Principal Cyber Security OT Consultant

Leading the edge of transformation. You might know us for the great work we do across our wide variety of projects. We are proud to say it is thanks to our people's diversity of thought, expertise and knowledge. When you join us, you will be a part of this genuinely collaborative environment, where everyone's voice is valued and treated equally. We are passionate about what we do, but we do not take ourselves too seriously. Simply put, this is a great place to be. So, when it comes to your life outside of work, ask us about our flexible and remote working policies designed to help you get the most out of life.

We deliver technically questioning and time-critical projects across multiple sectors, including Aerospace, Defence, and Critical National Infrastructure (CNI). Due to continued growth, we have opportunities in our Governance, Risk & Compliance (GRC), Security Architecture, Threat & Vulnerability, and Operational Technology (OT) teams. Our role as a trusted adviser allows us to offer rewarding careers to those looking to enhance their skills and experience in dynamic environments.

We are seeking a knowledgeable, enthusiastic, and conscientious professional with extensive experience in securing Operational Technology (OT) environments (such as energy, utilities, and transportation). As a Principal Consultant, you will bring deep expertise in OT cyber security and the ability to spearhead strategic engagements, building trust with clients and delivering innovative solutions.

Your purpose:

• Lead OT Cybersecurity Programmes: Provide strategic leadership and oversight for multiple complex OT cyber security projects. Ensure that each engagement aligns with the client's business objectives and risk appetite, while delivering solutions that protect mission-critical systems and maximise operational resilience. Act as the engagement lead, managing client relationships and guiding internal teams to deliver high-quality results on time.
• Security Architecture & Innovation: Leverage deep technical expertise to design and govern secure OT system architectures in industrial environments. Apply creative thinking to implement advanced security controls (for example, robust network segmentation and hardened IC/SCADA systems) that safeguard operational integrity. Continuously seek innovative approaches to address complex and non-routine security challenges in OT contexts.
• Governance & Risk Management: Establish robust cyber security governance frameworks tailored to OT environments. Spearhead comprehensive security risk assessments and gap analyses using industry frameworks such as NIST CSF and IEC 62443. Based on these assessments, identify the most cost-effective security controls in line with the client's risk appetite, balancing risk reduction with uptime and safety. Oversee the implementation of these controls to ensure risks are managed and regulatory requirements are met.
• Policy Development & Compliance: Develop and enforce enterprise security policies and procedures that meet corporate and regulatory requirements while reflecting normal practices in OT settings. Ensure all policies and solutions are aligned with relevant standards and regulations - for example, the Network and Information Systems (NIS) Regulations and HSE OG-0086 for critical infrastructures. Provide senior-level guidance to help clients remain compliant with evolving laws and industry standards.
• Client Engagement & Stakeholder Management: Build and maintain strong working relationships with clients, including senior executives and operational stakeholders. Act as a trusted adviser, capable of articulating and pitching cyber security advice in business terms as well as technical terms. Manage stakeholder expectations proactively and ensure high customer satisfaction.
• Project & Team Leadership: Oversee multiple project teams and mentor junior consultants and engineers to foster their development. Coordinate multi-disciplinary efforts in a matrix organisation, ensuring projects are delivered on schedule and within scope. Provide clear direction and support to team members and intervene decisively to resolve any issues or escalations. You are responsible for the overall quality of our OT cyber security services on your projects.
• Thought Leadership & Business Growth: Serve as a thought leader in OT cyber security both within AtkinsRéalis and in the wider industry. Stay abreast of emerging OT threats, technologies, and best practices, and share these insights with colleagues and clients. Contribute to business development by developing new service offerings and supporting bids/proposals for OT security work. Represent AtkinsRéalis at industry events or in publications to advance our brand and thought leadership in OT cyber security.

