Cyber Security Lead

Who we are:

Ceres is leading the way in clean energy innovation, pioneering advancements in electrolysis for green hydrogen production and fuel cells for future power solutions. With our dynamic licensing model, we've built powerful partnerships with major multinational companies like Doosan, Shell, Delta and Weichai and our solid oxide platform is transforming energy systems, delivering high-efficiency green hydrogen to decarbonise some of the most emissions-heavy industries including steelmaking, and future fuels.

At Ceres, we foster a workplace driven by passion and purpose. We support our team to think ambitiously, collaborate creatively and confront complex challenges directly. Innovation is at the core of who we are, and we strive to push the boundaries of what’s possible with technology.

Purpose of the role:

As Ceres continues to evolve, cybersecurity is a strategic priority. With evolving threats and increasing complexity, we’re investing in strong internal capability to protect our systems and data.

This pivotal role leads our cybersecurity programme—delivering key projects, supporting BAU operations, and shaping policy. You’ll work closely with our Technical Operations team, manage supplier and licensing relationships, and act as the primary contact for our external Security Operations Centre (SOC).

From audit support to hands-on implementation, you’ll play a critical role in strengthening our security posture and enabling business resilience.

Key Accountabilities:

Security Operations & Engineering

• Manage and enhance Microsoft 365 security tools (EMS, MAM, Purview, DLP, Entra P2).

• Support and maintain firewalls, network switching, Wi-Fi, and email security systems (Mimecast, Tessian).

• Deliver internal cyber awareness training and act as a technical lead during security incidents.

• Implement technical changes aligned with security policies and compliance frameworks.

Monitoring, Detection & Response

• Conduct regular security assessments, including pen testing and vulnerability scans.

• Monitor and analyse logs across core platforms and manage the outsourced SOC relationship.

• Lead incident response processes, ensuring timely reporting and resolution.

Governance, Risk & Compliance

• Own the delivery of a structured, risk-based security programme.

• Maintain security policies, support audits, and track remediation actions.

• Ensure compliance with relevant standards through collaboration with internal teams.

Third-Party & Supplier Risk

• Conduct security risk assessments for new suppliers and high-risk engagements.

• Oversee secure onboarding and manage tools like BYOD, MDM, and Intune across third-party environments.

Knowledge and Skills Required for the Role:

• Knowledge of information security best practices and certification processes like ISO 27001 and Cyber Essentials.
• Technical knowledge of cloud services like Office 365, Azure, AWS, Entra P2, Azure Rights Management, and DLP.
• Experience with the implementation of security tools like MDM, EMS, Intune, and Airwatch.
• Experience working with or managing a SOC.
• Detailed knowledge of audit processes and procedures.
• Hands-on experience in a 3rd line operational role.
• Understanding of security testing procedures like PEN testing and vulnerability scanning.
• Knowledge of networking and security best practices.
• Strong project management skills.