Lead Cyber Security Risk Manager

As a Lead Cyber Security Risk Manager you will lead the development and strengthening of the CPS cyber security function, ensuring it remains resilient to evolving threat landscapes. You will define and maintain cyber security policies, provide specialist advice to CPS staff, and foster a culture of cyber security awareness across the organisation.

• Lead the development and implementation of robust cyber security risk management strategies.
• Act decisively during cyber security incidents to minimise damage and recovery time.
• Oversee the implementation and continuous improvement of technical controls, including network security, endpoint protection, vulnerability management, and secure configuration baselines.
• Mentor and guide team members to enhance their cyber security skills and knowledge.
• Foster a culture of continuous learning and improvement within the cyber security team and across the organisation.
• Define and maintain cyber security policies and provide specialist advice to CPS staff to ensure compliance with legal obligations and the public commitment to protect data subjects’ information.
• Support the effective application of cyber security principles within Software Development/Delivery Teams, instilling "security by design".
• Identify and evaluate cyber security risks and ensure business owners take appropriate action to mitigate them.
• Investigate integrity issues or incidents involving cyber security to minimise risk to the CPS.
• Work with investigators and the legal community to enhance good cyber security principles while minimising any detrimental impact on the CPS.

• Proven experience in managing cyber security risks, including threat identification, assessment and mitigation.
• In‑depth knowledge of cyber security frameworks and standards such as NIST, ISO/IEC 27001, and the Cyber Assessment Framework (CAF).
• Ability to assess and validate the effectiveness of technical security controls and architectural designs, ensuring alignment with best practices, secure configuration standards and enterprise architecture principles.
• Excellent leadership and collaboration skills, with a track record of influencing cross‑functional teams to achieve cyber security objectives.
• Strong communication skills – able to convey complex technical concepts to non‑technical stakeholders.
• Strong technical cyber security skills to assess, implement and manage security controls across the digital infrastructure.
• Experience with current legislation, including the Data Protection Act 2018, Government Security Group (GSG) standards and National Cyber Security Centre (NCSC) guidance.
• Developed Vetting clearance (or willingness to obtain) and a current valid UK address.

• Senior cyber security leadership experience within a complex organisation.
• Sector‑specific regulatory and emerging threat knowledge.
• Professional certifications such as CISSP, CISM or CRISC.
• Experience in incident response and crisis management at an organisational level.