Principal Consultant

Position Title: Principal Consultant - OT 

Location: Manchester 

Role Purpose:  

As a Principal OT Consultant in NCC Group's Global OT Consulting and Implementation (C&I) division, you'll be at the forefront of protecting critical infrastructure. Your role is pivotal in providing advanced Cyber Security Assurance and Engineering to suppliers, owners, and operators, helping them safeguard essential processes and equipment. 

You will lead project teams, build and maintain trusted client relationships, and spearhead assessments. You'll translate complex technical findings into clear, actionable roadmaps and ensure adherence to internal policies. Moreover, you'll play a key role in supporting sales activities and mentoring junior consultants, contributing to our collective growth. You will also work closely with the OT Practice Director to expand our global engineering capabilities, which includes remote and on-site work in industrial environments like manufacturing, energy generation, oil & gas, and transportation systems. 

Summary: 

NCC Group specializes in offering comprehensive, engineering-focused cyber assurance services. Our goal is to assist organizations in understanding their operating environment and technology risks, then implementing robust safeguards. 

Our services encompass a wide range of disciplines, including: 

• Strategic & Architectural Services: Roadmaps, Architecture design and review, IT/OT convergence assessments, and digital transformation programs. 

• Risk & Assessment: Threat modeling, risk assessments, gap analyses against standards like IEC 62443, and pre/post-merger & acquisition due diligence. 

• Operational Security: Testing on equipment and production facilities, developing processes and guidelines for reliable and safe operations, security awareness training, and incident response planning. 

• Advanced Capabilities: Managed services, DFIR (Digital Forensics and Incident Response), Penetration Testing, and Safety reviews. 

This role offers a unique opportunity for experienced cyber security professionals to leverage their skills to deliver high-quality, impactful solutions and foster enduring client relationships. 

What we are looking for in you: 

Technical Expertise: 

• Successfully apply cyber security engineering patterns to constrained operating environments, including industrial control systems (ICS), distributed control systems (DCS), and their integration with enterprise systems. 

• Design and implement security controls specific to industrial environments (e.g., manufacturing, energy (DER), water, and/or transportation). 

• Provide expert consulting services for IT/OT convergence challenges and solutions. 

Project Leadership & Execution: 

• Lead engagements and workshops with suppliers and operators to facilitate IEC 62443 Initial Risk Assessments and prepare security cases for regulatory submission. 

• Deliver projects that result in high-fidelity, fact-based technical reports and impactful, executive-level presentations. 

• Perform comprehensive gap analyses against industrial and critical infrastructure standards and frameworks. 

Analytical Abilities: 

• Understand and interpret Data Flow Diagrams (DFDs), Functional Design Specifications (FDS), Bills of Materials (BOM/SBOM), High/Low-Level Design (HLD/LLD), and network architecture diagrams. 

• Combine threat modeling methodologies like MITRE with frameworks such as IEC 62443. 

• Operational & Communication Skills: 

• Excellent communication, consulting, and presentation skills, with exceptional written reporting abilities. 

• Possess practical experience as a controls systems engineer or in industrial engineering, with a strong prioritization of the safety of people, equipment, and the environment. 

• Willingness to travel to client industrial sites as necessary and support international teams remotely. 

Desired Skills and Qualifications: 

• Relevant Certifications: Industry-recognized certifications such as CISSP, CISM, CRISC, CISA, or a recognized OT qualification like GIAC GICSP. 

• Industry Experience: Have delivered OT projects within a critical infrastructure client environment. 

• Consulting Proficiency: Demonstrate proficiency in working collaboratively with customers in high-value, fast-paced engagements. 

• Operational Background: Possess work experience in an operational environment, with a background in Safety. 

Why Join Us?

At NCC Group, your mission is to help create a more secure digital future. You’ll work on high-impact projects, cutting-edge research, and real-world security challenges. We partner with some of the world’s most innovative companies and we want you to be part of that journey.

You’ll join a global team of specialists who thrive on solving complex problems. We invest in your development and well-being, and we’ve built an environment where you can grow, professionally, personally, and technically.

So, ready to join us?

Here's what's in it for you:

We balance high performance with world-class well-being benefits, including:

• ⏰ Flexible working

• 💸 Pension, life assurance, share save scheme

• 👶 Generous parental leave

• 🙋🏾 Community & volunteering programmes

• ⚡ Green car scheme

• 🚴 Cycle to work scheme

• 🧘🏻 Wellness programmes

• 🎓 Learning & development opportunities

• 🧑🏻‍🤝‍🧑🏻 Employee referral bonuses

If this sounds like the right fit, we’d love to hear from you.

• Click apply to submit your CV and cover letter.

• Or email us at [email protected].

Your Application:

We review every application. If your profile matches, we’ll be in touch. If not, don’t be discouraged, we may keep your details for future roles. If you prefer we don’t, just email us to opt out.

Need reasonable adjustments? Let us know at any point during the process.

Note: This role requires pre-employment background checks (BS7858 screening) due to the nature of the work.