Cyber Assurance Lead, Consulting

We are seeking a highly skilled Cyber Assurance Lead with in‑depth knowledge of the water domain and expertise in water network management. This senior role is accountable for defining and driving the cyber assurance strategy, overseeing the cyber maturity roadmap, and providing best‑practice leadership across all cyber security governance, risk, and compliance (GRC). The successful candidate will have served at CISO or CISO‑advisory level within a CNI environment, with the credibility to influence at Board and Executive Committee levels and translate strategy into operational delivery.

Key Responsibilities

• Lead the design and delivery of an enterprise‑wide Cyber Maturity Assessment, benchmarking the organisation against NIST CSF, NCSC CAF, ISO 27001, and IEC 62443.
• Develop and own a multi‑year Cyber Maturity Roadmap, prioritising investments and improvements based on risk appetite, regulatory obligations, and operational impact.
• Define and implement a comprehensive Cyber Assurance Framework covering governance, policy, risk management, third‑party assurance, and technical control validation.
• Act as the principal cyber security advisor to the CISO, Executive Committee, and Board, providing clear, risk‑informed reporting and strategic recommendations.
• Oversee second‑line cyber assurance activities: control effectiveness testing, penetration testing governance, audit management, and exception handling.
• Lead engagement with regulators including the NCSC, OFWAT, and Defra on cyber resilience obligations, CAF submissions, and improvement plans.
• Drive the development and embedding of cyber security best practices across IT, OT, and supply chain domains.
• Establish cyber security KPIs and metrics, developing dashboards and reporting mechanisms for Board, CISO, and operational audiences.
• Manage and develop the cyber assurance team, fostering a culture of continuous improvement and learning.
• Support procurement and contract assurance, ensuring cyber security requirements are embedded in vendor and supply chain arrangements.

Essential Experience & Skills

• Previous CISO experience, or extensive advisory or Deputy CISO experience at an equivalent level within a CNI organisation.
• Demonstrable track record of developing and delivering cyber maturity strategies and roadmaps in complex, regulated environments.
• Deep expertise in cyber security frameworks: NIST CSF, NCSC CAF, ISO 27001/27002, and IEC 62443.
• Strong understanding of the UK CNI regulatory landscape: NIS Regulations, OFWAT security requirements, NCSC guidance, and emerging NIS2‑aligned obligations.
• Experience designing and overseeing Cyber Assurance Frameworks including GRC, third‑party risk, policy governance, and audit management.
• Proven ability to communicate cyber risk in business terms at Board and Executive level.
• Knowledge of both IT and OT security environments, appreciating the distinct risk profiles of operational technology in water or utilities.
• Experience managing and developing high‑performing cyber security teams.
• Strong interpersonal, leadership, and influencing skills across technical and non-technical stakeholders.

Desirable Experience

• CISO experience specifically within the UK water sector or equivalent regulated utility.
• Experience leading or responding to NCSC CAF assessments or formal NIS regulatory audits.
• Exposure to OT/SCADA cyber security assurance in water treatment or distribution environments.
• Non‑executive advisory or board‑level cyber governance experience.
• Published thought leadership or active participation in water sector cyber security forums (e.g., Water Industry Cyber Security).
• CISSP, CISM, SABSA (CSA), or equivalent senior security certifications.

Qualifications

• Degree in Cyber Security, Information Security, Computer Science, or equivalent (Masters preferred).
• CISSP, CISM, or SABSA Chartered Security Architect certification strongly preferred.
• SC or DV security clearance required or eligible.