OT Cybersecurity Technical Lead - Rail Sector

Social network you want to login/join with:

col-narrow-left

Expleo

London, United Kingdom

Other

-

Yes

col-narrow-right

17

12.08.2025

26.09.2025

col-wide

Responsibilities

• Act as the cybersecurity technical lead within a key UK rail sector client engagement, focusing on protecting operational technology (OT) and safety-critical systems.
• Provide hands-on technical leadership to guide the secure delivery of client-specific systems and solutions, ensuring alignment with project requirements, sector standards, and regulatory obligations.
• Collaborate with client engineering and programme teams to integrate cybersecurity into system design, deployment, and ongoing operations.
• Define cybersecurity requirements within the client’s environment, including rail-specific systems, legacy OT, and modern industrial platforms.
• Support developing and delivering security risk assessments, threat models, and control frameworks following the relevant standards.
• Contribute to the production and review of assurance artefacts, including security cases, risk registers, control implementation evidence, and compliance documentation.
• Provide expertise on OT protocols, SCADA systems, field devices, and network architecture relevant to the client’s operational landscape.
• Engage regularly with client stakeholders, suppliers, and technical teams to ensure effective collaboration and secure outcomes across the delivery lifecycle.
• Mentor and support other team members embedded within the client account, ensuring technical consistency and alignment to Expleo’s delivery standards.
• Participate in knowledge sharing and capability development activities within the Cybersecurity Practice, contributing insights from the client engagement.

Qualifications

• A degree (or equivalent experience) in Cybersecurity, Systems Engineering, Electrical/Electronic Engineering, or a related technical discipline.
• Recognised cybersecurity certifications: CISSP, CISM, CISA, GICSP, SABSA, or equivalent.
• Technical certifications or training aligned to OT security: IEC 62443, GIAC GRID/GICSP, SCADA/ICS security, or vendor-specific OT platforms.
• Familiarity with rail sector security and safety standards is highly desirable.
• Understanding of relevant UK regulatory frameworks, including NIS/NIS2 Regulations and UK CNI expectations.
• Additional certifications or practical experience in Secure by Design, systems assurance, or control systems architecture are advantageous.
• Evidence of continued professional development aligned with OT security trends, critical infrastructure resilience, and systems assurance practices.

Essential skills

• In-depth understanding of operational technology (OT) environments, including SCADA systems, field devices, industrial protocols, and control network architectures.
• Firm grounding in cybersecurity principles for critical infrastructure, including threat modelling, risk analysis, defence-in-depth, and zero-trust architectures.
• Demonstrated ability to define, implement, and assure security controls across complex OT/IT systems within large engineering or infrastructure programmes.
• Experience integrating cybersecurity into engineering lifecycles, including Secure by Design practices, requirements definition, and traceability to technical controls.
• Practical understanding of cybersecurity and safety standards.
• Strong communication and stakeholder engagement skills, with the ability to liaise confidently across engineering, programme delivery, assurance, and regulatory audiences.
• Ability to produce high-quality documentation, including risk assessments, technical guidance, assurance artefacts, and audit-ready deliverables.
• Familiarity with UK cybersecurity regulations and sector guidance, including the NIS Regulations, CNI expectations, and industry-specific frameworks.
• Capable of leading technical discussions and delivery planning across client, supplier, and internal teams.
• Adaptable and delivery-focused, with the ability to balance long-term assurance needs with in-flight project delivery realities.

Desired skills

• Knowledge of safety-critical system design and the interaction between safety and cybersecurity requirements.
• Familiarity with tools and platforms used for engineering governance and requirement traceability.
• Involvement in cybersecurity audits or regulatory reviews, including evidence preparation, control mapping, and client/regulator interaction.
• Understanding supply chain security considerations, including software and hardware assurance, secure procurement, and third-party risk management.
• Exposure to incident response planning, resilience testing, or crisis management in OT environments.
• Ability to support or guide the creation of cybersecurity architecture documentation, reference models, or patterns for OT systems.

Experience

• Experience in cybersecurity roles, focused on operational technology (OT), control systems, or industrial environments.
• Proven track record in delivering cybersecurity outcomes within complex infrastructure or engineering programmes, in the UK rail sector or other safety-critical transport domains.
• Demonstrated experience leading or coordinating cybersecurity efforts across multidisciplinary teams involving engineering, IT, operations, and assurance.
• Hands-on experience implementing and assuring security controls in OT environments, including legacy systems, SCADA platforms, and hybrid IT/OT networks.
• Familiarity with UK cybersecurity regulations and sector-specific standards such as TS 50701, IEC 62443, and ISO/IEC 27001.
• Experience integrating cybersecurity requirements into systems engineering lifecycles, design reviews, and programme governance frameworks.
• Prior involvement in client or regulator-facing roles, including technical reviews, risk assessments, assurance documentation, and compliance submissions.
• Background in working within secure or regulated delivery environments, including understanding of information classification, access control, and physical security interfaces.
• Experience mentoring or supporting the development of junior cybersecurity engineers or consultants.
• Experience contributing to internal capability development, including mentoring, methodology evolution, or pre-sales support.
• Practical experience working within or alongside regulated Critical National Infrastructure (CNI) sectors.

What do I need before I apply

• You must have the right to work in the UK
• A strong background in cybersecurity delivery within OT environments, ideally in the rail or wider transportation sector
• Proven ability to lead technical cybersecurity workstreams, integrate with engineering teams, and engage confidently with clients and stakeholders
• A collaborative mindset focusing on delivery excellence, quality assurance, and regulatory alignment in complex, safety-critical environments
• Collaborative working environment – we stand shoulder to shoulder with our clients and ourpeers through good times and challenges
• We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects
• ExpleoAcademy - enables you to acquire and develop the right skills by delivering a suite of accredited training courses
• Competitive company benefits
• Always working as one team, our people are not afraid to think big and challenge the status quo
• As a Disability Confident Committed Employer we have committed to:
• Ensure our recruitment process is inclusive and accessible
• Communicating and promoting vacancies
• Offering an interview to disabled people who meet the minimum criteria for the job
• Anticipating and providing reasonable adjustments as required
• Supporting any existing employee who acquires a disability or long term health condition, enabling them to stay in work at least one activity that will make a difference for disabled people

“We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age”.

We treat everyone fairly and equitably across the organisation, including providing any additional support and adjustments needed for everyone to thrive