Principal OT Cybersecurity Consultant Assurance and Compliance

Mission

The Principal Cybersecurity Consultant Assurance and Compliance is responsible for ensuring the security, compliance, and long‑term resilience of complex IT and Operational Technology (OT) environments, with a strong focus on industrial automation, critical infrastructures, and transportation systems.
The role provides expert guidance on cybersecurity governance, risk management, and technical assurance, supporting organizations in designing, assessing, and continuously improving integrated cybersecurity frameworks aligned with international regulations and standards (e.g. CRA, NIS2, IEC 62443, ISO 27001, EN 50701, NIST).
Acting as a trusted advisor to senior stakeholders, clients, and regulators, the role drives informed decision‑making on cybersecurity risks, ensures robust protection of safety‑critical and mission‑critical systems, and promotes cybersecurity‑by‑design principles throughout the entire system lifecycle.

Key Accountabilities

'Cybersecurity Governance, Risk Management & Compliance
-Define, implement, and continuously evolve integrated cybersecurity governance and risk management frameworks for complex IT and OT environments.
-Lead comprehensive cybersecurity risk assessments, identifying threats, vulnerabilities, and systemic weaknesses across industrial automation plants, subsystems, and onboard/transportation systems.
-Define mitigation strategies that balance cybersecurity, safety, operational continuity, and regulatory compliance.
-Ensure continuous alignment with applicable international regulations and standards, including CRA, NIS2, IEC 62443, ISO 27001, EN 50701, and NIST frameworks.
Technical Assurance & Security Evaluation
-Lead and oversee advanced technical assurance activities for complex and safety‑critical IT/OT systems.
-Supervise and validate configuration reviews, vulnerability assessments, and security evaluations in mixed IT/OT environments.
-Assess system conformance against international assurance and security standards (e.g. ISO 27001, ISO/IEC 15408, NIST SP 800 series).
-Prepare and approve high‑quality technical documentation, including security assessment reports, evaluation evidence, test descriptions, and test procedures, ensuring accuracy and defensibility of conclusions.
-Provide authoritative recommendations to improve system security posture and resilience.
Operational Technology & Critical Infrastructure Security
-Act as subject matter expert for cybersecurity of industrial and critical infrastructure systems, including SCADA, PLCs, industrial control systems, industrial networks, and transportation/onboard platforms.
-Design, assess, and validate OT network architectures based on the Purdue Model and Zone & Conduit concepts.
-Support the implementation of network segmentation, system hardening, monitoring, and defense‑in‑depth measures in line with IEC 62443 and EN 50701 principles.
-Promote and apply cybersecurity‑by‑design and secure‑by‑default approaches throughout the entire system lifecycle, ensuring long‑term reliability and compliance of safety‑critical systems.
Audit, Certification & Regulatory Interaction
-Plan, lead, and validate internal and external cybersecurity audits to assess compliance readiness for certifications such as ISO 27001, IEC 62443, EN 50701, and CMMC.
-Act as senior technical interface with certification bodies, auditors, and regulatory authorities.
-Support organizations in certification processes and in maintaining continuous improvement of cybersecurity management systems over time.
Stakeholder Engagement, Advisory & Capability Development
-Act as a trusted cybersecurity advisor for customers and internal stakeholders on complex or high‑risk cybersecurity topics.
-Collaborate with multidisciplinary teams to embed cybersecurity, governance, and compliance requirements into engineering, operational, and business processes.
-Provide technical leadership, mentoring, and guidance to cybersecurity consultants and specialists.
-Deliver advanced training sessions, awareness initiatives, and technical workshops covering IT, OT, governance, and compliance best practices.

Education

Qualifications

'- 12–15+ years of experience in cybersecurity assurance, risk management, and compliance across IT and OT environments.
- Strong hands‑on background in industrial and OT systems at plant and subsystem level.
- Proven experience leading complex risk assessments, audits, and assurance activities for critical infrastructures.
-Deep understanding of international cybersecurity standards, regulations, and frameworks, including: CRA, NIS2, ISO/IEC 27001, IEC 62443, EN 50701 e NIST standards and guidelines
-Strong understanding of industrial networking principles, Purdue Model, Zone & Conduit architecture.
-Familiarity with operating system security (Windows, Linux).
-Excellent analytical, decision‑making, and communication skills.

Competencies