OT Cyber Security Consultant

OT Cyber Security Consultant

Remote working

Main Activities

• deploy, and oversee Cyber Security Management Systems (CSMS) aligned with the ISA 62443-2-1 standard customised for client-specific industrial automation and control system requirements.
• clients through compliance with regulatory standards such as the NIS Regulations, ensuring all activities adhere to relevant laws, regulations, and industry guidelines.
• comprehensive security assessments, including health checks and gap analysis against standards like the Cyber Assessment Framework (CAF) and NIST CSF 2.0, to gauge and enhance clients' security posture.
• and implement OT Security Policies, Procedures, Guidelines, and Work Instructions as part of a CSMS, ensuring robust governance and operational security.
• and participate in risk assessments in line with ISA-62443-3-2 standards, focusing on identifying and mitigating security risks in system design.
• or lead in the creation and refinement of OT Security Charters and OT Security Target Operating Models, supporting clients in establishing a clear security mandate and governance framework for strategic security transformation.
• as the Subject Matter Expert (SME) for regulatory compliance, liaising with UK competent authorities such as OFGEM (gas and electricity), OFWAT (water), HSE (oil and gas operations), ONR (nuclear), and ORR (Office of Rail and Road) for rail, ensuring adherence to cyber security and operational technology standards within the water, gas, oil, nuclear, energy, and rail sectors.
• clients in transitioning to or implementing frameworks like ISA-62443-3-3 and the NIST Cybersecurity Framework (CSF) 2.0, ensuring governance practices are in place and standards like NIST SP 800-82 are met.
• complex security challenges within Industrial Control Systems (ICS) and critical national infrastructure, providing bespoke solutions to mitigate risks.
• and evaluate operational technology security architectures, leveraging industry-standard methodologies such as the Purdue Enterprise Reference Architecture (PERA) and ISA 95 to ensure alignment with best practices.
• with the strategic planning, execution, and management of consulting projects, maintaining alignment with project goals, timelines, budgets, and ensuring proactive management of any deviations.
• as the primary liaison with clients, fostering strong relationships, understanding their unique challenges, and aligning our solutions with their strategic aims.
• the high quality of deliverables, adhering to both the firm’s standards and client expectations through meticulous quality control and document management.
• knowledge sharing and the adoption of innovative technologies and practices within the team and across the organisation, to address evolving challenges in OT, ICS, and IIoT cybersecurity.
• and pursue new business opportunities with existing clients by understanding their changing needs and demonstrating how our services can provide additional value.
• to travel to client sites across the UK and Ireland as project needs dictate.

Essential experience:

• OT Security Certifications: Possession of at least one OT security industry certification with a strong preference for ISA/IEC 62443 Cybersecurity Expert. Other accepted certifications include but are not limited to: ISA/IEC 62443 Cybersecurity Risk Assessment Specialist, ISA/IEC 62443 Cybersecurity Design Specialist, ISA/IEC 62443 Cybersecurity Maintenance Specialist, SANS Global Industrial Cyber Security Professional (GICSP), and Certified SCADA Security Architect (CSSA). (Role holders without certification need to have significant experience with Operational Technology Cyber Security (5+ years) and the ISA 62443 standard, that would equate to a similar level of knowledge).
• Expertise: At least 2 years minimum direct experience with critical infrastructure and ICS, including familiarity with SCADA HCI systems, PLCs, RTUs, etc., demonstrating a nuanced understanding of the complex security landscapes of ICS and critical infrastructure.
• Proficiency: Demonstrated skill in the design, implementation, or oversight of Cyber Security Management Systems aligning with ISA 62443-2-1 standards.
• 62443: Clear experience of implementing the ISA/IEC 62443 suite of standards, especially ISA-62443-2-1 and ANSI/ISA-62443-3-3
• Compliance: Advanced knowledge in guiding clients through the maze of regulatory standards, such as the NIS Regulations, with a solid foundation knowledge in relevant legal, regulatory, and industry considerations.
• Evaluation Experience: Experience in conducting detailed security assessments, audits, and gap analyses against standards, frameworks and guidance such as HSE OG-86, NIST SP 800-82, CAF, and/or NIST CSF 2.0, to evaluate and enhance clients' security posture.
• Development Skill: Ability in crafting comprehensive OT Security Policies, Procedures, Guidelines, and Work Instructions within a CSMS framework.
• Assessment Capability: Experience in conducting or assisting with OT security risk assessments, with a preference for adherence to the ANSI/ISA-62443-3-2 standard. Other relevant risk frameworks such as
• 62443 Standards Application: Demonstrated application of the ISA 62443 standards suite in relevant sectors.
• Protocol Familiarity: Knowledge of ICS communication protocols, such as MODBUS, OPC, DNP3, etc.

Essential Consulting / Soft Skills:

• Communication: Mastery in conveying complex concepts with clarity and persuasion across diverse stakeholder groups, utilising both written and verbal methods.
• Problem-Solving: A proven track record in innovative thinking and the successful application of solutions to overcome challenges.
• An innate ability to seamlessly adapt to new situations, evolving conditions, and unforeseen challenges with agility.
• Intelligence: A profound capacity for self-awareness and empathy, coupled with the skill to manage personal emotions and those of others effectively.
• Approach: A deep-rooted commitment to grasping and prioritising client needs, underscored by a talent for fostering trust and cultivating robust client relationships.
• Collaboration: Demonstrable effectiveness in teamwork, underpinned by a readiness to exchange knowledge and offer support to peers.
• Leadership: The capacity to energise, direct, and propel team members toward the fulfilment of project and organisational objectives.
• Multitasking: Competency in handling numerous tasks and projects concurrently, with a strategic approach to prioritisation and deadline management.
• and Stakeholder Engagement: Proven excellence in client and stakeholder engagement, aligning consulting strategies with business objectives and fostering meaningful relationships.
• Service Dedication: A commitment to exceptional customer service, driven by an in-depth understanding of clients' unique challenges and goals.
• Willingness: Availability for travel to client sites across the UK and Ireland
• Clearance Eligibility: Ability and willingness to obtain and maintain Security Check (SC) clearance.

Desirable:

• Undergraduate degree in an engineering related discipline or a computer science discipline from an accredited college or university and 2+ years of progressive, relevant experience in OT Security
• Management: Project management skills, especially using agile, evidenced by a successful track record in leading complex consulting engagements from inception to delivery within stipulated timelines and budgets.
• and Team: Managing project teams, assigning roles and responsibilities, promoting a culture of collaboration, learning, and innovation, and ensuring resources are available for project success.
• and Coaching Others: Leadership capabilities for assigning project roles, fostering teamwork and learning, providing necessary resources, and mentoring junior team members.
• Architecture: Ability to design or evaluate OT security architectures across various industries, aligning with standards like the Purdue Enterprise Reference Architecture (PERA).
• Development and Sales: Business development acumen for identifying new opportunities with existing clients and expanding the firm’s value proposition.
• Operating Models: Skills in designing or supporting the creation of OT Security Charters and OT Security Target Operating Models to facilitate strategic security governance and change.

If interest, please email your CV to hannah.tomlinson@vantageconsulting.co.uk or apply directly.