Work with Us. Change the World.

At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations.

There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.

We're one global team driven by our common purpose to deliver a better world. Join us.

AECOM is seeking a seasoned Cyber-Physical System (CPS) Security & Resiliency growth leader to establish and grow our Cyber-Physical System Security & Resiliency team. This role builds the firm’s capability to help clients strengthen and modernize cyber-physical environments through integrated security, risk, and resilience strategies.

The ideal candidate brings deep operational technology (OT) domain expertise, experience building comparable practices, and the ability to engage senior public and private sector leaders on digital strategy, cyber-informed engineering, risk modernization, and cyber-physical program development. While governance and risk may intersect with information technology (IT), this role is not IT-centric. The focus is on the safety, security, and resilience of cyber-physical systems across CPS/OT environments (e.g., industrial control systems (ICS), supervisory control and data acquisition (SCADA), OT) and digitally enabled CPS/IT systems.

This role will launch within AECOM’s Energy Practice, with a mandate to scale across other infrastructure sectors. The position will operate in close partnership with all business lines where cyber-physical systems are part of critical infrastructure, serving as a delivery-enabling function.

This role is expected to operate with peer-level standing to other Practice and Capability Leads.

Role Primary Objectives:

• Establish the CPS Security & Resilience Team as a source of top and bottom-line growth within the Energy Practice.
• Strengthen client confidence and executive trust in AECOM’s ability to manage modern infrastructure risk.
• Establish a repeatable, scalable CPS capability that integrates with existing AECOM services.
• Position AECOM as a trusted consultant on the convergence of infrastructure, automation, AI, and physical consequence.
• Establish governance, risk, and resilience models for the integration of AI and advanced analytics into CPS/OT and CPS/IT environments, with explicit focus on physical consequence, system safety, and operational continuity.

Responsibilities:

Cyber-Physical Systems (CPS) Security & Resilience Strategic Growth and Market Engagement

• Establish the CPS Security & Resilience practice for the Power sector (generation, transmission, distribution, substations, grid modernization), and other critical infrastructure sectors.
• Develop and execute go-to-market, recruitment, and top- and bottom-line growth strategies for the CPS Security & Resiliency Practice.
• Support strategic pursuits and key accounts from the cyber-physical resiliency lens, where CPS risk influences project outcomes or client confidence.
• Engage client executives, boards, and regulators on system-level risk, resilience, and governance.
• Act as a strategic partner to leadership on infrastructure resilience, reliability, and operational risk.
• Advise clients on cyber-physical risk and resiliency implications of AI-enabled grid modernization, automation, DER integration, advanced protection schemes, and digitally enabled control environments.

Advisory & Enterprise Alignment

• Partner closely with Advisory leadership to align CPS services with broader operational, digital, and risk advisory offerings.
• Coordinate with existing IT, OT, and cyber resources across AECOM to avoid duplication and fragmentation.

Client Engagement, Delivery, and Practice Growth

• Work closely with senior leadership to shape AECOM’s CPS Security & Resilience offerings and expand market presence.
• Support capture and proposal activities, including developing scopes of work, methodologies, and strategic content.
• Build and maintain strong client relationships to identify new opportunities and ensure successful delivery.
• Serve as a bridge between technical specialists and executive-level client discussions.

Internal Support

• Provide leadership, direction, and capability stewardship across CPS Security & Resilience.
• Oversee and guide the development of reusable tools, templates, frameworks, and best practices for CPS Security & Resiliency.
• Oversee and guide the translation of cyber and digital risk into engineering-relevant decision frameworks.
• Avoid unnecessary process overhead; focus on pragmatic, outcome-driven integration.

Operating Model & Reporting

• Initial alignment: Power (business-led proving ground)
• Functional partnership: Advisory (delivery model, capability integration)
• This role will address AI within CPS as a cross-cutting enterprise risk and resilience consideration, integrated into existing CPS governance, delivery, and advisory models rather than treated as a standalone AI function.

Cyber-Physical Systems (CPS) Security & Resilience Practice Elements:

• Lead OT engagements related to cyber-physical systems.
• Lead client engagements addressing AI-enabled CPS risk, resilience, and governance across CPS/OT and CPS/IT environments, including model risk, autonomy, decision authority, and failure propagation into physical systems.
• Lead cybersecurity assessments, vulnerability analyses, and program reviews to help clients identify risks and prioritize improvements.
• Conduct maturity assessments, risk evaluations, gap analyses, and policy reviews to help clients define long-term CPS/OT and CPS/IT strategies.
• Develop OT governance models, operational frameworks, and investment plans that guide clients through modernization and lifecycle planning.
• Facilitate workshops, interviews, and stakeholder meetings to gather requirements and translate them into strategic recommendations.
• Embed CPS risk considerations into pursuits, delivery models, and client engagements.

