Director - Cybersecurity - Cyber Resilience, TC, UKI in Westminster

Lead and deliver cyber resilience transformation programmes, owning end-to-end engagement delivery (scope, quality, timeline, budget) and ensuring outcomes measurably improve preparedness, response, and recovery.

Responsibilities

• Design, run, and continuously enhance cyber crisis simulations and tabletop exercises for executives and operational teams—ensuring scenarios reflect the current threat landscape, sector trends, and the client's critical business services.
• Act as an outstanding facilitator and "crisis conductor": guide senior leaders through high-pressure decision making, inject realistic developments, challenge assumptions, and drive clear actions, owners, and lessons learned.
• Translate threat intelligence and emerging attacker tactics into practical resilience improvements—linking likely threats to business impact, critical dependencies, and control or capability gaps.
• Integrate cyber response and recovery into wider enterprise resilience plans, including business continuity, IT disaster recovery, operational resilience, third-party resilience, and enterprise risk management—ensuring cyber is embedded, not bolted on.
• Partner with C-suite and functional leaders (CIO, CISO, COO, Risk, Legal, Comms, HR, Ops) to strengthen organisational readiness, clarify risk appetite, and improve cross-functional coordination during incidents.
• Build capability roadmaps and investment cases for resilience (people/process/technology), prioritising initiatives that reduce time-to-detect, time-to-respond, and time-to-recover for critical services.
• Shape and grow a cyber resilience offering: originate opportunities, develop proposals, create market-facing materials, and contribute thought leadership aligned to evolving resilience and regulatory expectations.
• Lead, coach, and inspire a high-performing cyber resilience team—developing facilitation skills, incident leadership, scenario design expertise, and client advisory confidence.
• Exceptional facilitator and communicator—able to run engaging, high-impact workshops and crisis simulations, influencing senior audiences across business, technology, and risk.
• Deep understanding of the cyber threat landscape and attacker behaviours, with the ability to convert threat insight into relevant scenarios, decision points, and resilience improvements.
• Strong resilience practitioner mindset: comfortable operating in ambiguity, steering complex stakeholder groups, and driving structured outcomes under time pressure.
• Strategic problem solver—able to diagnose resilience gaps, design pragmatic target-state capabilities, and secure executive buy-in by linking cyber resilience to business continuity and critical service delivery.
• Experienced programme and engagement leader—able to structure and manage large, complex initiatives and deliver measurable resilience outcomes.
• Commercially astute and quality-driven—balancing pace with rigour, managing delivery risk, and protecting client and firm reputation.
• Collaborative leader—builds trusted relationships, develops talent through coaching and mentoring, and fosters a culture of continuous learning and accountability.
• Confident advisor at board/exec level—able to discuss governance, risk appetite, crisis communications, regulatory considerations, and operational resilience expectations.
• Strong market access and trusted relationships, leveraging established sector networks and senior-level contacts to originate opportunities, shape market conversations, and strengthen the firm's position with key decision-makers.

Qualifications

To Qualify for the Role, You Must Have

• Proven experience leading cyber resilience, incident readiness, and/or crisis management programmes—demonstrating tangible improvements in preparedness, response effectiveness, and recovery capability.
• Strong track record designing and facilitating cyber crisis simulations and tabletop exercises for senior stakeholders, including scenario development, exercise delivery, and after-action reporting with actionable remediation plans.
• Experience building or enhancing incident response and recovery operating models: governance, roles, processes, playbooks, communications, and integration with ITDR/BCP.
• Demonstrable ability to embed cyber into wider business resilience frameworks (e.g., business continuity, operational resilience, third-party resilience) and align cyber capabilities to critical business services and impact tolerances.
• Ability to develop compelling investment cases and prioritised roadmaps for resilience capability uplift, aligned to organisational goals and risk appetite.
• Robust knowledge of relevant security and resilience frameworks and regulations (e.g., NIST CSF, NIS/NIS2, sector-specific resilience expectations), and practical experience translating these into implementable capabilities and controls.
• Strong stakeholder management experience across C-suite, technology, operations, legal, risk, and communications—ensuring coherent decision-making before, during, and after incidents.

Ideally, You'll Also Have:

• Security-related qualifications such as CISSP, CISM, CISMP, CIISEC.
• Experience operating within an NCSC Assured Cyber Consultancy.
• Sector experience in Government & Public Sector, Energy & Utilities, Retail and Consumer Products, Life Sciences, Telecoms, Media and Technology, or Transport.
• Professional services experience with market-leading organisations in delivering cybersecurity solutions.

About EY and Opportunities

At EY, we are committed to building a better working world. Our Cybersecurity Consulting Practice is expanding, and we are investing in capabilities to meet demand for cybersecurity solutions. Join us and be part of a global team delivering cutting-edge security transformation programs and services.

The Opportunity: As a Director in Cybersecurity - Cyber Resilience, you will bring diverse perspectives and deep subject-matter expertise to deliver high-quality insights and outcomes for our clients. You will lead complex resilience engagements, strengthen senior client relationships, and guide teams to develop practical solutions that enhance resilience in their businesses.

Join Us: EY offers a meaningful and fulfilling career within an inclusive culture and cutting-edge technology. We strive to build a better working world for all.

We value integrity and collaboration across diverse backgrounds and a growth mindset. What we offer includes a competitive remuneration package and a comprehensive Total Rewards program with flexible working options, holidays, health and well-being, insurance, savings, and a range of discounts and promotions.

We also offer:

• Continuous learning: Develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: Tools and flexibility to make a meaningful impact, your way.
• Transformative leadership: Insights, coaching, and confidence to lead effectively.
• Diverse and inclusive culture: Be valued for who you are and empowered to contribute.