What you can bring:

• Extensive OT Cyber Security Experience: Proven experience delivering technical cyber security consultancy in OT environments (e.g. energy, utilities, transportation). This includes a deep understanding of the unique risks in OT systems versus IT systems. You should have a strong track record implementing security in industrial control system contexts and securing critical national infrastructure.
• Leadership & Delivery: Demonstrable ability to spearhead teams and manage complex security engagements on live industrial sites. Experience conducting engagements on operational plants - including performing risk assessments and deploying appropriate security controls - is required. You can coordinate multiple projects concurrently, delivering results that meet client priorities and deadlines.
• Exceptional Communication Skills: Excellent verbal and written communication skills. You listen actively to client needs and can explain complex cyber security concepts in clear, non-technical language. Able to confidently present to both engineers and C-suite stakeholders, adjusting your approach to suit the audience.
• Project Management & Stakeholder Engagement: Outstanding organisational skills with the ability to juggle multiple tasks and projects at once. Delivers high-quality work under pressure, consistently meeting tight deadlines. Capable of balancing business and client priorities while effectively managing stakeholder expectations.
• Teamwork & Collaboration: A proven team player who can also take initiative and spearhead. Able to work effectively both independently and within multidisciplinary teams in a complex, matrix organisation. You foster collaboration and can influence without direct authority when working across different teams or departments.
• Technical Mastery in OT: In-depth knowledge of the OT system lifecycle - how OT systems are specified, procured, designed, deployed, and operated - and how to embed cyber security best practices into each stage. Hands-on experience with security technologies commonly used in industrial control systems and SCADA environments is expected.
• Standards & Regulatory Knowledge: Strong familiarity with OT security standards and frameworks such as IEC 62443 and NIST CSF, and with relevant regulations like the NIS Regulations and HSE OG-0086. Ability to apply these frameworks in practice and guide organisations through compliance and accreditation processes.
• Security Clearance & Travel: Ability to obtain the necessary UK security clearance for working on sensitive projects (this will be discussed and processed as needed). Willingness to travel throughout the UK to client sites, with flexibility for short-term travel as required.
• Certifications & Professional Memberships: Possession of industry certifications with a focus on OT security is highly desirable. Examples include GIAC Global Industrial Cyber Security Professional (GICSP) or ISA/IEC 62443 certifications for OT, and more general certifications like CISSP or CISM. Chartered or full membership of relevant professional bodies (e.g. IISP, BCS, IET) is also advantageous.
• Thought Leadership & Industry Involvement: Active involvement in the cyber security community - such as publishing articles, speaking at conferences, or contributing to standards - will be seen as a plus. This demonstrates a commitment to the field beyond day-to-day project work and aligns with the thought leadership aspect of the role. A self-driven attitude with a keen interest in emerging technologies and security innovations.
• Specialist Expertise: Deep expertise in at least one relevant sub-domain of cyber or information security (for example, security architecture design, incident response, cyber risk management, security training, or policy development) is a bonus. This could be demonstrated by significant project experience or thought leadership in that area.

Why AtkinsRéalis? Looking for a place where you can engineer a better future? AtkinsRéalis is for you. Here, our digital-enabled approach transforms outcomes for people and the environment. You will have a myriad of projects to choose from and endless possibilities for career growth. More responsibility, acclaimed training programmes and flexible working are part of our inclusive culture of prioritising diversity, health, and happiness. Within ADS&T, we have signed the "Women in Defence" and "Women in Aviation and Aerospace" charters. These pledges include providing opportunities for women to succeed at all levels. We are also committed to being a Military friendly employer and have been recognised with the Ministry of Defence's Gold Employer Recognition Award.

Security clearance: This role may require security clearance and offers of employment will be dependent on obtaining the relevant level of clearance. If this is necessary, it will be discussed with you at interview. The vetting process is delivered by United Kingdom Security Vetting (UKSV) and may require candidates to provide proof of residency in the UK of 5 years or longer. We are committed to promoting a diverse and inclusive community - a place where we can all be ourselves, thrive and develop. To help embed inclusion for all, from day one, we offer a range of family friendly, inclusive employment policies, flexible working arrangements and employee networks to support staff from different backgrounds. As an Equal Opportunities Employer, we value applications from all backgrounds, cultures and abilities.