Director - Cybersecurity - Cyber Resilience, TC, UKI

Location: London

Other locations: Primary Location Only

Date: 27 Jan 2026

Requisition ID: 1679396

At EY, we are committed to building a better working world. Our Cybersecurity Consulting Practice is rapidly expanding, and we are investing in our capabilities to meet the increasing demand for cybersecurity solutions. Join us and be part of a global team of over 13,000 professionals dedicated to delivering cutting-edge security transformation programs and services.

The Opportunity: As a Director in Cybersecurity – Cyber Resilience, you will bring diverse perspectives and deep subject-matter expertise to deliver high-quality insights and outcomes for our clients. You will play a strategic leadership role in shaping and overseeing complex cybersecurity resilience engagements, strengthening senior client relationships, and guiding teams to develop innovative, practical solutions that help build greater resilience into their businesses.

Key Responsibilities:

• Lead and deliver cyber resilience transformation programmes, owning end-to-end engagement delivery (scope, quality, timeline, budget) and ensuring outcomes measurably improve preparedness, response, and recovery.
• Design, run, and continuously enhance cyber crisis simulations and tabletop exercises for executives and operational teams—ensuring scenarios reflect the current threat landscape, sector trends, and the client’s critical business services.
• Act as an outstanding facilitator and “crisis conductor”: guide senior leaders through high-pressure decision making, inject realistic developments, challenge assumptions, and drive clear actions, owners, and lessons learned.
• Translate threat intelligence and emerging attacker tactics into practical resilience improvements—linking likely threats to business impact, critical dependencies, and control or capability gaps.
• Integrate cyber response and recovery into wider enterprise resilience plans, including business continuity, IT disaster recovery, operational resilience, third-party resilience, and enterprise risk management—ensuring cyber is embedded, not bolted on.
• Partner with C-suite and functional leaders (CIO, CISO, COO, Risk, Legal, Comms, HR, Ops) to strengthen organisational readiness, clarify risk appetite, and improve cross-functional coordination during incidents.
• Build capability roadmaps and investment cases for resilience (people/process/technology), prioritising initiatives that reduce time-to-detect, time-to-respond, and time-to-recover for critical services.
• Shape and grow a cyber resilience offering: originate opportunities, develop proposals, create market-facing materials, and contribute thought leadership aligned to evolving resilience and regulatory expectations.
• Lead, coach, and inspire a high-performing cyber resilience team—developing facilitation skills, incident leadership, scenario design expertise, and client advisory confidence.

Skills and Attributes for Success:

• Exceptional facilitator and communicator—able to run engaging, high-impact workshops and crisis simulations, influencing senior audiences across business, technology, and risk.
• Deep understanding of the cyber threat landscape and attacker behaviours, with the ability to convert threat insight into relevant scenarios, decision points, and resilience improvements.
• Strong resilience practitioner mindset: comfortable operating in ambiguity, steering complex stakeholder groups, and driving structured outcomes under time pressure.
• Strategic problem solver—able to diagnose resilience gaps, design pragmatic target-state capabilities, and secure executive buy-in by linking cyber resilience to business continuity and critical service delivery.
• Experienced programme and engagement leader—able to structure and manage large, complex initiatives and deliver measurable resilience outcomes.
• Commercially astute and quality-driven—balancing pace with rigour, managing delivery risk, and protecting client and firm reputation.
• Collaborative leader—builds trusted relationships, develops talent through coaching and mentoring, and fosters a culture of continuous learning and accountability.
• Confident advisor at board/exec level—able to discuss governance, risk appetite, crisis communications, regulatory considerations, and operational resilience expectations.
• Strong market access and trusted relationships, leveraging established sector networks and senior-level contacts to originate opportunities, shape market conversations, and strengthen the firm’s position with key decision-makers.

To Qualify for the Role, You Must Have:

• Proven experience leading cyber resilience, incident readiness, and/or crisis management programmes—demonstrating tangible improvements in preparedness, response effectiveness, and recovery capability.
• Strong track record designing and facilitating cyber crisis simulations and tabletop exercises for senior stakeholders, including scenario development, exercise delivery, and after-action reporting with actionable remediation plans.
• Experience building or enhancing incident response and recovery operating models: governance, roles, processes, playbooks, communications, and integration with ITDR/BCP.
• Demonstrable ability to embed cyber into wider business resilience frameworks (e.g., business continuity, operational resilience, third-party resilience) and align cyber capabilities to critical business services and impact tolerances.
• Ability to develop compelling investment cases and prioritised roadmaps for resilience capability uplift, aligned to organisational goals and risk appetite.
• Robust knowledge of relevant security and resilience frameworks and regulations (e.g., NIST CSF, NIS/NIS2, sector-specific resilience expectations), and practical experience translating these into implementable capabilities and controls.
• Strong stakeholder management experience across C-suite, technology, operations, legal, risk, and communications—ensuring coherent decision-making before, during, and after incidents.

Ideally, You’ll Also Have:

• Security-related qualifications such as CISSP, CISM, CISMP, CIISEC.
• Experience operating within an NCSC Assured Cyber Consultancy.
• Sector experience in one or more of the following: Government & Public Sector, Energy & Utilities, Retail and Consumer Products, Life Sciences, Telecoms, Media and Technology, or Transport.
• Professional services experience with market-leading organisations in delivering cybersecurity solutions.

At EY, you’ll have the chance to build a meaningful and fulfilling career, supported by an inclusive culture and cutting-edge technology. Together, we can create a better working world for all.

What we look for: We’re interested in people with integrity who can collaborate with people from a diverse range of backgrounds and crucially a growth mindset.

What we offer: We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.