Overview Job Description:

• The Cyber Security Manager will play a critical leadership role in shaping, implementing, and maintaining the cybersecurity strategy and operational resilience. Reporting directly to the CIO, the role will act as the tactical and Operational Cybersecurity Lead, managing security engineering, monitoring, response, governance, and awareness programs.
• This is ideal for someone with strong leadership skills, deep cybersecurity knowledge, and practical experience operating in industrial environments. The role will support the journey from a legacy IT environment to an independent digital estate while safeguarding operational technology (OT), enterprise IT, and third-party interfaces.

Main Duties and Responsibilities:

Cybersecurity Strategy and Governance

• Developing and executing cyber strategy and risk posture.
• Defining and implementing cybersecurity policies, standards, and procedures aligned to ISO27001, NIST, and OG86 frameworks.
• Conducting regular threat assessments and ensure alignment of security controls with business risk appetite.
• Monitoring compliance with regulatory and shareholder cybersecurity obligations, including NIS2 and UK critical infrastructure laws.
• Responsible for Information Risk Management across the IT function.

Operational Security Leadership

• Leading cybersecurity operations including Security Operations Centre (SOC), SIEM management, and incident response coordination.
• Overseeing vulnerability management, patch management, and threat detection for both IT and OT systems.
• Partnering with IT and OT teams to embed security across network infrastructure, cloud services, and field operations.
• Managing third-party security risk, including joint venture interfaces, vendors, and BPO service providers.
• Building, leading, mentoring, and developing a high-performing Cyber Security Team.

Risk, Awareness, and Culture

• Championing a strong security culture across through education, awareness, and engagement.
• Leading cyber and IT risk assessments across the enterprise, producing mitigation plans and escalating risks appropriately.
• Acting as a Subject Matter Expert (SME) during audits, regulator reviews, and board reporting cycles.

Transformation and Transition

• Supporting the separation of IT estate from the company legacy systems, ensuring cyber risk is proactively managed during transition.
• Designing and implementing the foundational security architecture for a greenfield technology landscape, including secure cloud, identity management, and endpoint protection.

Desirable Skills & Experience:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field.
• Minimum 10 years of experience in IT risk management or cybersecurity roles, including at least 3 years in leadership/management.
• Familiarity with security frameworks (NIST CSF, ISO 27001), regulatory requirements (NIS2, GDPR), and OT standards (IEC 62443, OG86).
• Strong vendor and stakeholder management skills.
• Professional certifications such as CISSP, CISM, or SANS GIAC.
• Deep understanding of both enterprise IT and industrial control systems (ICS/SCADA) in upstream energy.
• Proven experience in managing SOC operations, incident response, and threat intelligence.

What we offer:

• Opportunity to build a cybersecurity function in a high-impact role at a newly formed, agile energy company.
• Exposure to both enterprise and operational cybersecurity challenges in the UK’s most ambitious upstream JV.
• A dynamic and supportive working environment with industry leaders.
• Competitive compensation and benefits package.

Special Considerations:

• A pivotal moment in its lifecycle — transitioning from inherited legacy systems and cyber practices to an autonomous model.
• The Cyber Security Manager must be agile, resilient, and proactive in helping the organisation navigate complex technological change while maintaining strong security assurance.

TMM Recruitment INDIT