Cyber Security Programme Lead - Inside IR35 - Energy Sector

• Remote based with some adhoc travel every 4 - 6 weeks

• Inside IR35 via Umbrella

• Ideally will have experience in Vulnerability Management or Threat Management projects/programmes

​

The Cyber Services team support business units by providing cyber services and platforms to enable our clients businesses to focus on their core missions. The Cyber Services team enable the clients UK business units through the available, efficient, and effective provision of services, including architecture, monitoring & response, and security technologies.

The Cyber Security Programme Lead will report to Senior Cyber Security Leadership and works closely alongside the Senior Manager - Cyber Threat.

· The Cyber Security Programme Lead will act as an operational extension of the leadership team, stepping in to take the immediate load off current management. You'll work with and lead a team of experienced vulnerability analysts, SMEs, and Project Managers, engaging across technology teams and business units to reduce risk to the organisation and stabilise the current operational environment.

· The Cyber Security Programme Lead will work in collaboration with the resolver groups, audit teams and maturity programmes to push the capability of the vulnerability programme. This role is an important part of the wider Cyber Services function, helping to advance our vulnerability management capability out of a "firefighting" state and into a mature, sustainable operation.

​

Cyber Security Programme Lead - What’s my role?

· Operational Leadership: Act as the hands-on operational lead for the Vulnerability Management Improvement Programme, taking direct ownership of the team's day-to-day deliverables and strategic realignment.

· Team Stabilisation: Step into a high-pressure environment to stabilise the vulnerability

· team, providing clear direction, structure, and support to analysts and subject matter experts.

· Process Optimisation: Conduct a rapid assessment of current vulnerability management processes to identify inefficiencies, bottlenecks, and inefficient practices. Hands-on Execution: Operate as a "doer" as well as a leader. You will not just be theorising; you will be actively writing management presentations, drafting new operational processes, and defining clear operating models.

· Stakeholder Management: Act as the primary buffer and interface between the vulnerability team and the wider business, managing expectations and translating technical vulnerability data into actionable business intelligence.

· Programme Delivery: Oversee the successful execution of distinct vulnerability workstreams, working alongside dedicated Project Managers to implement strategic, long-term solutions

​

What do I need to be great at this role?

· Proven Cyber Security or Vulnerability Management Leadership: Extensive experience as a dedicated Cyber Security/Vulnerability Management Leader, ideally with a track record of turning around, maturing, or rescuing underperforming security functions.

· Strategic & Tactical Balance: Ability to operate at a senior management level while remaining highly hands-on with process writing, presentation building, and data analysis.

· Resilience: Comfort operating in a high-pressure, fast-paced environment that is currently undergoing significant transformation and stabilization.

· Deep Technical Context: Strong understanding of the end-to-end vulnerability lifecycle, reporting tools (e.g., Tenable), and how to effectively guide IT resolver groups on remediation and patching prioritisation.

· Change Management: A proactive driver of change who can challenge the status quo, overcome apathy, and build a culture of accountability and resilience within the team.