Practice Lead OT Cyber Security

We are seeking a dynamic and experienced professional to lead our Cyber Security Services and Product Development. This role is critical in advancing our mission to provide cutting-edge cyber and information security solutions, particularly tailored for infrastructure clients in Australia and at the point of convergence between IT and OT. The successful candidate will take full P&L ownership — accountable for revenue targets (top line) and gross margin targets (bottom line) — building the Australian OT Cyber practice from an existing base of utility engagements and leveraging nxzen’s established UK OT Cyber capabilities. You will drive business development, spearhead product innovation and build the delivery team.

You will spearhead the growth and expansion of our Cyber Security services by identifying new business opportunities and working closely with clients to develop tailored, effective solutions. You will oversee the development of innovative products such as Digital Twin, IoT, and Operational Technology solutions, ensuring they meet market needs.

Building strong partnerships within Australia and beyond, you will foster key relationships, act as a technical ambassador at industry events, and drive marketing initiatives to showcase our innovative security offerings. You will actively collaborate with nxzen’s UK OT Cyber team to import proven methodologies, reference architectures, and specialist skills, accelerating the build of the Australian practice.

‍

• 10+ years in cyber security with 5+ years in OT/ICS across utilities/critical infrastructure; leadership of multi‑disciplinary delivery teams.
• Proven delivery of CDRC/SOC for OT programs (SIEM/SOAR engineering, ATT&CK‑for‑ICS detections, purple‑team/hunt), PKI for OT, NAC for OT and IEC 62443 network segmentation.
• Strong grasp of Australian regulatory context (SOCI Act, CIRMP rules, AESCSF baseline and maturity reporting) and sector coordination (e.g., AEMO exercises).
• Hands‑on with EMS/DMS, SCADA, AMI/DER head‑ends, IEDs/RTUs/PLCs, engineering workstations and historian stacks.
• Track record of Design → Build → Integrate → Operate delivery, including phase gates, artefacts and knowledge‑transfer outcomes.
• Practice leadership with P&L ownership (revenue and gross margin targets), including demonstrated experience building or significantly growing a practice from a small or early-stage base — not solely maintaining an established one.
• Relevant industry certifications such as CISSP, GICSP, ISA/IEC 62443 and SANS ICS (GRID/GIAC ICS).
• Cloud security and architecture certifications (e.g. Azure AZ-500, AZ-305 or equivalent).

‍

The key responsibilities include:

• Lead and drive the expansion of our OT Cyber Security services, focusing on growth opportunities.
• Collaborate closely with clients and internal teams to analyse complex environments and develop customized technical solutions.
• Oversee the end-to-end development of cybersecurity products, including Digital Twin, IoT, and Operational Technology solutions, ensuring they are innovative and market ready.
• Enhance and refine our service offerings and delivery models to maximize customer value and operational efficiency.
• Build and nurture strategic relationships with key cyber security partners and alliances, especially within Australia, to strengthen our ecosystem.
• Represent the company at industry conferences, webinars, and public events as a technical evangelist to raise brand visibility and share expertise.
• Lead solution marketing activities by creating compelling content and presentations that highlight our innovative security capabilities.
• Manage the operational delivery of cybersecurity services, ensuring quality, efficiency, and alignment with business objectives.
• Be willing to travel as needed to support client engagements, business development efforts, and industry events.

Key delivery accountabilities include (but not limited to):

Strategy & Growth (Practice P&L):

• Define the OT Cyber strategy, portfolio roadmap and pricing, own pipeline, utilisation, margin and revenue targets.
• Shape modular offers that let clients start focused (one program), prove value in weeks, and expand safely.
• Lead solution positioning and content (briefings, case studies, webinars) to establish nxzen as the technology‑led OT specialist.
• Leverage existing Australian utility OT Cyber engagements to build credibility, referenceable case studies, and repeatable offerings that can be replicated across the sector and into adjacent utilities.
• Collaborate with nxzen's UK OT Cyber team to accelerate capability build, import proven methodologies, reference architectures, and access specialist skills during the growth phase.

Offerings – not limited to, but must include:

• CDRC / SOC for OT: Architect and stand up the Azure/Log Analytics/SIEM stack (private data paths, collectors), engineer ATT&CK‑for‑ICS detections and SLAs, and hand over with ≥80% priority technique coverage and tuned false‑positive rates.
• PKI for OT: Establish isolated CA hierarchy and lifecycle tooling; design enrolment/renewal methods that avoid operational disruption across IEDs/RTUs/PLCs.
• NAC for OT: Drive passive discovery, classification (Purdue level, risk tier), comms whitelists and policy enforcement; integrate rogue‑device signals to the CDRC.
• Network Uplift: Lead IEC 62443 zone‑and‑conduit design, firewall and routing policies, and Azure OT zone extension (ExpressRoute/Private Link).

Advisory & Compliance (Governance):

• Advise boards and executives on SOCI Act obligations and CIRMP risk programs (cyber/physical/personnel/supply chain), including 12‑hour/72‑hour incident reporting playbooks.
• Baseline and uplift AESCSF maturity; map controls to IEC 62443 and embed evidence into BAU reporting.
• Conduct tabletop exercises and sector‑style drills; coordinate with AEMO/ACSC/CISC where appropriate.

Delivery Excellence (Approach & Assurance):

• Enforce a Design → Build → Integrate → Operate delivery model with explicit phase gates, artefacts and exit criteria (architecture sign‑off, “data flowing, alerts firing”, ecosystem integrations, knowledge transfer).
• Set and track operational MTTD/MTTR, use‑case coverage and automation rates; publish monthly service reports.
• Ensure OT‑safe methods (passive‑first, lab validation, change control) and high‑reliability practices across all workstreams.

People & Capability:

• Build and mentor a high‑performance team (OT architects, security engineers, analysts) with hands‑on technical depth.
• Create a runbook/playbook library, training curriculum and certification plan (IEC 62443, GICSP, SANS ICS).
• Drive a culture that removes client dependency by embedding knowledge transfer in every engagement.

Ecosystem & Alliances:

• Curate a pragmatic vendor stack across SIEM/SOAR, EDR/XDR, PAM, vulnerability mgmt, OT NTA, NAC and firewalls; maintain technical credibility through reference architectures and bake‑offs.
• Establish go‑to‑market alliances and participate in industry bodies and sector exercises.

‍

• M&A technical due diligence for capability‑led acquisitions.
• Experience leveraging an international team or centre of excellence to accelerate practice build in a new geography, including knowledge transfer, shared delivery resources, and methodology import.
• Tooling depth across Microsoft Sentinel/Log Analytics/Defender, major EDR/PAM/NAC/OT‑NTA and firewall platforms.
• Credibility with boards and regulators; experience presenting executive briefings and running sector tabletop scenarios.
• Certifications such as CISM, CRISC, ISO/IEC 27001 Lead Implementer/Auditor, and PMP or PRINCE2 to support delivery governance.
• Vendor certifications across SIEM/SOAR, EDR/XDR, NAC, OT NTA, firewalls, and PKI.

‍