Principal Consultant

Position Title: Principal Consultant - OT

Location: Manchester

Please note: Applications will close on Sunday, 4 January 2026. Our review process will commence on Friday, 2 January 2026. We appreciate your interest and look forward to connecting with you soon. Wishing you an enjoyable festive season.

As a Principal OT Consultant in NCC Group's Global OT Consulting and Implementation (C&I) division, you\'ll be at the forefront of protecting critical infrastructure. Your role is pivotal in providing advanced Cyber Security Assurance and Engineering to suppliers, owners, and operators, helping them safeguard essential processes and equipment.

You will lead project teams, build and maintain trusted client relationships, and spearhead assessments. You\'ll translate complex technical findings into clear, actionable roadmaps and ensure adherence to internal policies. Moreover, you\'ll play a key role in supporting sales activities and mentoring junior consultants, contributing to our collective growth. You will also work closely with the OT Practice Director to expand our global engineering capabilities, which includes remote and on-site work in industrial environments like manufacturing, energy generation, oil & gas, and transportation systems.

NCC Group specializes in offering comprehensive, engineering-focused cyber assurance services. Our goal is to assist organizations in understanding their operating environment and technology risks, then implementing robust safeguards.

Our services encompass a wide range of disciplines, including:

• Strategic & Architectural Services: Roadmaps, Architecture design and review, IT/OT convergence assessments, and digital transformation programs.
• Risk & Assessment: Threat modeling, risk assessments, gap analyses against standards like IEC 62443, and pre/post-merger & acquisition due diligence.
• Operational Security: Testing on equipment and production facilities, developing processes and guidelines for reliable and safe operations, security awareness training, and incident response planning.
• Advanced Capabilities: Managed services, DFIR (Digital Forensics and Incident Response), Penetration Testing, and Safety reviews.

This role offers a unique opportunity for experienced cyber security professionals to leverage their skills to deliver high-quality, impactful solutions and foster enduring client relationships.

Technical Expertise:

• Successfully apply cyber security engineering patterns to constrained operating environments, including industrial control systems (ICS), distributed control systems (DCS), and their integration with enterprise systems.
• Design and implement security controls specific to industrial environments (e.g., manufacturing, energy (DER), water, and/or transportation).
• Provide expert consulting services for IT/OT convergence challenges and solutions.

Project Leadership & Execution:

• Lead engagements and workshops with suppliers and operators to facilitate IEC 62443 Initial Risk Assessments and prepare security cases for regulatory submission.
• Deliver projects that result in high-fidelity, fact-based technical reports and impactful, executive-level presentations.
• Perform comprehensive gap analyses against industrial and critical infrastructure standards and frameworks.

Analytical Abilities:

• Understand and interpret Data Flow Diagrams (DFDs), Functional Design Specifications (FDS), Bills of Materials (BOM/SBOM), High/Low-Level Design (HLD/LLD), and network architecture diagrams.
• Combine threat modeling methodologies like MITRE with frameworks such as IEC 62443.

Operational & Communication Skills:

• Excellent communication, consulting, and presentation skills, with exceptional written reporting abilities.
• Possess practical experience as a controls systems engineer or in industrial engineering, with a strong prioritization of the safety of people, equipment, and the environment.
• Willingness to travel to client industrial sites as necessary and support international teams remotely.

• Relevant Certifications: Industry-recognized certifications such as CISSP, CISM, CRISC, CISA, or a recognized OT qualification like GIAC GICSP.
• Industry Experience: Have delivered OT projects within a critical infrastructure client environment.
• Consulting Proficiency: Demonstrate proficiency in working collaboratively with customers in high-value, fast-paced engagements.
• Operational Background: Possess work experience in an operational environment, with a background in Safety.

• Focusing on Clients and Customers.
• Working as One NCC.
• Always Learning.
• Being Inclusive and Respectful.
• Delivery Brilliantly.
• Enabling Performance.

At NCC Group, your mission is to help create a more secure digital future. You’ll work on high-impact projects, cutting-edge research, and real-world security challenges. We partner with some of the world’s most innovative companies and we want you to be part of that journey.

You’ll join a global team of specialists who thrive on solving complex problems. We invest in your development and well-being, and we’ve built an environment where you can grow, professionally, personally, and technically.

So, ready to join us?

We balance high performance with world-class well-being benefits, including:

• ⏰ Flexible working
• Pension, life assurance, share save scheme
• Generous parental leave
• Community & volunteering programmes
• ⚡ Green car scheme
• Cycle to work scheme
• Wellness programmes
• Learning & development opportunities
• Employee referral bonuses

If this sounds like the right fit, we’d love to hear from you.

• Click apply to submit your CV and cover letter.

• Or email us at global.ta@nccgroup.com.

Your Application:

We review every application. If your profile matches, we’ll be in touch. If not, don’t be discouraged, we may keep your details for future roles. If you prefer we don’t, just email us to opt out.

Need reasonable adjustments? Let us know at any point during the process.

Note: This role requires pre-employment background checks (BS7858 screening) due to the nature of the work.