Support other Cyber Risk Advisory consulting engagements when necessary to maintain team capacity

Benefits

• paid parental leave
• flexible time off
• certification and training reimbursement
• digital mental health and wellbeing support membership
• comprehensive insurance options