Insider Risk Programme Lead

Insider Risk Programme Lead - Inside IR35 - Primarily remote - 12 Month initial contract.

My client, one of the biggest ZERO CARBON energy producers, is seeking an experienced Insider Risk Programme Lead to design, implement, and embed a comprehensive insider risk programme in response to updated Cabinet Office Personnel Security Policy and NPSA Insider Risk Mitigation Framework requirements.

This role will lead the establishment of a holistic, governance-led insider risk capability, operating across multiple licensees and business areas, including personnel security, cyber security, and wider security functions. The successful candidate will bridge the gap between current-state capability, HMG compliance requirements, and industry best practice.

Key Responsibilities
- Programme Leadership & Delivery
- Lead the end-to-end implementation of the organisation's Insider Risk Programme
Project manage delivery, including timelines, dependencies, risks, and milestones
Ensure the programme is scalable, sustainable, and aligned to HMG expectations

Policy & Strategy Development
- Draft and formalise Insider Risk policy and supporting strategy in line with:
Cabinet Office Personnel Security Policy
NPSA Insider Risk Mitigation Framework
Ensure policies are consistent across licensees while accommodating local operational needs
Translate policy requirements into practical, actionable guidance

Risk & Gap Analysis
- Use pre-existing gap analysis to identify weaknesses and areas for improvement
Prioritise remediation activities based on risk and regulatory impact
Align mitigations to recognised best practice and national guidance
Governance & Mitigation Frameworks
- Design and establish Insider Threat Mitigation Group(s), potentially separated by licensee

Define governance structures, including:

Terms of Reference
Membership and roles
Escalation and decision-making mechanisms
Support and track actions arising from mitigation group activity
Cross-Domain Integration
Work across personnel security, cyber security, and other relevant security functions
Clarify roles, responsibilities, and information-sharing arrangements
Ensure insider risk is managed as a joined-up, enterprise-wide risk

Stakeholder Engagement
- Engage with senior stakeholders across three licensees
Act as a subject matter authority on insider risk and HMG requirements
Provide clear, concise advice to both technical and non-technical audiences

Collaboration & Support
- Work closely with the Insider Risk Analyst to inform policy, governance, and triage mechanisms
Provide strategic direction without duplicating operational or analytical activity

Skills & Experience Required
- Essential
- Proven experience leading or implementing an Insider Risk / Insider Threat programme

Strong knowledge of:

Cabinet Office Personnel Security Policy
NPSA Insider Risk Mitigation Framework (or equivalent)

Demonstrable experience in:

Policy and strategy drafting
Security or risk governance design
Operating in regulated or HMG-aligned environments
Excellent stakeholder management skills across complex organisations
Ability to translate national policy into operationally workable controls

Desirable:

Background in personnel security, security risk, or enterprise risk management
Experience working across multiple legal entities or licensees
Familiarity with hybrid threat, insider threat, or protective security domains
Experience operating in Critical National Infrastructure or similar sectors

What's on offer
- Opportunity to lead a high-profile, nationally significant security programme
Influence organisational policy and long-term risk posture
Work at the intersection of personnel, cyber, and enterprise security
A role with clear outcomes and strategic impact