Cyber Security Lead

Cyber Security Lead - £800 per day - Inside IR35 - Remote - 6 months initial contract - Priority will be given to candidates with active or recently lapsed SC clearance.

Our client, one of the UKs biggest producers of ZERO CARBON energy, is looking for a Cyber Security Lead to strengthen their cyber resilience and provide assurance across a complex, fast-moving environment.

This role will lead on assurance activities, including gap analysis against recognised standards (ISO27001, NIST CSF, ONR), ensuring controls are implemented, measured, and continually improved.

The position requires a confident, dynamic individual who can engage at all levels of the business, with broad exposure to both internal and external stakeholders across technology providers and regulatory bodies.

Personality, credibility, and the ability to influence are as critical as technical expertise.

Key responsibilities - 

Cyber Assurance and GRC Leadership: Lead assurance activities and programmes, aligning security controls to ISO 27001, NIST CSF, ONR, and UK Gov standards

Gap Analysis and Compliance: Produce audit-ready evidence, manage ONR requirements, and ensure ongoing alignment with NCSC and NPSA guidance

Cloud Security Architecture: Secure and optimise Azure and M365 environments across IaaS, PaaS, and SaaS services

Microsoft Security Stack: Deliver and support enterprise use of Defender, Purview, Sentinel (KQL, Logic Apps), Entra ID (IAM, PIM), DLP, AIP, and MCAS

Security Programme Delivery: Lead and advise on security initiatives within CNI-regulated environments, ensuring compliance with ONR SyAPs and Cyber Essentials+

Third-Party Risk: Conduct security reviews of suppliers and partners, validating controls against contractual and regulatory requirements

Stakeholder Engagement: Work across internal and external stakeholders (including Microsoft, Google, partners, and alliances), providing clear reporting and advice to senior management and regulatory bodies

Health Checks and Testing: Scope and coordinate ITHC (IT Health Checks) and vulnerability management programmes to meet NCSC and regulatory expectations

Policy and Documentation: Author and maintain security policies, standards, and Integrated Management System (IMS) documentation

Knowledge, Skills and Experience - 

Essential -

Established cyber security credentials with demonstrable experience in assurance, GRC, and cloud security

Proven leadership in delivering gap analysis, audit evidence, and certification programmes (e.g. ISO 27001, NIST CSF, Cyber Essentials+)

Strong technical background in Microsoft Security Stack and cloud security architecture

Familiarity with risk assessment methodologies (ISO27005, NIST)

Excellent communication, presentation, and stakeholder management skills

Confident operating within regulated environments and engaging with regulators

Eligible for SC clearance (active or recently lapsed preferred)

Desirable - 

Experience in the UK nuclear, defence, or regulated industry

Experience of complex project delivery and change control

Strong written English for preparing policies, standards, and assurance documentation