• Develop OT and ICS cybersecurity programs aligned with frameworks such as NIST CSF, NERC CIP, and IEC 62443.
• Prepare guidance for OT security controls, monitoring approaches, segmentation strategies, governance, and compliance.

CPS Security & Resilience Leadership

• Provide industry leadership and guidance on CPS/OT and CPS/IT security & resiliency, promoting alignment with enterprise risk management, regulatory expectations, and delivery realities.
• Advise clients on CPS architecture concepts, technology options, integration considerations, and migration strategies.
• Oversee and guide master planning for CPS, including AI-enabled CPS, grid modernization, SCADA and EMS/DMS evolution, advanced automation, digital substations, and next-generation OT and CPS/IT architectures.
• Evaluate operational risks and recommend solutions that improve resiliency, reliability, and worker safety in CPS/OT environments.

Minimum Requirements

• BS degree in Engineering, Computer Science, Information Systems, Cybersecurity, or a related field and 10 years of related experience
• Minimum of 10  years of business leadership experience in cyber-physical systems, OT/ICS, infrastructure security, or resilience.
• Minimum of 10 years of experience delivering advisory services (strategy, governance, road mapping, program development, compliance) into cyber-physical system OT, ICS, and SCADA environments.
• Minimum years of OT or ICS experience in consulting, engineering, or cyber-physical environments.
• Proven track record of growth, building, and scaling capabilities inside large engineering (AEC), EPC, or infrastructure organizations.
• Proven ability to translate risk into executive-level decision frameworks and business outcomes.
• Experience working across matrixed organizations with multiple business lines and stakeholders.
• Advanced knowledge of relevant CPS, OT, and cyber risk frameworks and regulatory constructs applicable to cyber-physical systems within critical infrastructure environments.
• Strong communication skills with experience developing client-facing reports, strategies, roadmaps, and presentations.
• Deep understanding of Power sector systems and the operational realities of infrastructure delivery.

Preferred Qualifications

• Master of Business Administration (MBA) preferred.
• 15 years of OT or ICS experience in consulting, engineering, or cyber-physical environments.
• Cyber-physical training or certifications are preferred, e.g. –
  • C|CISO, GICSP, CISSP
  • Consequence-focused training for Physical & Digital Infrastructure, e.g. Consequence-Driven, Cyber-Informed Engineering (CCE ACCELERATE)
  • AI-governance and/or AI-risk related training
• 15 years of P&L ownership experience
• Previous experience developing CPS service offerings
• Previous experience developing and managing CPS-related managed services
• Industry voices and distinction preferred, e.g. –
  • Previously published in industry journals.
  • Previous conference speaking engagements.
  • Participated in various media such as TV, radio, podcasts, and webinars.

This position does not offer sponsorship now or in the future.

This position does not offer relocation assistance.

About AECOM 

AECOM is proud to offer comprehensive benefits to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absences, voluntary benefits, perks, flexible work options, well-being resources, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan. 

AECOM is the global infrastructure leader, committed to delivering a better world. As a trusted professional services firm powered by deep technical abilities, we solve our clients’ complex challenges in water, environment, energy, transportation and buildings. Our teams partner with public- and private-sector clients to create innovative, sustainable and resilient solutions throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. AECOM is a Fortune 500 firm that had revenue of $16.1 billion in fiscal year 2025. Learn more at aecom.com. 

What makes AECOM a great place to work 

You will be part of a global team that champions your growth and career ambitions. Work on groundbreaking projects - both in your local community and on a global scale - that are transforming our industry and shaping the future. With cutting-edge technology and a network of experts, you’ll have the resources to make a real impact. Our award-winning training and development programs are designed to expand your technical expertise and leadership skills, helping you build the career you’ve always envisioned. Here, you’ll find a welcoming workplace built on respect, collaboration and community—where you have the freedom to grow in a world of opportunity. 

As an Equal Opportunity Employer, we believe in your potential and are here to help you achieve it. All your information will be kept confidential according to EEO guidelines.