Cyber Security Lead

Permanent, Full Time (35 hours per week) Were looking for a Cyber Security Lead to provide strategic leadership and organisation-wide direction for cyber security, setting security standards, influencing governance, and shaping long-term security strategy across JRF and JRHT About the role You will be responsible for leading the delivery of the organisations cyber security activities, ensuring that digital systems and information assets are protected against current and emerging threats.

Maintaining the cyber risk register, you will lead investigations into security breaches, coordinate disaster recovery (DR) and cyber incident response, and support business continuity planning (BCP), including defining Restore Point Objectives (RPOs) and Recovery Time Objectives (RTOs). The role ensures compliance with cyber security and information governance policies whilst providing subject matter expertise across the organisation. You will advise colleagues and senior stakeholders and act as a key liaison with third-party providers to safeguard our digital environment and ensure alignment with standards and audit requirements.

This is a hands-on, standalone cyber security role. As the organisations senior cyber security authority, the postholder will be the sole individual delivering cyber security activity, working closely with the Technology Manager and external IT provider. The role combines strategic oversight and independent risk-based decision-making with direct ownership of day-to-day cyber security delivery, driving continuous improvement in security maturity and organisational resilience.

About you We are seeking an experienced cyber security professional with expertise in frameworks such as ISO 27001, NIST, CIS Controls, GDPR, the UK Data Protection Act, and Cyber Essentials. The successful candidate will bring expertise in disaster recovery, business continuity, risk management, internal controls, and security technologies including SIEM, firewalls, EDR, MFA, encryption, Microsoft Purview, and Microsoft Entra.

Experience with incident response, cyber forensics, enterprise security architecture, secure-by-design principles, and managing third-party security risks is essential. The ideal candidate will have strong analytical and investigative skills to assess, document, report, and escalate cyber risks confidently. You will interpret vulnerability scans and penetration tests, evaluate cyber risks in projects or procurement, and deliver awareness programs, phishing simulations, and staff training.

Excellent communication and stakeholder management skills are critical, including briefing senior leaders, liaising with external partners, and making high-impact security decisions under pressure. You will have hands-on experience working with cyber security tools or SOC services to monitor, detect, and respond to threats, as well as experience leading or supporting incident investigations and coordinating DR and BCP exercises. The role also involves supporting audits, compliance certifications, policy deployment, and regulatory requirements, with experience providing strategic advice to senior leadership or Boards.

How to apply

If you share our passion and this role sounds like you, then were looking forward to hearing from you. Please submit your CV and supporting information via our online application platform. The closing date for applications is 19th January 2026. Interviews will take place TBC. We reserve the right to bring the closing date forward should enough quality applications be received prior to the current closing date.

Additional Information Applications are welcome from all, regardless of age, disability, marriage or civil partnership, pregnancy or maternity, religion or belief, race, sex, sexual orientation, trans status or socioeconomic background. We positively encourage applications from people from marginalised backgrounds, including but not limited to those with experience of living in poverty. We are committed to being an anti-racist organisation and operate an anonymised recruitment process so that bias is eliminated from the shortlisting process.

In support of our approach…