Principal Consultant - Cyber/Physical Security

Role Overview

The Principal Consultant, Cyber-Physical Security serves as the technical practice leadand senior seller-doer responsible for delivering high-quality consulting services whilehelping expand the organization’s cyber-physical security practice across industrialsectors including Oil & Gas, Electric Utilities, and Manufacturing.This role combines deep industrial control systems expertise, consulting management,and practice capability development. The individual will support client acquisition, leadcomplex technical engagements, build internal laboratory environments, establishtechnical delivery standards, work with marketing and sales to maintain servicecollateral and mentor junior consultants.The role acts as the technical authority and delivery arm of the engagements, ensuringtechnical rigor, structured methodologies, and high-quality deliverables while workingclosely with practice leadership to grow services and client relationships.

Key Responsibilities

Technical Practice Leadership

• Serve as the technical authority for cyber-physical security services withinthe practice.

• Define and maintain technical methodologies, architecture frameworks,and delivery standards for client engagements.

• Establish technical quality assurance processes for client deliverables.

• Translate cybersecurity risk findings into engineering-level designimprovements and operational outcomes.

• Maintain structured documentation to be used across engagements.Client Engagement & Business Development

• Act as a trusted technical advisor to industrial clients across sectors oneor more sectors such as Oil & Gas, utilities, and manufacturing.

• Support business development activities including:o Discovery workshopso Solutioning discussions

• Contribute to the development of repeatable Cyber Physical service offerings.

• Support growth of strategic accounts through technical credibility anddelivery excellence.

Technical Delivery Leadership

• Lead complex Cyber Physical security consulting engagements, includingbut not limited to:

o Regulatory Assessments

o Cyber Risk and Capability Assessmentso Product Security Assessments

o Architecture and Control Designo Security Validation and Assurance

o Security Operations Design and Operationalization

• Ensure engagements maintain engineering rigor, operational awareness,and safety considerations.Industrial Control Systems Expertise

• Apply deep understanding of industrial automation and control systemenvironments and architectures, including:

o PLC-based controlo Distributed Control Systems (DCS)

o SCADA systemso Safety Instrumented Systems (SIS)

o Industrial networks and field devices

• Understand and assess security implications of networking services andprotocols

• Evaluate cybersecurity risks within real operational environments andsafety-critical systems.Lab Development & Technical Innovation

• Design and lead development of internal laboratory environments tosupport:o Research and developmento Tool validation and testingo Cyber-physical attack simulationo Client demonstrationso Internal training

• Identify and manage emerging technologies relevant to industrialcybersecurity.Capability Development & Team Mentorship

• Mentor and train junior consultants and engineers.

• Develop structured technical training materials and knowledgerepositories.

• Promote strong engineering discipline, safety awareness, and structuredproblem solving within the team.

• Establish consistent documentation and reporting standards acrossprojects.

Required Experience

• 10+ years of experience in industrial or operational technologyenvironments such as:

o Oil & Gaso Electric Utilities

o Manufacturingo Industrial automation or critical infrastructure

• Of which, Minimum 3 years of consulting-type experience

• Hands-on experience with industrial control systems, buildingmanagement systems or security design and implementation

• Experience delivering complex technical programs in industrialenvironments.

• Familiarity with industrial cybersecurity frameworks and regulatoryenvironments including:

o North American experience in NERC CIP, TSA security directiveso Standards such as ISA/IEC 62443, NIST SP 800-82

• Certifications are not required but may be beneficial:

o ISA/IEC 62443 certificationso GIAC ICS certificationso CISSP

o Industrial automation or vendor certifications