Insider Risk Programme Lead

Insider Risk Programme Lead - Inside IR35 - Primarily remote - 12 Month initial contract.

My client, one of the biggest ZERO CARBON energy producers, is seeking an experienced Insider Risk Programme Lead to design, implement, and embed a comprehensive insider risk programme in response to updated Cabinet Office Personnel Security Policy and NPSA Insider Risk Mitigation Framework requirements.

This role will lead the establishment of a holistic, governance-led insider risk capability, operating across multiple licensees and business areas, including personnel security, cyber security, and wider security functions. The successful candidate will bridge the gap between current-state capability, HMG compliance requirements, and industry best practice.

• Lead the end-to-end implementation of the organisation's Insider Risk Programme
• Project manage delivery, including timelines, dependencies, risks, and milestones
• Ensure the programme is scalable, sustainable, and aligned to HMG expectations

• Draft and formalise Insider Risk policy and supporting strategy in line with Cabinet Office Personnel Security Policy and NPSA Insider Risk Mitigation Framework
• Ensure policies are consistent across licensees while accommodating local operational needs
• Translate policy requirements into practical, actionable guidance

• Use pre-existing gap analysis to identify weaknesses and areas for improvement
• Prioritise remediation activities based on risk and regulatory impact
• Align mitigations to recognised best practice and national guidance

• Design and establish Insider Threat Mit Group(s), potentially separated by licensee
• Define governance structures, including Terms of Reference, Membership and roles, Escalation and decision-making mechanisms, Support and track actions arising from mitigation group activity
• Work across personnel security, cyber security, and other relevant security functions
• Clarify roles, responsibilities, and information-sharing arrangements
• Ensure insider risk is managed as a joined-up, enterprise-wide risk

• Engage with senior stakeholders across three licensees
• Act as a subject matter authority on insider risk and HMG requirements
• Provide clear, concise advice to both technical and non-technical audiences

• Work closely with the Insider Risk Analyst to inform policy, governance, and triage mechanisms
• Provide strategic direction without duplicating operational or analytical activity

• Proven experience leading or implementing an Insider Risk / Insider Threat programme
• Strong knowledge of Cabinet Office Personnel Security Policy, NPSA Insider Risk Mitigation Framework (or equivalent)
• Demonstrable experience in policy and strategy drafting, security or risk governance design, operating in regulated or HMG-aligned environments
• Excellent stakeholder management skills across complex organisations
• Ability to translate national policy into operationally workable controls

• Background in personnel security, security risk, or enterprise risk management
• Experience working across multiple legal entities or licensees
• Familiarity with hybrid threat, insider threat, or protective security domains
• Experience operating in Critical National Infrastructure or similar sectors

• Opportunity to lead a high-profile, nationally significant security programme
• Influence organisational policy and long-term risk posture
• Work at the intersection of personnel, cyber, and enterprise security
• A role with clear outcomes and strategic impact