OT Cyber Security Consultant

  • Home Based with travel to the office in Stone Staffordshire and UK wide customer sites
  • Job reference: SS-2024-04

With a focus on operational technology and digital transformation, Capula, part of the EDF Group, has been a leader in advanced system integration for decades; optimising efficiency & delivering performance on a massive scale. But with continuous innovation at the heart of our business, we’ve always got our sights set on the future. We work in some of the most highly regulated and challenging industrial environments, and have delivered critical projects across energy, water, renewables and manufacturing.

Summary of Role:

Due to an increased workload, Capula requires a highly skilled and experienced Operational Technology (OT) Cyber Security Consultant to fill a crucial role within our dynamic and growing team. This role is designed for an individual ready to be at the forefront of delivering cutting-edge OT cyber security solutions across a range of sectors, with a focus on industrial automation and control systems (IACS). The ideal candidate will bring to the table not only deep technical expertise in areas such as NIS Regulations, Cyber Security Management Systems (CSMS), OT Operating Models, OT Cyber Governance, and OT Security Architecture but also a suite of soft skills that facilitate effective communication, client relations, leadership, and project management. This position is key in bridging the gap between our clients' strategic objectives and Capula's efforts to meet those goals, requiring a blend of robust technical knowledge, strong communication abilities, and an in-depth understanding of Operational Technology and Industrial Control Systems as deployed in Critical National Infrastructure. The successful candidate will be adaptable, quick to learn, and ready to hit the ground running on live and upcoming projects, ensuring the delivery of comprehensive security strategies that align perfectly with our clients' business objectives.

Main Activities

  • Architect, deploy, and oversee Cyber Security Management Systems (CSMS) aligned with the ISA 62443-2-1 standard customised for client-specific industrial automation and control system requirements.
  • Navigate clients through compliance with regulatory standards such as the NIS Regulations, ensuring all activities adhere to relevant laws, regulations, and industry guidelines.
  • Perform comprehensive security assessments, including health checks and gap analysis against standards like the Cyber Assessment Framework (CAF) and NIST CSF 2.0, to gauge and enhance clients' security posture.
  • Develop and implement OT Security Policies, Procedures, Guidelines, and Work Instructions as part of a CSMS, ensuring robust governance and operational security.
  • Facilitate and participate in risk assessments in line with ISA-62443-3-2 standards, focusing on identifying and mitigating security risks in system design.
  • Support or lead in the creation and refinement of OT Security Charters and OT Security Target Operating Models, supporting clients in establishing a clear security mandate and governance framework for strategic security transformation.
  • Serve as the Subject Matter Expert (SME) for regulatory compliance, liaising with UK competent authorities such as OFGEM (gas and electricity), OFWAT (water), HSE (oil and gas operations), ONR (nuclear), and ORR (Office of Rail and Road) for rail, ensuring adherence to cyber security and operational technology standards within the water, gas, oil, nuclear, energy, and rail sectors.
  • Support clients in transitioning to or implementing frameworks like ISA-62443-3-3 and the NIST Cybersecurity Framework (CSF) 2.0, ensuring governance practices are in place and standards like NIST SP 800-82 are met.
  • Tackle complex security challenges within Industrial Control Systems (ICS) and critical national infrastructure, providing bespoke solutions to mitigate risks.
  • Design and evaluate operational technology security architectures, leveraging industry-standard methodologies such as the Purdue Enterprise Reference Architecture (PERA) and ISA 95 to ensure alignment with best practices.
  • Assist with the strategic planning, execution, and management of consulting projects, maintaining alignment with project goals, timelines, budgets, and ensuring proactive management of any deviations.
  • Act as the primary liaison with clients, fostering strong relationships, understanding their unique challenges, and aligning our solutions with their strategic aims.
  • Guarantee the high quality of deliverables, adhering to both the firm’s standards and client expectations through meticulous quality control and document management.
  • Encourage knowledge sharing and the adoption of innovative technologies and practices within the team and across the organisation, to address evolving challenges in OT, ICS, and IIoT cybersecurity.
  • Identify and pursue new business opportunities with existing clients by understanding their changing needs and demonstrating how our services can provide additional value.
  • Willingness to travel to client sites across the UK and Ireland as project needs dictate.

Essential Technical/Knowledge Skills:

