Job title: eCAF/NIS Programme Manager
Location: SPHQ, Glasgow City Centre
Duration: 12-month initial contract
Rate: Negotiable, inside IR35, PAYE or UMB
Job Purpose Statement
The Cyber Assessment Framework (CAF) / NIS Programme Manager is accountable for leading and delivering the programme to enhance cyber resilience, compliance and assurance across the organisation's IT applications estate in line with NIS Regulations and the UK Cyber Assessment Framework (CAF).
The role provides end-to-end ownership of a multi-year, multi-workstream programme covering application security posture, risk remediation, control uplift, and evidence-based assurance. It coordinates delivery across IT application teams, cyber security, architecture, suppliers and the business to ensure timely closure of NIS findings and sustainable improvements to cyber maturity.
The Programme Manager operates at the intersection of cyber security and application delivery, translating CAF and NIS obligations into clear, prioritised application roadmaps. They ensure robust governance, dependency management, benefits tracking and transparent senior reporting, while embedding security-by-design and resilience into application lifecycle management.
This role is critical to ensuring the organisation's IT applications are secure, resilient, regulator-ready and sustainably compliant with NIS and cyber security obligations.
Accountability Statements
Key accountabilities include:
- Overall ownership of the CAF / NIS enhancement programme for IT applications
- Translation of CAF principles and NIS obligations into actionable application workplans
- Programme governance, planning, budget, risk and dependency management
- Coordination of remediation activity across legacy and strategic applications
- Senior stakeholder engagement, regulatory evidence management and audit readiness
- Supplier and partner management across application and security services
- Assurance that application solutions meet cyber, resilience and operational standards
Dimensions
Project Delivery
- Timeliness: Ensure that projects/initiatives are delivered on schedule, meeting all critical milestones and deadlines.
- Budget Management: Oversee and manage project budgets, ensuring costs are controlled and financial objectives are met.
- Quality Assurance: Guarantee the quality of project deliverables, ensuring they meet both business requirements and technical standards.
Strategic Alignment
- Business Objectives: Ensure that initiatives align with the organisations strategic cyber goals.
- Stakeholder Alignment: Maintain alignment with key stakeholders, managing expectations and ensuring their needs and objectives are met.
Risk Management
- Risk Identification and Mitigation: Proactively identify potential project risks and develop mitigation strategies to address them.
- Issue Resolution: Manage and resolve issues that arise during the project lifecycle, ensuring minimal impact on project progress.
Team Leadership
- Team Management: Lead and manage project teams, ensuring effective collaboration, motivation, and performance.
- Resource Allocation: Ensure appropriate resource allocation and utilisation, optimising team skills and capabilities for project success.
Communication
- Status Reporting: Provide regular updates on project status, including progress, risks, and issues, to senior management and stakeholders.
- Stakeholder Communication: Facilitate clear and effective communication between project teams and stakeholders.
Change Management
- Change Control: Manage changes to project scope, ensuring they are documented, approved, and communicated effectively.
- Organisational Readiness: Ensure that the organisation is prepared for changes brought by project implementations, including training and support for end-users.
Vendor Management
- Vendor Coordination: Manage relationships with external vendors and consultants, ensuring they deliver on agreed terms and contribute to project success.
- Contract Management: Oversee contracts and service level agreements (SLAs) with vendors, ensuring compliance and performance.
Skills, Knowledge & Experience
Required:
Technical Proficiency:
- Understanding of cyber IT security products and frameworks
- Understanding and experience of NIS Regulations
- Knowledge of cyber security implementation challenges and strategies.
Project Management:
- Proficiency in project management methodologies (e.g., Agile, Waterfall).
- Strong planning, scheduling, and resource management skills.
- Risk management and mitigation strategies.
- Proven history of managing cyber security projects from initiation to completion.
Leadership:
- Ability to lead and motivate cross-functional teams.
- Decision-making and critical thinking skills.
- Change management expertise.
- Demonstrated ability to manage multiple projects simultaneously.
Communication/Stakeholder Management:
- Excellent verbal and written communication skills.
- Ability to present complex technical information to non-technical stakeholders.
- Negotiation and conflict resolution skills.
- Experience in managing relationships with key stakeholders, including senior management, business users, and vendors.
Analytical Skills:
- Strong analytical and critical thinking abilities.
- Proficiency in data analysis and reporting.
Financial Acumen:
- Budgeting, cost estimation, and financial planning skills.
Business Processes:
- Understanding of business processes across divergent functions (e.g., IT, Customer Service, Cyber Security).
- Knowledge of industry-specific processes and requirements.
Change Management:
- Experience in managing organisational change and training initiatives related to cyber security implementations.
Special Requirements (not mandatory)
- Understanding of Cyber / IT security products and frameworks
- Understanding and demonstrable previous experience of delivering projects related to NIS Regulations
Minimum Criteria (Mandatory)
Experience of IT application project delivery
HND or degree level qualification
AMRT1_UKTJ
