Head of Cyber

Lanes Group is a leading nationwide utility services provider with over 4,500 dedicated employees. Our diverse subsidiaries drive our success across various sectors, contributing to a remarkable turnover of over £500 million. We are committed to excellence and innovation, ensuring we provide industry leading services to our clients and stakeholders. Join us to be part of a dynamic and growing team that values diversity and

The Head of Cyber Security & Operational Resilience is the accountable lead for the strategic direction and operational delivery of the organisation’s security posture. Working in strict alignment with UK NIS Regulations and the NCSC Cyber Assessment Framework (CAF), the primary objective is to maintain a defensible, resilient security position across both corporate IT and Operational Technology (OT) environments to ensure the safety and integrity of our services.

As the senior authority on cyber risk, you are tasked with ensuring the long‑term resilience of the organisation’s technology estate. You will orchestrate the transition toward a Zero Trust architecture while enabling safe innovation across smart‑water initiatives. You will act as the primary interface for regulatory bodies, ensuring that all security investments are risk‑led, commercially sound, and statutorily compliant.

By balancing rigorous IT Governance, Risk, and Compliance (GRC) with technical pragmatism, you will ensure that IT and digital transformation programmes are secure‑by‑design
. Your leadership will uphold the high reliability and public safety standards expected of a critical national infrastructure provider in a high‑threat landscape.

Hours: Monday to Friday – 37.5 Hours per week

Employment Type: Permanent

This is a high‑visibility, cross‑functional leadership position that bridges the gap between executive strategy and frontline engineering. Internally, you will navigate a matrix environment, acting as a trusted advisor to corporate users and operational divisions.

You will be responsible for translating complex technical threats into operational risks, while simultaneously collaborating with site‑based engineers to implement practical security controls that do not impede operations.

Externally, you are the face of the organisation’s resilience, maintaining authoritative relationships with national regulators and security agencies to ensure our compliance and intelligence‑sharing capabilities remain at the forefront of the industry.

You are the architect of the "Defensible Position." You must ensure the organization doesn't just "do" security but can prove its efficacy to the government.

• NIS2 & CAF Alignment: Managing the roadmap for the NCSC Cyber Assessment Framework (CAF) to ensure statutory compliance.
• Risk Reporting: Translating complex technical vulnerabilities into business risks for the Executive Board (CEO/CFO/CRO) to influence the corporate risk appetite.
• Investment Strategy: Building commercially sound business cases for multi‑million‑pound resilience projects and digital transformation.

You are responsible for both corporate IT Security and Operational Security - A digital failure here has physical consequences.

• IT/OT Convergence: Securing the "bridge" between corporate networks and operational systems.
• Safety Integration: Partnering with Operations and HSE to ensure security controls support a "Safety First" culture (e.g., ensuring a firewall doesn't accidentally block an emergency manual override).
• Incident Response: Developing integrated playbooks that account for both digital recovery and physical emergency protocols.

You are tasked with modernising a legacy environment while enabling "Smart Water" initiatives.

• Zero Trust
  
  Roadmap:
  
  Leading the transition from traditional perimeter security to a Zero Trust architecture
  , ensuring identity‑based security across all 4,500+ employees.
• Secure‑by‑Design: Acting as the security "consultant" for all new digital transformation and IoT projects to ensure…