Management Consultant – Cybersecurity in Operational Technology

Location: Remote UK, United Kingdom

Thales people architect identity management and data protection solutions at the heart of digital security. Business and governments rely on us to bring trust to the billons of digital interactions they have with people. Our technologies and services help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organizations already rely on us to verify the identities of people and things, grant access to digital services, analyze vast quantities of information and encrypt data to make the connected world more secure.

Together we offer fantastic opportunities for committed employees to learn and develop their career with us. At Thales UK, we research, develop, and supply technology and services that impact the lives of millions of people each day to make life better, and keep us safer. We innovate across five major industries; Aerospace, Defence, Ground Transportation, Security and Space. Your health and well-being matters to us and that’s why we offer you the flexibility to do what’s important to you; whether that’s part time hours, job sharing, home working, or the ability to flex your start and finish times. Where possible, we support a working pattern that suits your lifestyle and helps you reach your ambitions.

Title: Management Consultant – Cybersecurity in Operational Technology

Our opportunity

As a Management Consultant specialising in Cybersecurity within Operational Technology, you will provide expert guidance to organisations seeking to enhance the security and efficiency of their operational technology (OT) environments. Your role will involve evaluating current cybersecurity practices, identifying vulnerabilities, and recommending strategic improvements to protect critical infrastructure and ensure seamless operations.

Key Responsibilities and Tasks

Business Development

• Develop product and service roadmaps for Thales’ Operational Technology capability.

• Define the go-to-market strategy for all Operational Technology services across all customer domains.

• Work with the sales team to engage new customers across all market sectors.

• Manage accounts with key customers.

Capability Development across Thales UK and Thales globally

• Manage the global Operational Technology Competency Centre by coordinating skills and competencies across all of the global.

• Thales entities with Operational Technology staff in country.

• Share knowledge across the global resources.

• Manage multi-national programmes utilising in-country resources.

Client Engagement and Strategy Development:

• Serve as the primary advisor to clients on matters related to cybersecurity and operational technology.

• Understand clients’ business objectives, OT environments, and cybersecurity challenges to tailor recommendations effectively.

Governance and Compliance

• Work with customers to define and implement Cyber Security Management Systems within their organisations.

• Assists customers in the routine application and interpretation of OT security legislation, standards, policies and practices.

Risk Assessment and Vulnerability Analysis:

• Perform thorough assessments of clients’ OT systems, identifying security gaps, and vulnerabilities.

• Conduct risk analyses to determine potential impacts on operations and prioritize areas for improvement.

Strategic Recommendations and Solutions:

• Develop actionable strategies and comprehensive plans to enhance the security of OT systems and mitigate identified risks.

• Recommend and design tailored cybersecurity solutions that integrate with existing OT infrastructure.

Implementation Oversight:

• Guide and support the implementation of cybersecurity measures, including technology solutions, policy changes, and procedural enhancements.

• Ensure that new systems and processes are integrated smoothly and effectively into the client's operational environment.

Incident Response and Recovery Planning:

• Assist clients in developing and refining incident response plans and disaster recovery strategies tailored to their OT environment.

• Provide guidance on managing and recovering from cybersecurity incidents to minimize downtime and operational impact.

Training and Capacity Building:

• Deliver training sessions and workshops to client teams on cybersecurity best practices and OT management.

• Enhance client knowledge and readiness through educational initiatives and hands-on support.

Continuous Monitoring and Improvement:

• Stay updated on the latest cybersecurity threats, technological advancements, and industry best practices.

• Recommend continuous improvements and adjustments to clients’ cybersecurity strategies based on emerging trends and evolving threats.

Documentation and Reporting:

• Prepare detailed reports documenting assessments, recommendations, and implementation progress.

• Communicate findings and recommendations clearly to stakeholders, ensuring transparency and understanding.

Skills and Expertise

• A degree or equivalent in related control systems or cyber security.

• ISA/IEC 62443 certification or GIAC GICSP certification.

• 5 years’ experience in an Industrial Control /Operational Technology environment, such as Automated manufacturing facility, Utility provider and Critical National Infrastructure.

• Deep understanding of cybersecurity principles, frameworks, and best practices as they apply to OT environments.

• Strong analytical skills with the ability to evaluate complex technical issues and devise effective solutions.

• Excellent communication and presentation skills, with the capability to convey technical concepts to non-technical stakeholders.

• Demonstrated project management abilities, with experience handling multiple projects and meeting deadlines.

• Understanding of industrial control systems device configuration and possesses the ability to test, diagnose, configure and maintain control systems.

• Articulate how security in the connected world is best implemented at the point where IT meets other industry domains such as manufacturing/CNI.

• An understanding of the threats arising from the exploitation of vulnerabilities in the attack surfaces created across a distributed system and how these can be managed.

• Understanding of how to secure a network using technologies and security protocols.

• Ability to undertake vulnerability assessments of networks and devices using tools and databases to produce a contextualised list of vulnerabilities.

• Produce security architecture design documents that have been created through an analysis of the potential risks, which has taken into account threats and likely attack routes to a system and produces pragmatic security controls.

• Selection of appropriate security components to provide security-enforcing functions that can be justified through the evaluation of component's security function and implementation.

• Demonstrate a working knowledge of the Policies and Standards that are required for systems operating in a controlled environment. Such as ISO, industry specific for Nuclear / CNI / transportation or government/department policies.

• Production of security risks through identification of vulnerabilities, assessment of exposure, likelihood and severity of the risk in a quantitative or qualitative format that follows an industry recognised risk assessment methodology.

• Ability to analyse information and produce reports, network diagrams and recommendations on how to improve security posture.

• Ability to plan, control, report and manage the risk for a defined package of work to ensure delivery of on-time, budget and quality products.

This role will require SC Clearance. It would be advantageous if currently held, however, if not currently held, it is a requirement that the successful applicant will undergo, achieve, and maintain SC Clearance.  Please visit the UKSV website for further guidance.

To be eligible for full SC, you generally need to have resided in the UK for the last 5 years.  In some circumstances, a minimum of 3 years’ residence in the UK over the last 5 years may be accepted, with additional overseas checks.

For further details of the evidence required to apply for Baseline and Security Clearance please refer to the National Security Vetting (NSV) Agency - United Kingdom Security Vetting - GOV.UK (www.gov.uk)

#LI-VJ1

In line with Thales' Baseline Security requirements, candidates will be asked to provide evidence of identity, eligibility to work in the UK and employment and/or education history for up to three years. Some vacancies may require full Security Clearance which can require further evidence to be provided. For further details of the evidence required to apply for Baseline and Security Clearance please refer to the Defence Business Services National Security Vetting (DBS NSV) Agency.

At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working.

Thales UK is committed to providing an inclusive and barrier-free recruitment process. We will provide reasonable adjustments and support to ensure neuro-diverse applicants or those with a disability or long-term condition can be their best during the recruitment process. To request an adjustment, if you need this job advert in an alternative format or if you have any questions about the recruitment process, please contact Resourcing Ops for mid to senior roles, or the Early Careers Team for graduate and apprentice roles.

Great journeys start here, apply now!