Cyber Security Lead

Cyber Security Lead

Oxfordshire - Hybrid - 2 days per week (Flexible)

50k - 60k plus Benefits

Our client is an award-winning leading IT company offering complete outsourced IT solutions to organisations across the UK and Europe. Based in Oxfordshire they provide a comprehensive range of support services, software and hardware solutions to major blue-chip clients and their technicians are highly skilled in planning, implementing and troubleshooting.

They strive to become one of the top places to work in the UK and see themselves as a strong team culture. They are able to attract talent by investing in staff training and rewards, with staff learning via official courses and receiving recognition for development.

We welcome new people to the team from all backgrounds and levels of experience.

As part of their strategy, more staff learn via official courses, with the more staff learning via formal training the better the service and the more they reward staff.

Primary Purpose

The Security Lead is the client-facing strategist and the internal accountable owner of security within the MSP. They lead Quarterly Security Reviews (QSRs), own the client risk register and exception process, and ensure services are delivered in line with frameworks such as Cyber Essentials, ISO27001, and NIST.

Internally, the Security Lead is accountable for the MSP's own security posture, ensuring tools, processes, and teams meet the same standards we deliver to clients. They monitor measurable posture metrics (e.g., Microsoft Secure Score, Vulnerability metrics), ensure continuous improvement, and keep the MSP's security practice relevant through ongoing training, certifications, and threat awareness. Day-to-day execution is delegated to Security Analysts and service teams, while the Security Lead owns security end-to-end: identifying risks, embedding controls, and ensuring demonstrable compliance.

Client-Facing

• Lead Quarterly Security Reviews (QSRs), presenting patch/vulnerability posture, incidents, compliance status, and risk register updates.
• Translate technical security risks into clear business impact and outcomes.
• Own the client exception process, ensuring risks are documented, communicated, and signed off.
• Support Account Managers and Strategic Partnership Managers in roadmap and IT strategy sessions.
• Act as the strategic security escalation point for clients when risks require senior involvement.

Internal MSP Security

• Own the MSP's internal security frameworks and certifications (e.g., CE+, ISO, SOC 2).
• Oversee patching, vulnerability, and risk management of MSP-owned infrastructure and tools.
• Ensure MSP's technology stack (RMM, XDR, PSA, backup, etc.) is securely deployed and monitored.
• Drive staff security awareness, training, and compliance with secure processes.
• Delegate operational tasks to Security Analysts while retaining accountability for end-to-end outcomes.

Governance & Standards

• Maintain the client and internal risk registers.
• Define and evolve gold-standard security "whitepapers" for projects and BAU.
• Sign off security requirements for project scope/designs that impact compliance or frameworks.
• Collaborate with Service Delivery Manager and Project Delivery Manager to ensure security is embedded in BAU, change control, and project execution.
• Monitor and report on client posture metrics (e.g., Microsoft Secure Score, M365 compliance dashboards).
• Drive continuous posture improvement across client environments.

Team Leadership & Growth

• Mentor and develop Security Analysts.
• Ensure team certifications remain up to date (minimum 2 per year per Analyst).
• Lead internal knowledge-sharing sessions to keep the team and wider MSP relevant against new threats and frameworks.
• Champion automation (RPA/AI) in evidence gathering, reporting, and triage.
• Identify scale points for growing the Security Practice (e.g., Security Architect, more Analysts).

Behaviors Required

• Strategic Thinking - able to translate technical risks into business outcomes and align security initiatives with client goals and budgets.
• Strong Governance Mindset - experienced in managing frameworks (Cyber Essentials, ISO27001, NIST) and embedding them into MSP operations and client environments.
• Risk Communication - skilled at presenting complex security issues clearly to non-technical stakeholders, both internally and at client leadership level.
• Technical Depth - hands-on understanding of vulnerability management, patch governance, endpoint security (EDR/XDR), and cloud (M365/Azure security).
• Analytical Skills - capable of interpreting scan results, posture metrics (e.g., Microsoft Secure Score), and incident trends into actionable insights.
• Delegation & Leadership - experienced in mentoring Analysts and delegating effectively while retaining accountability for outcomes.
• Collaboration - able to work cross-functionally with Service Delivery, Projects, Account Managers, and vendors to embed security consistently.
• Continuous Learning - committed to staying current with evolving threats, frameworks, and technologies, and ensuring the team is trained and certified.
• Client-Facing Confidence - comfortable leading Quarterly Security Reviews (QSRs), participating in roadmap sessions, and engaging with C-level stakeholders.
• Change Agent - able to influence internal teams and clients to adopt best practice, even when it means shifting established ways of working.

Person Specification:

Minimum

• 5+ years in IT security or MSP environment.
• Strong knowledge of Cyber Essentials, ISO27001, or NIST frameworks.
• Experience with patch/vulnerability management governance.
• Ability to communicate technical risks in business language.
• Proven ability to run client-facing reviews or presentations.

Desirable

• CISSP, CISM, or equivalent certifications.
• Experience delivering or auditing compliance frameworks.
• Familiarity with RMM/XDR/EDR, SIEM, and vulnerability scanning platforms.
• Experience leading small teams (mentoring, guiding).
• Exposure to incident response and tabletop exercises.

What Success Looks Like:

Success means the Security Lead is recognised by clients as a trusted advisor who simplifies security into business language. All client and internal risks are captured, visible, and acted upon with no blind spots. QSRs consistently deliver actionable improvements that feed into roadmaps and IT strategy, while client security posture measurably improves quarter-on-quarter (demonstrated in metrics such as Microsoft Secure Score, CE+ readiness, and vulnerability closure rates).

Internally, the MSP leads by example: our own systems, tools, and processes are secure, audit-ready, and improving over time. The Security Lead ensures their team is certified, trained, and ahead of industry changes, delegating operational execution while embedding governance across service,

Planet Recruitment acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. Planet Recruitment is an Equal Opportunities Employer.

By applying for this role your details will be submitted to Planet Recruitment. Our Candidate Privacy Information Statement explains how we will use your information.

Only candidates with the relevant skills and experience will be contacted after application; if you do not hear back from us within 7 days you have unfortunately been unsuccessful in your application.

Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and abilities to perform the duties of the position.