Director, Cybersecurity, Engineering, OT, TC, UKI in London

Lead and manage large OT Security engagements, overseeing day-to-day delivery across industrial environments including manufacturing, energy, utilities, and critical infrastructure. Ensure delivery meets quality, time and budget expectations while navigating complex OT operational constraints. Apply deep technical and sector knowledge across OT, ICS, and IIoT environments to shape and deliver client programmes. Leverage expertise in IEC 62443, NIST CSF for OT, and the Purdue Model to conduct maturity assessments, design secure architectures, and lead OT cyber-risk reduction initiatives.

Identify, shape, and originate new OT security opportunities, using established industry relationships across engineering, operations, and cyber functions. Position the firm with senior OT decision-makers, including engineering directors, CISOs, and asset owners, demonstrating a strong understanding of safety, reliability, and availability priorities. Partner with senior practice and market leaders to pursue high-value OT-security-focused opportunities.

Develop differentiated proposals, point-of-view materials, and transformation roadmaps aligned to industrial cybersecurity trends such as OT-IT convergence, zero-trust for OT, asset visibility, and secure remote access. Provide visible leadership into a globally established high-performing OT security team, sharing deep domain expertise in ICS/SCADA, industrial protocols, and secure OT architecture patterns. Mentor consultants to develop both technical skills and commercial acumen, fostering a culture of continuous learning and cross-disciplinary collaboration.

Develop impactful OT cybersecurity thought leadership, articulating market-relevant insights on IEC 62443 adoption, secure operations, industrial threat landscapes, and practical transformation strategies. Support the creation of frameworks and tools that differentiate the firm’s OT security offering. Build and maintain strategic relationships with senior client leaders, including operations executives, heads of engineering, CTOs, and CISOs. Use these relationships to identify transformation opportunities, influence senior stakeholders, and steer delivery outcomes across complex industrial ecosystems.

Exceptional communicator, able to clearly explain complex OT security concepts, risks, and architectures to both technical engineering teams and senior business stakeholders. Skilled at translating OT cyber risks into operational, safety, and financial impact. Strategic thinker with deep OT cybersecurity expertise, capable of diagnosing complex industrial cyber challenges and shaping robust, standards-aligned solutions (e.g., IEC 62443 reference models, Purdue Model segmentation strategies, OT Zero Trust). Able to secure executive buy-in by aligning cyber outcomes with operational priorities such as uptime, safety, and regulatory compliance.

Proven people leader, experienced in developing skilled OT cybersecurity teams through coaching, mentoring, and modelling inclusive, collaborative leadership behaviours. Strong commercial acumen, consistently delivering high-quality outcomes, managing programme risks, and ensuring operational excellence across large-scale industrial cybersecurity engagements. Experienced programme and engagement leader, adept at structuring and managing multi-site OT security transformations, including asset discovery, segmentation, architecture redesign, and secure remote access implementation.

Skilled at navigating the unique constraints of OT systems including legacy technologies and safety-critical environments. Pragmatic, client-centric approach, able to navigate ambiguity across industrial operations, anticipate issues related to safety and continuity, and guide clients confidently through complex decision-making regarding OT system modernisation and cyber-risk reduction. Strong market access and trusted relationships, leveraging established networks in OT-heavy sectors (e.g., energy, utilities, manufacturing, transport) to influence market conversations, originate new opportunities, and position the firm as a leader in industrial cybersecurity.

Proven experience defining and delivering OT-centric cybersecurity strategies across industrial environments (ICS, SCADA, IIoT), with the ability to clearly articulate the operational and commercial value of OT security to senior stakeholders across engineering and enterprise leadership. A strong track record developing OT cybersecurity investment and transformation cases, including business justification, cost-benefit analysis, and prioritisation of remediation activities across multi-site industrial estates.

Capable of aligning OT security investment with organisational goals such as regulatory compliance, contractual obligations and digital transformation. Hands-on experience designing and implementing OT security target operating models, covering governance, incident response, asset lifecycle management, engineering processes, and roles/responsibilities across IT-OT converged environments. Experienced in embedding secure-by-design principles aligned to IEC 62443, NIST 800-82, and recognised OT security best practice.

Robust understanding of OT-relevant cybersecurity regulations and frameworks, including IEC 62443, NIST 800-82, NIS/NIS2, sector-specific regulatory requirements, and the Purdue Model for segmentation.

Relevant security and OT-security-specific qualifications, such as CISSP, CIISEC, GICSP, or ISA/IEC 62443 certifications. Experience operating within or alongside NCSC-Assured Cyber Consultancies or equivalent industrial cybersecurity practices, including delivering OT threat assessments, architecture reviews, red-team exercises, or resilience programmes in regulated sectors. Sector experience across OT-heavy industries, such as Energy & Utilities, Oil & Gas, Manufacturing, Transport, Chemicals, Pharmaceuticals, or Critical National Infrastructure - with a strong understanding of engineering processes, operational constraints, and safety-critical environments.

Professional services experience delivering large-scale OT cybersecurity transformations, working with multi-disciplinary teams of engineers, cyber specialists, and operational leaders in market-leading organisations.

The successful candidate must undergo and pass checks in line with SC (Security Check) clearance standards after joining EY. These checks may include, but are not limited to, verification of identity, right to work in the UK, employment history, proof of address may be required and unspent criminal convictions. Candidates must be a UK national or have been a resident in the UK for a minimum of five years and ensure that they have not spent more than six months outside the UK.

At EY, you’ll have the chance to build a meaningful and fulfilling career, supported by an inclusive culture and cutting-edge technology. Together, we can create a better working world for all.