Cyber Security Lead

Permanent, Full Time (35 hours per week)

We’re looking for a Cyber Security Lead to provide strategic leadership and organisation-wide direction for cyber security, setting security standards, influencing governance, and shaping long-term security strategy across JRF and JRHT

About the role

You will be responsible for leading the delivery of the organisation’s cyber security activities, ensuring that digital systems and information assets are protected against current and emerging threats. Maintaining the cyber risk register, you will lead investigations into security breaches, coordinate disaster recovery (DR) and cyber incident response, and support business continuity planning (BCP), including defining Restore Point Objectives (RPOs) and Recovery Time Objectives (RTOs).

The role ensures compliance with cyber security and information governance policies whilst providing subject matter expertise across the organisation. You will advise colleagues and senior stakeholders and act as a key liaison with third-party providers to safeguard our digital environment and ensure alignment with standards and audit requirements.

This is a hands-on, standalone cyber security role. As the organisation’s senior cyber security authority, the postholder will be the sole individual delivering cyber security activity, working closely with the Technology Manager and external IT provider. The role combines strategic oversight and independent risk-based decision-making with direct ownership of day-to-day cyber security delivery, driving continuous improvement in security maturity and organisational resilience.

About you

We are seeking an experienced cyber security professional with expertise in frameworks such as ISO 27001, NIST, CIS Controls, GDPR, the UK Data Protection Act, and Cyber Essentials. The successful candidate will bring expertise in disaster recovery, business continuity, risk management, internal controls, and security technologies including SIEM, firewalls, EDR, MFA, encryption, Microsoft Purview, and Microsoft Entra. Experience with incident response, cyber forensics, enterprise security architecture, secure-by-design principles, and managing third-party security risks is essential.

The ideal candidate will have strong analytical and investigative skills to assess, document, report, and escalate cyber risks confidently. You will interpret vulnerability scans and penetration tests, evaluate cyber risks in projects or procurement, and deliver awareness programs, phishing simulations, and staff training. Excellent communication and stakeholder management skills are critical, including briefing senior leaders, liaising with external partners, and making high-impact security decisions under pressure.

You will have hands-on experience working with cyber security tools or SOC services to monitor, detect, and respond to threats, as well as experience leading or supporting incident investigations and coordinating DR and BCP exercises. The role also involves supporting audits, compliance certifications, policy deployment, and regulatory requirements, with experience providing strategic advice to senior leadership or Boards.

How to apply

If you share our passion and this role sounds like you, then we’re looking forward to hearing from you.

Please submit your CV and supporting information via our online application platform.

The closing date for applications is 19th January 2026.

Interviews will take place TBC.

We reserve the right to bring the closing date forward should enough quality applications be received prior to the current closing date.

Additional Information

Applications are welcome from all, regardless of age, disability, marriage or civil partnership, pregnancy or maternity, religion or belief, race, sex, sexual orientation, trans status or socioeconomic background.

We positively encourage applications from people from marginalised backgrounds, including but not limited to those with experience of living in poverty.

We are committed to being an anti-racist organisation and operate an anonymised recruitment process so that bias is eliminated from the shortlisting process.

In support of our approach to flexible working, we are happy to receive applications from those seeking full-time employment, as well as those who may want to share the role on a part-time basis. When making your application, please state whether you want to be considered for either full or part-time work and, if part-time, the number of hours per week you would be looking for.

At JRF we’re at our best when we’re continually building on trust, showing we care and making a difference – and hope others will do the same. So, for those roles which allow it, we’re developing a more blended approach to how and where you work. This means you can expect to work flexibly between the office and home (with an expectation of two days a week in your home office).

We are a Disability Confident Employer. This means that we are committed to the recruitment, progression and retention of disabled individuals. We shall also offer interviews to disabled candidates who meet the minimum criteria for the job. If you have a disability, please tell us if you would like to be considered for an interview under the Disability Confident Scheme.

If you have any additional needs and need reasonable adjustments to be made to the interview process, please let us know.