At EY, we’re all in to shape your future with confidence.

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.

Join EY and help to build a better working world.

Job Title: Director – Cybersecurity OT

About EY: At EY, we are committed to building a better working world. Our Cybersecurity Consulting Practice is rapidly expanding, and we are investing in our capabilities to meet the increasing demand for cybersecurity solutions. Join us and be part of a global team of over 13,000 professionals dedicated to delivering cutting-edge security transformation programs and services.

The Opportunity: As a Director in Cybersecurity, you will bring diverse perspectives and deep subject‑matter expertise to deliver high‑quality insights and outcomes for our clients. You will play a strategic leadership role in shaping and overseeing complex cybersecurity engagements, strengthening senior client relationships, and guiding teams to develop innovative, practical solutions that address the evolving security challenges organisations face.

Key Responsibilities:

• Lead and manage large OT Security engagements, overseeing day‑to‑day delivery across industrial environments including manufacturing, energy, utilities, and critical infrastructure. Ensure delivery meets quality, time and budget expectations while navigating complex OT operational constraints.

• Apply deep technical and sector knowledge across OT, ICS, and IIoT environments to shape and deliver client programmes. Leverage expertise in IEC 62443, NIST CSF for OT, and the Purdue Model to conduct maturity assessments, design secure architectures, and lead OT cyber‑risk reduction initiatives.

• Identify, shape, and originate new OT security opportunities, using established industry relationships across engineering, operations, and cyber functions. Position the firm with senior OT decision‑makers, including engineering directors, CISOs, and asset owners, demonstrating a strong understanding of safety, reliability, and availability priorities.

• Partner with senior practice and market leaders to pursue high‑value OT‑security‑focused opportunities. Develop differentiated proposals, point‑of‑view materials, and transformation roadmaps aligned to industrial cybersecurity trends such as OT–IT convergence, zero‑trust for OT, asset visibility, and secure remote access.

• Provide visible leadership into a globally established high‑performing OT security team, sharing deep domain expertise in ICS/SCADA, industrial protocols, and secure OT architecture patterns. Mentor consultants to develop both technical skills and commercial acumen, fostering a culture of continuous learning and cross‑disciplinary collaboration.

• Develop impactful OT cybersecurity thought leadership, articulating market-relevant insights on IEC 62443 adoption, secure operations, industrial threat landscapes, and practical transformation strategies. Support the creation of frameworks and tools that differentiate the firm’s OT security offering.

• Build and maintain strategic relationships with senior client leaders, including operations executives, heads of engineering, CTOs, and CISOs. Use these relationships to identify transformation opportunities, influence senior stakeholders, and steer delivery outcomes across complex industrial ecosystems.

Skills and Attributes for Success:

• Exceptional communicator, able to clearly explain complex OT security concepts, risks, and architectures to both technical engineering teams and senior business stakeholders. Skilled at translating OT cyber risks into operational, safety, and financial impact.

• Strategic thinker with deep OT cybersecurity expertise, capable of diagnosing complex industrial cyber challenges and shaping robust, standards-aligned solutions (e.g., IEC 62443 reference models, Purdue Model segmentation strategies, OT Zero Trust). Able to secure executive buy‑in by aligning cyber outcomes with operational priorities such as uptime, safety, and regulatory compliance.

• Proven people leader, experienced in developing skilled OT cybersecurity teams through coaching, mentoring, and modelling inclusive, collaborative leadership behaviours.

• Strong commercial acumen, consistently delivering high‑quality outcomes, managing programme risks, and ensuring operational excellence across large‑scale industrial cybersecurity engagements.

• Experienced programme and engagement leader, adept at structuring and managing multi‑site OT security transformations, including asset discovery, segmentation, architecture redesign, and secure remote access implementation. Skilled at navigating the unique constraints of OT systems including legacy technologies and safety-critical environments.

• Pragmatic, client‑centric approach, able to navigate ambiguity across industrial operations, anticipate issues related to safety and continuity, and guide clients confidently through complex decision‑making regarding OT system modernisation and cyber‑risk reduction.

• Strong market access and trusted relationships, leveraging established networks in OT-heavy sectors (e.g., energy, utilities, manufacturing, transport) to influence market conversations, originate new opportunities, and position the firm as a leader in industrial cybersecurity.

To Qualify for the Role, You Must Have:

• Proven experience defining and delivering OT‑centric cybersecurity strategies across industrial environments (ICS, SCADA, IIoT), with the ability to clearly articulate the operational and commercial value of OT security to senior stakeholders across engineering and enterprise leadership.

• A strong track record developing OT cybersecurity investment and transformation cases, including business justification, cost–benefit analysis, and prioritisation of remediation activities across multi‑site industrial estates. Capable of aligning OT security investment with organisational goals such as regulatory compliance, contractual obligations and digital transformation.

• Hands‑on experience designing and implementing OT security target operating models, covering governance, incident response, asset lifecycle management, engineering processes, and roles/responsibilities across IT–OT converged environments. Experienced in embedding secure‑by‑design principles aligned to IEC 62443, NIST 800‑82, and recognised OT security best practice.

• Robust understanding of OT‑relevant cybersecurity regulations and frameworks, including IEC 62443, NIST 800‑82, NIS/NIS2, sector‑specific regulatory requirements, and the Purdue Model for segmentation.

Ideally, You’ll Also Have:

• Relevant security and OT‑security‑specific qualifications, such as CISSP, CIISEC, GICSP, or ISA/IEC 62443 certifications.

• Experience operating within or alongside NCSC‑Assured Cyber Consultancies or equivalent industrial cybersecurity practices, including delivering OT threat assessments, architecture reviews, red‑team exercises, or resilience programmes in regulated sectors.

• Sector experience across OT‑heavy industries, such as Energy & Utilities, Oil & Gas, Manufacturing, Transport, Chemicals, Pharmaceuticals, or Critical National Infrastructure — with a strong understanding of engineering processes, operational constraints, and safety‑critical environments.

• Professional services experience delivering large‑scale OT cybersecurity transformations, working with multi‑disciplinary teams of engineers, cyber specialists, and operational leaders in market‑leading organisations.

Please note: The successful candidate must undergo and pass checks in line with SC (Security Check) clearance standards after joining EY. These checks may include, but are not limited to, verification of identity, right to work in the UK, employment history, proof of address may be required and unspent criminal convictions. Candidates must be a UK national or have been a resident in the UK for a minimum of five years and ensure that they have not spent more than six months outside the UK.

Join Us: At EY, you’ll have the chance to build a meaningful and fulfilling career, supported by an inclusive culture and cutting-edge technology. Together, we can create a better working world for all.

What we look for

We’re interested in people with integrity who can collaborate with people from a diverse range of backgrounds and crucially a growth mindset.

What we offer

We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.

• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.

• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.

• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

Apply Now

TCCyberUKI2026