Cyber Security Lead

The Role

Purpose:

The Cyber Security Lead is responsible for owning and maturing IoT.nxt's technical security posture across two domains: the corporate IT environment and the IoT product and platform estate. The role is the company's primary security authority hands‑on in operating and improving security controls, while leading by influence across development and infrastructure teams to embed security thinking into how IoT.nxt builds and operates.

Working in close partnership with the IT Risk and Compliance function, the Cyber Security Lead provides the technical security expertise that underpins IoT.nxt's ISO 27001 certification. The role actively works to scale the security function's impact through automation and tooling, and will take on management responsibility for any future SOC capability the company builds or outsources.

• Define and maintain the security architecture across the corporate IT environment and IoT product estate, covering edge devices, communication protocols, cloud backends, and the OT/IT boundary.
• Own the selection, configuration, and ongoing operation of security tooling, including SIEM/SOAR, endpoint detection and response (EDR), vulnerability management platforms, identity and access management (IAM), and network security controls.
• Drive the vulnerability management programme: scanning, penetration testing coordination, risk‑based prioritisation, and remediation tracking in partnership with infrastructure and development teams.
• Lead the design and review of security controls for new systems, products, and integrations — acting as the security authority in architecture and design reviews.
• Embed security requirements and threat modelling into the product development lifecycle, ensuring security is built into IoT.nxt's devices, firmware, and platforms rather than bolted on.
• Assess and advise on the security of device firmware, embedded systems, and IoT communication protocols (e.g. MQTT, TLS, CoAP), and coordinate product security assessments.
• Own the threat detection capability: configure and tune detection rules, manage alert quality, and lead incident response from initial triage through to containment, forensic investigation, and post‑incident review.
• Actively reduce manual SOC workload through automation — implementing SOAR playbooks, tuning out false positives, and building repeatable response workflows that scale without requiring additional headcount.
• Maintain and regularly test the incident response plan, ensuring the organisation is prepared to respond to a range of threat scenarios.
• Work closely with the IT Risk and Compliance function to provide technical evidence for ISO 27001 controls, implement remediation actions arising from audits, and author technical security policies.
• Provide technical input into risk assessments for new systems, third‑party integrations, and significant changes to the environment.
• Own the technical security roadmap: identify gaps in the security posture, prioritise improvements, and drive execution.
• Provide input into security awareness training and the embedding of secure development practices within the SDLC, working with engineering leads to make security a shared responsibility.
• Lead by influence across development, infrastructure, and product teams — building security as a shared responsibility.
• Manage and provide direction to any future SOC capability as the function evolves.
• Stay current with the global threat landscape, emerging attack techniques, and regulatory developments relevant to IoT.nxt's international operations.
• Engage with clients on security‑related discussions and compliance activities to help the technical team address security challenges in client environments.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), OSCP (Offensive Security Certified Professional), CEH, or CompTIA Security+ are highly desirable.

• 7+ years of experience in…