Cyber Security Programme Leadership and Delivery:

Our client is seeking a Cyber Security Programme Lead to oversee delivery of a large-scale cyber maturity uplift programme. This role is accountable for translating cyber strategy into execution, driving improvements across all NIST CSF domains and aligning with UK CAF requirements.

You will lead a complex, enterprise-wide programme spanning technology, governance, risk, and operational teams, ensuring effective coordination and measurable progress against defined security outcomes.

Programme Leadership & Delivery:

• Own and deliver a cyber security improvement programme aligned to NIST CSF and UK CAF.
• Define and execute a structured roadmap to achieve targeted maturity levels.
• Establish governance frameworks, timelines, dependencies, and delivery plans.
• Track progress across multiple workstreams, managing risks, issues, and interdependencies.
• Align cyber initiatives with enterprise risk priorities and business objectives.

Cross-Functional Coordination:

• Coordinate delivery across IT, Security, Procurement, HR, Legal, and Risk functions.
• Act as the central point of accountability for programme execution.
• Drive engagement and ownership across business units and third parties.
• Support integration of supplier and third-party risk into programme delivery.
• Provide clear reporting and communication to leadership and governance forums.

Cyber Maturity Uplift (NIST CSF Domains):

• Govern: Strengthen reporting, governance frameworks, and standards.
• Identify: Improve asset visibility, classification, and vulnerability coverage.
• Protect: Enhance key controls including access management, configuration, and data security.
• Detect: Expand monitoring capabilities and detection use cases.
• Respond: Develop and test incident response processes and scenarios.
• Recover: Improve resilience through backup, recovery planning, and testing.

Reporting, Controls & Assurance:

• Define and monitor KPIs and maturity metrics.
• Produce regular updates on programme status, risk, and control effectiveness.
• Ensure audit-ready evidence is maintained.
• Support regulatory engagement and internal/external audits.
• Track residual risk and ensure appropriate escalation.

Desirable Skills & Experience:

• Background in regulated environments or critical infrastructure.
• Experience with enterprise risk management integration.
• Familiarity with third-party and supply chain risk programmes.
• Exposure to audit, compliance, and regulatory frameworks.
• Certifications such as CISSP, CISM, or equivalent.

TMM Recruitment INDIT