Job Description:

OT Cyber Security Lead – Assurance & IT/OT Convergence

Critical National Infrastructure

Salary: £80k upwards• 15% bonus • Outstanding benefits 35 Hour week

Location: Full‑time on‑site, Bristol (flexible start & finish times)

A leading UK critical‑infrastructure operator is expanding its cyber function and is hiring an OT Cyber Security Lead to own and shape cyber assurance strategy across Operational Technology (OT) and IT environments.

This is a newly created, function‑owning role with long‑term accountability. You’ll define how cyber assurance operates across the business, bringing together industrial control environments and enterprise IT security into a single, coherent assurance approach.

If you understand where OT fits within an IT‑led security strategy — and want responsibility for maturing that alignment across a large organisation — this is a rare opportunity to lead.

This role will suit individuals such as:

✅ Cyber assurance / GRC professionals ready to step into a lead role and own a function

✅ IT security specialists with OT exposure looking to embed industrial security into enterprise governance

✅ OT‑aware professionals who want to influence security strategy beyond site‑level controls

✅ Consultants seeking an in‑house leadership role with strategic, long‑term impact

You don’t need to be an OT engineer — but you do need to understand how OT security integrates with wider IT security, risk, and governance models, and have the appetite to lead that evolution.

The Role

Reporting within Engineering, you’ll act as the OT cyber security lead for assurance, responsible for direction, integration, and continuous improvement across the organisation.

Your remit spans strategy, governance, and delivery, ensuring cyber assurance supports safe, resilient operations while meeting regulatory and business objectives.

Key responsibilities include:

• Owning the cyber assurance function across IT and OT environments
• Defining and driving the long‑term OT cyber security and assurance strategy
• Establishing a joined‑up assurance model across enterprise IT and industrial systems
• Leading assurance activities aligned with NCSC CAF, internal policy, and regulatory commitments
• Conducting audits, gap assessments, and compliance reviews across complex environments
• Managing assurance requirements, evidence, and audit readiness end‑to‑end
• Owning and maturing the Cyber Security Management System (CSMS) as a core capability
• Developing OT‑aligned incident response and recovery assurance
• Acting as the key interface between security, IT, and engineering teams
• Coordinating internal teams, suppliers, and external assessors
• Tracking cyber risk, KPIs, and assurance outcomes, reporting to senior stakeholders

This is a hands‑on leadership role — combining strategic ownership with practical delivery.

About You

We’re looking for someone confident operating in a lead capacity, comfortable with ambiguity, and motivated to build something enduring.

You’ll ideally bring:

• Experience in cyber security assurance, GRC, or risk
• A working understanding of OT environments and how they differ from IT
• Clear insight into embedding OT security within an enterprise IT security strategy
• Familiarity with frameworks such as ISA/IEC 62443, NCSC CAF, ISO 27001 (depth in one is sufficient)
• Strong stakeholder engagement skills across technical and non‑technical teams
• A pragmatic, delivery‑focused mindset
• Confidence to define standards, influence direction, and own outcomes
• Degree or recognised cyber qualification (desirable, not essential)

What’s on Offer

• Base salary from £80k upwards, depending on experience
• 15% annual bonus
• Pension contributions up to 20%
• Electric car scheme, with free on‑site charging
• 35‑hour working week
• Full‑time, on‑site role in Bristol, with flexible start and finish times
• Private medical insurance
• Ongoing training and development, with a strong focus on OT cyber security
• A rare opportunity to own and shape OT cyber assurance strategy within critical national infrastructure
• Highly tangible impact on safety, resilience, and long‑term operational security

Security vetting is required, typically requiring UK residency for 3 of the past 5 years.