Operational Technology Risk Consultant
Company: AON
Location: London
Posted: May 4th, 2026
Role Purpose
To identify, quantify, and translate Operational Technology (OT) cyber risk into operational, financial, and insurability outcomes across industrial, manufacturing, energy, infrastructure, and other OTu2011dependent sectors.
This role sits at the intersection of plant operations, executive risk governance, and insurance placement, enabling clients to understand u201cOperational Disruption u00d7 Financial Impact u00d7 Policy Response.u201d
The consultant applies patternu2011based OT governance and architecture assessment (CORAu2011OT), improved BI severity modelling, and underwritingu2011aligned analysis to support improved placement outcomes and targeted resilience improvements.
Core Responsibilities
OT Risk & Exposure Diagnostics (CORAu2011OT)
Lead and deliver OT governance and architecture baseline assessments, passionate about:
OT accountability models
Segmentation & connectivity patterns
Vendor and remote access pathways
Multiu2011site aggregation and dependency exposures
Identify u201cinsuranceu2011sensitiveu201d control gaps that materially influence:
downtime severity,
loss aggregation,
underwriting defensibility.
Produce standardised OT diagnostic outputs that can be embedded into client placement, risk engineering reviews, and BI modelling.
Exposure Quantification & Severity Modelling
Work closely with financial modelling teams to integrate OTu2011specific:
business interruption (BI) pathways,
contingency dependencies,
multiu2011site escalation patterns,
cyberu2011triggered property damage / PD-BI interactions.
Support improved CIA-based modelling of OT-driven operational loss, enabling clearer limit adequacy discussions.
Client Advisory & Resilience Development
Support clients in integrating OT into:
incident response,
crisis governance,
business continuity plans.
Run OTu2011specific disruption tabletop exercises (aligned to CRRu2011OT).
Provide practical, operationsu2011sensitive recommendations that strengthen clientsu2019 defensibility without over-engineering.
Integration With Broking, Property, and Risk Engineering
Partner with property risk engineers to:
reflect cyberu2011physical pathways in risk engineering outputs,
incorporate OT failure modes into resilience roadmaps,
reinforce the distinction between cyber and physical damage mechanisms.
Support preu2011placement, renewal, and strategic client conversations with clear OTu2011risk framing.
Thought Leadership & Practice Development
Contribute to the refinement of CORAu2011OT and CRRu2011OT methodologies.
Develop internal u201cOT Red Flagu201d materials for brokers and account teams.
Participate in sectoru2011specific campaigns (e.g., supervised manufacturing, F&B, pharma).
Produce market insights, white papers, and insureru2011facing perspectives on OT risk trends.
Required Skills & Experience
Technical & Domain Expertise
Practical OT / ICS understanding, including:
SCADA, PLC, DCS, BMS, historian systems,
plant-floor segmentation patterns,
safety vs. security architectural trade-offs.
Familiarity with:
IEC 62443 principles (governance & architecture focus),
NIST 800u201182,
industrial vendor ecosystems and support models.
Experience evaluating architecture patternsu2014not deep configuration testing.
Data Center & Built-environment Literacy
Ideally we are looking for familiarity with:
data-center build principles,
redundancy models (N+1, 2N, etc.),
uptime tiering concepts.
Ability to converse credibly with:
engineers,
facilities teams,
operations leaders.
Risk, Insurance & Consulting Skills
Ability to translate OT technical patterns into:
downtime duration,
BI exposure,
aggregation risk,
underwriting impact.
Strong client communication and storytelling:
concise, boardu2011ready articulation of OT exposure,
clear linkage to financial outcomes.
Comfortable working across engineering, operations, cyber, and risk domains.
Useful Backgrounds
OT cyber consultant within industrial/ICS sectors.
Cyber or operations engineer within manufacturing, energy, utilities, or sophisticated infrastructure.
Risk consultant with exposure to OT-dependent operational environments.
Prior experience working alongside nonu2011IT engineers or plant operations teams.
Certifications
CISSP, CISM, CRISC
IEC 62443 foundation-level training
ISO 27001 or NIST experience in operational contexts
Safety or reliability engineering exposure (effective)
Measures of Success
CORAu2011OT diagnostic adopted systematically across client engagements.
Stronger insurer confidence in client OT control maturity and segmentation.
Clearer exposure articulation leading to improved placement outcomes.
OT risk narratives embedded in BI limit adequacy and PD/BI discussions.
Increased pullu2011through of resilience, modelling, and advisory work.
Strong crossu2011team collaboration with broking, risk engineering, and modelling.
Commercial Value of the Role
This role directly advances the u201cFind, Flatten, Finance Operational Technology Cyber Risku201d strategy by:
Finding: identifying the governance and architecture patterns driving severity.
Flattening: clarifying and reducing operational and financial exposure.
Financing: enabling better placement outcomes and more defensible underwriting narratives.
It uniquely differentiates the firm from:
engineeringu2011led OT security firms (too technical), and
cyberu2011only consultancies (too abstract).
The result: a scalable, patternu2011based OT advisory capability that elevates placement, improves client decisions, and embeds OT into enterprise risk governance.
