Using a wide variety of technical and sector-specific skills, KPMG's Operational Technology (OT) Cyber Security team helps clients increase efficiency and reliability of their most critical assets whilst reducing financial, operational, safety and other risks.
We are experienced in managing diverse issues affecting industrial control systems including cyber resilience, digital technology risk, designing and implementing quantifiable risk frameworks, threat modelling, implementing cyber risk controls and architectures, cyber due diligence and much more.
We have a fast-growing team and our engagements often take place in an international context which requires us to provide services across the globe, often in close cooperation with other KPMG offices.
Our services are of both an assurance and advisory nature and include Cyber Security Governance and Strategy assessments, Security Architecture design and implementation, tooling design and implementation, Risk Advisory, and operational resilience planning and exercising.
This role requires previous experience in consulting and delivery of OT Security services, with excellent knowledge of specific OT security controls, regulations, standards and risk frameworks.
The successful candidate will have the ability to credibly advise our clients on a broad range of complex problems, ranging from IT / OT operating models, incorporating security into capital projects, to planning for crisis with operational and managerial teams.
Knowledge and experience in some relevant industries such as manufacturing, utilities, Oil and Gas and healthcare is preferrable.
Roles and Responsibilities :
As a manager in the Cyber Security practice, you will be managing the delivery of large, complex client engagements, typically carrying out the following responsibilities :
Design an approach of services that meets client needs
Scope and produce deliverables
Project and financial management
Review of team deliverables for quality and risk purposes
Liaise with clients on delivery and implementation issues
Pro-actively identify and progress business opportunities for the long-term benefit of both the client and KPMG as well as manage sales activities such as proposal writing and client presentations.
Demonstrate an understanding of KPMG’s broader offerings to enable identification of business opportunities
Develop constructive client relationships, both inside and outside of KPMG.
Provide training and mentoring to other team members.
Role-model risk and engagement management practices
Monitor and uphold high quality of service and products to clients (internal and external)
Uphold KPMG’s values by acting with integrity.
Experience and Skills :
A combination of the following :
Proven experience of successfully delivering Operational Technology services (including implementations, creating business cases and roadmaps, assurance reviews and maturity assessments) to medium / large, multi-national clients, preferably in the Critical National Infrastructure space.
Experience in certain key sectors manufacturing, transportation, energy and natural resources, automotive, telecommunications, health and life sciences, consumer products, oil and gas.
Delivered or involved in a number of operational technology risk management engagements.
Experience in transformation and business change programmes.
Advising clients that operate digital technology solutions in the OT space on business and operational risks, relevant regulations (e.
g. NIS-D, NERC CIP), controls, benefits, solution fit and typical challenges.
Functional experience of technology solutions to secure OT environments (Claroty, Nozomi etc. would be a plus).
Functional experience of risk framework (e.g., IRAM2, bow-tie, ISO27005) and controls (e.g. NIST CSF, NIST SP 800-82, NCSC CAF, ISO 27019, IEC 62443).
Experience of specialised OT controls frameworks such as NISTIR 8183, OG-86 and NISTIR 7628, and specialised OT architecture frameworks such as OPAS OPAF and RAMI 4.0 would be a plus.
Knowledge and experience of cyber, business and technology resilience
Proven communication and presentation skills.
Proven experience of successfully delivering digital technology risk services.
Experience in product security tooling and regulations (e.g. Medical Device Regulation Cybersecurity Guidelines) is desirable.
Experience in sector-specific security guidance (e.g., HSE, Ofgem, DWI) is desirable.
Big 4 professional services or dynamic consultancy environment experience is essential.
Cyber security qualification e.g., GICSP / CISSP (desirable)
Engineering qualification (desirable)
Degree or Masters qualification in Cyber, Information Security or IT management (desirable)