  • Recognised OT Security Certifications: Possession of at least one OT security industry certification with a strong preference for ISA/IEC 62443 Cybersecurity Expert. Other accepted certifications include but are not limited to: ISA/IEC 62443 Cybersecurity Risk Assessment Specialist, ISA/IEC 62443 Cybersecurity Design Specialist, ISA/IEC 62443 Cybersecurity Maintenance Specialist, SANS Global Industrial Cyber Security Professional (GICSP), and Certified SCADA Security Architect (CSSA). (Role holders without certification need to have significant experience with Operational Technology Cyber Security (5+ years) and the ISA 62443 standard, that would equate to a similar level of knowledge).
  • ICS Expertise: At least 2 years minimum direct experience with critical infrastructure and ICS, including familiarity with SCADA HCI systems, PLCs, RTUs, etc., demonstrating a nuanced understanding of the complex security landscapes of ICS and critical infrastructure.
  • CSMS Proficiency: Demonstrated skill in the design, implementation, or oversight of Cyber Security Management Systems aligning with ISA 62443-2-1 standards.
  • ISA/IEC 62443: Clear experience of implementing the ISA/IEC 62443 suite of standards, especially ISA-62443-2-1 and ANSI/ISA-62443-3-3
  • Regulatory Compliance: Advanced knowledge in guiding clients through the maze of regulatory standards, such as the NIS Regulations, with a solid foundation knowledge in relevant legal, regulatory, and industry considerations.
  • Security Evaluation Experience: Experience in conducting detailed security assessments, audits, and gap analyses against standards, frameworks and guidance such as HSE OG-86, NIST SP 800-82, CAF, and/or NIST CSF 2.0, to evaluate and enhance clients' security posture.
  • Policy Development Skill: Ability in crafting comprehensive OT Security Policies, Procedures, Guidelines, and Work Instructions within a CSMS framework.
  • Risk Assessment Capability: Experience in conducting or assisting with OT security risk assessments, with a preference for adherence to the ANSI/ISA-62443-3-2 standard. Other relevant risk frameworks such as
  • ISA 62443 Standards Application: Demonstrated application of the ISA 62443 standards suite in relevant sectors.
  • Communication Protocol Familiarity: Knowledge of ICS communication protocols, such as MODBUS, OPC, DNP3, etc.

Essential Consulting / Soft Skills:

  • Exceptional Communication: Mastery in conveying complex concepts with clarity and persuasion across diverse stakeholder groups, utilising both written and verbal methods.
  • Creative Problem-Solving: A proven track record in innovative thinking and the successful application of solutions to overcome challenges.
  • Adaptability: An innate ability to seamlessly adapt to new situations, evolving conditions, and unforeseen challenges with agility.
  • Emotional Intelligence: A profound capacity for self-awareness and empathy, coupled with the skill to manage personal emotions and those of others effectively.
  • Client-Centric Approach: A deep-rooted commitment to grasping and prioritising client needs, underscored by a talent for fostering trust and cultivating robust client relationships.
  • Team Collaboration: Demonstrable effectiveness in teamwork, underpinned by a readiness to exchange knowledge and offer support to peers.
  • Inspirational Leadership: The capacity to energise, direct, and propel team members toward the fulfilment of project and organisational objectives.
  • Efficient Multitasking: Competency in handling numerous tasks and projects concurrently, with a strategic approach to prioritisation and deadline management.
  • Client and Stakeholder Engagement: Proven excellence in client and stakeholder engagement, aligning consulting strategies with business objectives and fostering meaningful relationships.
  • Customer Service Dedication: A commitment to exceptional customer service, driven by an in-depth understanding of clients' unique challenges and goals.
  • Travel Willingness: Availability for travel to client sites across the UK and Ireland
  • SC Clearance Eligibility: Ability and willingness to obtain and maintain Security Check (SC) clearance.

Desirable Requirements:

  • Graduate: Undergraduate degree in an engineering related discipline or a computer science discipline from an accredited college or university and 2+ years of progressive, relevant experience in OT Security
  • Project Management: Project management skills, especially using agile, evidenced by a successful track record in leading complex consulting engagements from inception to delivery within stipulated timelines and budgets.
  • Leadership and Team: Managing project teams, assigning roles and responsibilities, promoting a culture of collaboration, learning, and innovation, and ensuring resources are available for project success.
  • Mentoring and Coaching Others: Leadership capabilities for assigning project roles, fostering teamwork and learning, providing necessary resources, and mentoring junior team members.
  • Security Architecture: Ability to design or evaluate OT security architectures across various industries, aligning with standards like the Purdue Enterprise Reference Architecture (PERA).
  • Business Development and Sales: Business development acumen for identifying new opportunities with existing clients and expanding the firm’s value proposition.
  • Target Operating Models: Skills in designing or supporting the creation of OT Security Charters and OT Security Target Operating Models to facilitate strategic security governance and change.

Why Join Us?

Capula offers a dynamic and supportive environment where you can grow both professionally and personally. We value diversity, creativity, and the continuous exchange of ideas. Our team members enjoy competitive benefits, opportunities for professional development, and the chance to work on transformative projects. In return Capula offers the following benefits to permanent employees

  • 25 days holiday plus bank holidays
  • Flexible working
  • Pension
  • Life assurance policy
  • Private health care
  • Lifestyle screening
  • Salary sacrifice programme
  • Mental health assistance programme
  • Cycle to work scheme.
  • Green car scheme
  • Support in achieving professional engineer status (IEng, CEng) and professional memberships fees covered.

OT Cyber Security Consultant

  • Home Based with travel to the office in Stone Staffordshire and UK wide customer sites
  • Job reference: SS-2024-04
  • Something wrong! Please double check your input.

*: Required fields


Capula is looking for extraordinary people to join our industry leading team as we continue to define the future of Engineering.

Available Roles

See all vacancies

Not found the right job for you?

Capula is always on the lookout for extraordinary people to join our industry leading team.

If you think you are the right fit but haven't seen a vacancy that suits you why not drop our team a line and we can have a chat.

Contact us