CNI Cyber Security Consultant in Cheltenham

Managing Consultant, Critical National Infrastructure

Location: Hybrid with regular travel to client and operational sites across the UK, sometimes at short notice.

Role Purpose

Operators of essential services face a rapidly evolving threat landscape, especially as IT and OT environments continue to converge and regulatory expectations rise. NCC Group’s Consulting & Implementation practice helps organisations strengthen cyber resilience by assessing risk, improving controls, implementing secure architectures, and preparing for regulatory oversight. Our OT capability covers ICS, SCADA, and industrial networks, with services including threat modelling, attack-surface mapping, embedded and firmware review, and security architecture design.

Key Responsibilities

As a CNI Managing Consultant, you will help organisations navigate frameworks such as the Cyber Assessment Framework (CAF), NIS and NIS2, translating them into proportionate, actionable improvement plans. Your work directly strengthens the resilience of the UK’s critical sectors, which continue to face enduring and significant threat activity. You will lead client engagements across the full consulting lifecycle from discovery and assessment through roadmap and implementation. The role includes shaping and delivering work in OT and CNI environments, preparing clients for regulator inspections, and providing clear recommendations that support safety, availability, and operational uptime. Over the next 12–24 months, you will deliver measurable improvements in client resilience, maturity, and regulatory readiness. You may also integrate NCC Group’s wider capabilities, such as our Microsoft-verified MXDR service for continuous monitoring and response.

Skills, Knowledge and Expertise

You will succeed in this role if you:

• Apply structured, evidence-led assessment methods to identify risks and provide proportionate, achievable improvements
• Communicate clearly with engineering, operations, IT and leadership stakeholders, ensuring complex issues are presented in a way that informs decisions
• Lead delivery teams, ensure high-quality outputs, and maintain strong relationships built on trust and clarity
• Navigate OT environments confidently, bringing practical understanding of ICS, SCADA, industrial networks, and the operational realities around safety and uptime
• Work effectively with regulatory frameworks such as NIS, NIS2, and the NCSC CAF.
• Understand how to prepare organisations for regulatory oversight, including evidence-packs and roadmap development
• Draw on wider capability where useful, including incident readiness and IT/OT convergence retainers delivered jointly with Dragos
• Hold SC clearance (or above).

When it comes to qualifications and certifications, these are helpful but not mandatory: GICSP, ISA/IEC 62443 certificates, CISSP, CISM, CSSA.

Benefits

What do we offer in return?

• Flexible Working: Balance your work and personal life with our flexible working options.
• Enhanced Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
• Medicash & Critical Illness Scheme
• Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
• Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
• Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
• Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
• Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
• Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.