2572829 Role Purpose
To identify, quantify, and translate Operational Technology (OT) cyber risk into operational, financial, and insurability outcomes across industrial, manufacturing, energy, infrastructure, and other OTu2011dependent sectors.
This role sits at the intersection of plant operations, executive risk governance, and insurance placement, enabling clients to understand u201cOperational Disruption u00d7 Financial Impact u00d7 Policy Response.u201d
The consultant applies patternu2011based OT governance and architecture assessment (CORAu2011OT), improved BI severity modelling, and underwritingu2011aligned analysis to support improved placement outcomes and targeted resilience improvements.
Core Responsibilities
OT Risk & Exposure Diagnostics (CORAu2011OT)
Lead and deliver OT governance and architecture baseline assessments, passionate about:
OT accountability models
Segmentation & connectivity patterns
Vendor and remote access pathways
Multiu2011site aggregation and dependency exposures
Identify u201cinsuranceu2011sensitiveu201d control gaps that materially influence:
downtime severity,
loss aggregation,
underwriting defensibility.
Produce standardised OT diagnostic outputs that can be embedded into client placement, risk engineering reviews, and BI modelling.
Exposure Quantification & Severity Modelling
Work closely with financial modelling teams to integrate OTu2011specific:
business interruption (BI) pathways,
contingency dependencies,
multiu2011site escalation patterns,
cyberu2011triggered property damage / PD-BI interactions.
Support improved CIA-based modelling of OT-driven operational loss, enabling clearer limit adequacy discussions.
Client Advisory & Resilience Development
Support clients in integrating OT into:
incident response,
crisis governance,
business continuity plans.
Run OTu2011specific disruption tabletop exercises (aligned to CRRu2011OT).
Provide practical, operationsu2011sensitive recommendations that strengthen clientsu2019 defensibility without over-engineering.
Integration With Broking, Property, and Risk Engineering
Partner with property risk engineers to:
reflect cyberu2011physical pathways in risk engineering outputs,
incorporate OT failure modes into resilience roadmaps,
reinforce the distinction between cyber and physical damage mechanisms.
Support preu2011placement, renewal, and strategic client conversations with clear OTu2011risk framing.
Thought Leadership & Practice Development
Contribute to the refinement of CORAu2011OT and CRRu2011OT methodologies.
Develop internal u201cOT Red Flagu201d materials for brokers and account teams.
Participate in sectoru2011specific campaigns (e.g., supervised manufacturing, F&B, pharma).
Produce market insights, white papers, and insureru2011facing perspectives on OT risk trends.
Required Skills & Experience
Technical & Domain Expertise
Practical OT / ICS understanding, including:
SCADA, PLC, DCS, BMS, historian systems,
plant-floor segmentation patterns,
safety vs. security architectural trade-offs.
Familiarity with:
IEC 62443 principles (governance & architecture focus),
NIST 800u201182,
industrial vendor ecosystems and support models.
Experience evaluating architecture patternsu2014not deep configuration testing.
Data Center & Built-environment Literacy
Ideally we are looking for familiarity with:
data-center build principles,
redundancy models (N+1, 2N, etc.),
uptime tiering concepts.
Ability to converse credibly with:
engineers,
facilities teams,
operations leaders.
Risk, Insurance & Consulting Skills
Ability to translate OT technical patterns into:
downtime duration,
BI exposure,
aggregation risk,
underwriting impact.
Strong client communication and storytelling:
concise, boardu2011ready articulation of OT exposure,
clear linkage to financial outcomes.
Comfortable working across engineering, operations, cyber, and risk domains.
Useful Backgrounds
OT cyber consultant within industrial/ICS sectors.
Cyber or operations engineer within manufacturing, energy, utilities, or sophisticated infrastructure.
Risk consultant with exposure to OT-dependent operational environments.
Prior experience working alongside nonu2011IT engineers or plant operations teams.
Certifications
CISSP, CISM, CRISC
IEC 62443 foundation-level training
ISO 27001 or NIST experience in operational contexts
Safety or reliability engineering exposure (effective)
Measures of Success
CORAu2011OT diagnostic adopted systematically across client engagements.
Stronger insurer confidence in client OT control maturity and segmentation.
Clearer exposure articulation leading to improved placement outcomes.
OT risk narratives embedded in BI limit adequacy and PD/BI discussions.
Increased pullu2011through of resilience, modelling, and advisory work.
Strong crossu2011team collaboration with broking, risk engineering, and modelling.
Commercial Value of the Role
This role directly advances the u201cFind, Flatten, Finance Operational Technology Cyber Risku201d strategy by:
Finding: identifying the governance and architecture patterns driving severity.
Flattening: clarifying and reducing operational and financial exposure.
Financing: enabling better placement outcomes and more defensible underwriting narratives.
It uniquely differentiates the firm from:
engineeringu2011led OT security firms (too technical), and
cyberu2011only consultancies (too abstract).
The result: a scalable, patternu2011based OT advisory capability that elevates placement, improves client decisions, and embeds OT into enterprise risk governance.
Apply Now