Cyber Assurance Lead - Water Utilities, Consulting

Cognizant is a leading provider of information technology, consulting, and business process outsourcing services, dedicated to helping the world's leading companies build stronger businesses. We are seeking a highly skilled Cyber Assurance Lead with in-depth knowledge of the water domain and expertise in water network management. This role is pivotal in driving operational efficiency, optimizing water networks, and delivering transformative solutions to stakeholders in the water utilities sector.

The ideal candidate will bridge the gap between business needs and technical solutions, ensuring alignment with organizational goals and regulatory compliance.

Role Overview

We are seeking an exceptional Cyber Assurance Lead who brings CISO-level expertise and deep CNI sector experience to guide our organisation through a comprehensive cyber maturity transformation. This senior role is accountable for defining and driving the cyber assurance strategy, overseeing the cyber maturity roadmap, and providing best-practice leadership across the full spectrum of cyber security governance, risk, and compliance (GRC).

Key Responsibilities

• Lead the design and delivery of an enterprise-wide Cyber Maturity Assessment, benchmarking the organisation against NIST CSF, NCSC CAF, ISO 27001, and IEC 62443.
• Develop and own a multi-year Cyber Maturity Roadmap, prioritising investments and improvements based on risk appetite, regulatory obligations, and operational impact.
• Define and implement a comprehensive Cyber Assurance Framework covering governance, policy, risk management, third-party assurance, and technical control validation.
• Act as the principal cyber security advisor to the CISO, Executive Committee, and Board, providing clear, risk-informed reporting and strategic recommendations.
• Oversee second-line cyber assurance activities: control effectiveness testing, penetration testing governance, audit management, and exception handling.
• Lead engagement with regulators including the NCSC, OFWAT, and Defra on cyber resilience obligations, CAF submissions, and improvement plans.
• Drive the development and embedding of cyber security best practices across IT, OT, and supply chain domains.
• Establish cyber security KPIs and metrics, developing dashboards and reporting mechanisms for Board, CISO, and operational audiences.
• Manage and develop the cyber assurance team, fostering a culture of continuous improvement and learning.
• Support procurement and contract assurance, ensuring cyber security requirements are embedded in vendor and supply chain arrangements.

Essential Experience & Skills

• Previous CISO experience, or extensive advisory / Deputy CISO experience at an equivalent level within a CNI organisation.
• Demonstrable track record of developing and delivering cyber maturity strategies and roadmaps in complex, regulated environments.
• Deep expertise in cyber security frameworks: NIST CSF, NCSC CAF, ISO 27001/27002, IEC 62443.
• Strong understanding of the UK CNI regulatory landscape: NIS Regulations, OFWAT security requirements, NCSC guidance, and emerging NIS2-aligned obligations.
• Experience designing and overseeing Cyber Assurance Frameworks including GRC, third-party risk, policy governance, and audit management.
• Proven ability to communicate cyber risk in business terms at Board and Executive level.
• Knowledge of both IT and OT security environments, appreciating the distinct risk profiles of operational technology in water or utilities.
• Experience managing and developing high-performing cyber security teams.
• Strong interpersonal, leadership, and influencing skills across technical and non-technical stakeholders.

Desirable Experience

• CISO experience specifically within the UK water sector or equivalent regulated utility.
• Experience leading or responding to NCSC CAF assessments or formal NIS regulatory audits.
• Exposure to OT/SCADA cyber security assurance in water treatment or distribution environments.
• Non-executive advisory or board-level cyber governance experience.
• Published thought leadership or active participation in water sector cyber security forums (e.g. Water Industry Cyber Security).
• CISSP, CISM, SABSA (CSA), or equivalent senior security certifications.

Qualifications

• Degree in Cyber Security, Information Security, Computer Science, or equivalent (Masters preferred).
• CISSP, CISM, or SABSA Chartered Security Architect certification strongly preferred.
• SC / DV security clearance required or eligible.

Cognizant is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.