Cyber Security Transformation Lead

Our client is seeking a Cyber Security Programme Manager to lead the delivery of its enterprise-wide cyber security maturity uplift. The role will be accountable for driving security maturity across all NIST CSF functions (Govern, Identify, Protect, Detect, Respond, Recover) and aligned with the UK Cyber Assessment Framework (CAF). The Programme Manager will own the end-to-end cyber improvement roadmap, coordinating delivery across IT, Security, Procurement, HR, Legal, Enterprise Risk Management (ERM), and business teams.

This role is responsible for translating strategy into execution, ensuring that priority controls, governance, and capabilities are implemented effectively, and that progress is measured, evidenced, and reported to senior stakeholders.

• Own and deliver the cyber security improvement programme aligned to NIST CSF and UK CAF
• Define, maintain, and execute the integrated delivery roadmap to achieve Level 3 maturity by 2026
• Establish programme governance, milestones, dependencies, and delivery plans across all work streams
• Track delivery progress, manage risks, issues, and interdependencies across multiple initiatives
• Ensure clear alignment between cyber priorities, enterprise risk, and business objectives

• Coordinate delivery across IT, Security, Procurement, Legal, ERM, and operational teams
• Act as the central point of accountability for programme execution and cross-functional alignment
• Drive engagement and accountability across business units and third parties
• Support supplier and third-party risk integration into programme delivery
• Provide clear, consistent communication to senior leadership and governance forums

• Govern: enhance structured cyber reporting, and security standards
• Identify:
  Ensure accurate asset inventory, classification, and vulnerability management coverage
• Protect:
  Oversee enhancement of key controls including configuration, access control, and data protection as well as training, awareness and supply chain security
• Detect:
  Increase monitoring coverage and use cases
• Respond:
  Establish and mature incident response processes, roles, and testing (e.g. tabletop exercises)
• Recover:
  Embed resilience through backup, recovery planning, and regular testing of recovery capabilities

• Define and track KPIs and maturity metrics aligned to NIST CSF and CAF
• Provide regular reporting on programme status, risks, control effectiveness, and outcomes
  
  Ensure appropriate evidence is produced to support regulatory, audit, and assurance requirements
• Support internal and external audits and regulatory engagement
• Maintain a clear view of residual risk and ensure escalation through governance forums

• Proven experience delivering large-scale cyber security or technology transformation programmes
• Strong understanding of cyber security frameworks (NIST CSF, UK CAF, ISO 27001)
• Experience operating across complex stakeholder environments and driving cross-functional delivery
• Strong programme management capability (planning, risk management, governance, and reporting)
• Ability to translate cyber strategy into structured, deliverable plans
• Confident engaging senior leadership and influencing decision-making
• Strong analytical and problem-solving skills with a pragmatic, outcome-focused approach