Insider Risk Programme Lead

Insider Risk Programme Lead - Inside IR35 - Primarily remote - 12 Month initial contract.

My client, one of the biggest ZERO CARBON energy producers, is seeking an experienced Insider Risk Programme Lead to design, implement, and embed a comprehensive insider risk programme in response to updated Cabinet Office Personnel Security Policy and NPSA Insider Risk Mitigation Framework requirements.

This role will lead the establishment of a holistic, governance-led insider risk capability, operating across multiple licensees and business areas, including personnel security, cyber security, and wider security functions. The successful candidate will bridge the gap between current-state capability, HMG compliance requirements, and industry best practice.

Key Responsibilities - 

Programme Leadership & Delivery -

• Lead the end-to-end implementation of the organisation's Insider Risk Programme
• Project manage delivery, including timelines, dependencies, risks, and milestones
• Ensure the programme is scalable, sustainable, and aligned to HMG expectations

Policy & Strategy Development -

• Draft and formalise Insider Risk policy and supporting strategy in line with:
• Cabinet Office Personnel Security Policy
• NPSA Insider Risk Mitigation Framework
• Ensure policies are consistent across licensees while accommodating local operational needs
• Translate policy requirements into practical, actionable guidance

Risk & Gap Analysis - 

• Use pre-existing gap analysis to identify weaknesses and areas for improvement
• Prioritise remediation activities based on risk and regulatory impact
• Align mitigations to recognised best practice and national guidance

Governance & Mitigation Frameworks -

• Design and establish Insider Threat Mitigation Group(s), potentially separated by licensee

Define governance structures, including:

• Terms of Reference
• Membership and roles
• Escalation and decision-making mechanisms
• Support and track actions arising from mitigation group activity
• Cross-Domain Integration
• Work across personnel security, cyber security, and other relevant security functions
• Clarify roles, responsibilities, and information-sharing arrangements
• Ensure insider risk is managed as a joined-up, enterprise-wide risk

Stakeholder Engagement -

• Engage with senior stakeholders across three licensees
• Act as a subject matter authority on insider risk and HMG requirements
• Provide clear, concise advice to both technical and non-technical audiences

Collaboration & Support -

• Work closely with the Insider Risk Analyst to inform policy, governance, and triage mechanisms
• Provide strategic direction without duplicating operational or analytical activity

Skills & Experience Required -

Essential -

• Proven experience leading or implementing an Insider Risk / Insider Threat programme

Strong knowledge of:

• Cabinet Office Personnel Security Policy
• NPSA Insider Risk Mitigation Framework (or equivalent)

Demonstrable experience in:

• Policy and strategy drafting
• Security or risk governance design
• Operating in regulated or HMG-aligned environments
• Excellent stakeholder management skills across complex organisations
• Ability to translate national policy into operationally workable controls

Desirable:

• Background in personnel security, security risk, or enterprise risk management
• Experience working across multiple legal entities or licensees
• Familiarity with hybrid threat, insider threat, or protective security domains
• Experience operating in Critical National Infrastructure or similar sectors

What's on offer -

• Opportunity to lead a high-profile, nationally significant security programme
• Influence organisational policy and long-term risk posture
• Work at the intersection of personnel, cyber, and enterprise security
• A role with clear outcomes and strategic impact