Cyber Security Lead

We are seeking an experienced Cyber Security Lead to take ownership of our organisation’s cyber security strategy, operations, and resilience. This role combines strategic influence with hands-on technical leadership to protect our digital environment, reduce risk, and ensure robust preparedness against emerging threats.

This is a hybrid role – 1 / 2 days a week in York.

About the Role

As the organisation’s senior cyber security authority, you will shape long-term security strategy, set standards, and act as the first line of defence against cyber threats. You will lead incident response, maintain and improve cyber resilience, and provide expert advice to senior leaders on risk, governance, and investment priorities.

This role is highly collaborative, working closely with IT colleagues, third-party SOC providers, and organisational stakeholders. It is also hands-on, requiring practical experience implementing controls, responding to incidents, and driving continual security improvements.

Key Responsibilities

  • Lead organisational cyber security activities and strategy.
  • Oversee monitoring, threat detection, and incident response with internal teams and a third-party SOC.
  • Act as Incident Commander during major cyber events and maintain the cyber risk register.
  • Coordinate Disaster Recovery and Business Continuity Planning, ensuring regular testing and documentation.
  • Provide cyber security expertise for projects, procurement, and system upgrades.
  • Support compliance with frameworks such as Cyber Essentials, ISO 27001, GDPR and internal audit requirements.
  • Deliver the cyber awareness and training programme across the organisation.
  • Advise senior leaders on risk posture, emerging threats, and investment decisions.
  • Drive continuous improvement in cyber maturity and organisational cyber culture.

What Success Looks Like

  • Cyber risks are well understood, documented, and mitigated.
  • Incident response plans are tested and effective, and breaches are handled swiftly.
  • Strong audit outcomes and compliance with internal standards.
  • Security considerations embedded in projects and procurement.
  • Improved organisational cyber behaviour and staff awareness.
  • Clear strategic reporting to senior leadership.
  • Demonstrable year-on-year improvement in cyber resilience.

Skills and Experience

Essential:

  • Strong knowledge of cyber security frameworks (ISO 27001, NIST, Cyber Essentials, GDPR, etc.).
  • Hands-on experience with cyber tools (SIEM, firewalls, EDR, MFA, encryption) and incident response.
  • Experience leading or supporting DR/BCP activities and security investigations.
  • Ability to assess and communicate risks, influence decisions, and brief senior leaders.
  • Experience with risk registers, governance, and compliance.
  • Ability to design and deliver cyber awareness and training programmes.

Desirable:

  • Experience in a regulated or multi-entity environment.
  • Certifications such as Security+, CySA+, SSCP, CEH, CISSP, CISM, or CCSP.

Values & Behaviours

We are looking for someone who:

  • Acts with integrity, communicates clearly, and continuously looks for ways to improve.
  • Promotes a supportive, inclusive, and respectful culture.
  • Works collaboratively, focuses on outcomes, and uses resources wisely.
  • Champions good cyber practices, builds trust, and supports others to stay secure.
Apply Now
Apply Now

Job Details

Company
Reed
Location
York, North Yorkshire, England, United Kingdom
Employment Type
Full-Time
Salary
£55,000 - £58,000 per annum, Inc benefits
Posted