Cyber Security Lead

Cyber Security Lead - £800 per day - Inside IR35 - Remote - 6 months initial contract - Priority will be given to candidates with active or recently lapsed SC clearance.

Our client, one of the UKs biggest producers of ZERO CARBON energy, is looking for a Cyber Security Lead to strengthen their cyber resilience and provide assurance across a complex, fast-moving environment.

This role will lead on assurance activities, including gap analysis against recognised standards (ISO27001, NIST CSF, ONR), ensuring controls are implemented, measured, and continually improved.

The position requires a confident, dynamic individual who can engage at all levels of the business, with broad exposure to both internal and external stakeholders across technology providers and regulatory bodies.

Personality, credibility, and the ability to influence are as critical as technical expertise.

Key responsibilities - 

• Cyber Assurance and GRC Leadership: Lead assurance activities and programmes, aligning security controls to ISO 27001, NIST CSF, ONR, and UK Gov standards

• Gap Analysis and Compliance: Produce audit-ready evidence, manage ONR requirements, and ensure ongoing alignment with NCSC and NPSA guidance

• Cloud Security Architecture: Secure and optimise Azure and M365 environments across IaaS, PaaS, and SaaS services

• Microsoft Security Stack: Deliver and support enterprise use of Defender, Purview, Sentinel (KQL, Logic Apps), Entra ID (IAM, PIM), DLP, AIP, and MCAS

• Security Programme Delivery: Lead and advise on security initiatives within CNI-regulated environments, ensuring compliance with ONR SyAPs and Cyber Essentials+

• Third-Party Risk: Conduct security reviews of suppliers and partners, validating controls against contractual and regulatory requirements

• Stakeholder Engagement: Work across internal and external stakeholders (including Microsoft, Google, partners, and alliances), providing clear reporting and advice to senior management and regulatory bodies

• Health Checks and Testing: Scope and coordinate ITHC (IT Health Checks) and vulnerability management programmes to meet NCSC and regulatory expectations

• Policy and Documentation: Author and maintain security policies, standards, and Integrated Management System (IMS) documentation

Knowledge, Skills and Experience - 

Essential -

• Established cyber security credentials with demonstrable experience in assurance, GRC, and cloud security

• Proven leadership in delivering gap analysis, audit evidence, and certification programmes (e.g. ISO 27001, NIST CSF, Cyber Essentials+)

• Strong technical background in Microsoft Security Stack and cloud security architecture

• Familiarity with risk assessment methodologies (ISO27005, NIST)

• Excellent communication, presentation, and stakeholder management skills

• Confident operating within regulated environments and engaging with regulators

• Eligible for SC clearance (active or recently lapsed preferred)

Desirable - 

• Experience in the UK nuclear, defence, or regulated industry

• Experience of complex project delivery and change control

• Strong written English for preparing policies, standards, and assurance documentation