Cyber Security Programme Lead

Our Client, a Major Oil and Gas Operator is seeking an experienced Cyber Security Programme Lead. This is an initial 12 Month PAYE Contract role based in Aberdeen. The Client is seeking a Cyber Security Programme Manager to lead the delivery of its enterprise-wide cyber security maturity uplift.

The role will be accountable for driving The Client’s security maturity across all NIST CSF functions (Govern, Identify, Protect, Detect, Respond, Recover) and aligned with the UK Cyber Assessment Framework (CAF). The Programme Manager will own the end-to-end cyber improvement roadmap, coordinating delivery across IT, Security, Procurement, HR, Legal, Enterprise Risk Management (ERM), and business teams.

This role is responsible for translating strategy into execution, ensuring that priority controls, governance, and capabilities are implemented effectively, and that progress is measured, evidenced, and reported to senior stakeholders.

• Cyber security programme leadership and delivery
• Own and deliver the Client cyber security improvement programme aligned to NIST CSF and UK CAF
• Define, maintain, and execute the integrated delivery roadmap to achieve Level 3 maturity by 2026
• Establish programme governance, milestones, dependencies, and delivery plans across all workstreams
• Track delivery progress, manage risks, issues, and interdependencies across multiple initiatives
• Ensure clear alignment between cyber priorities, enterprise risk, and business objectives

• Cross-functional coordination and stakeholder engagement
• Coordinate delivery across IT, Security, Procurement, Legal, ERM, and operational teams
• Act as the central point of accountability for programme execution and cross-functional alignment
• Drive engagement and accountability across business units and third parties
• Support supplier and third-party risk integration into programme delivery
• Provide clear, consistent communication to senior leadership and governance forums

• Maturity uplift across NIST CSF domains
• Govern: enhance structured cyber reporting, and security standards
• Identify: Ensure accurate asset inventory, classification, and vulnerability management coverage
• Protect: Oversee enhancement of key controls including configuration, access control, and data protection as well as training, awareness and supply chain security
• Detect: Increase monitoring coverage and use cases
• Respond: Establish and mature incident response processes, roles, and testing (e.g. tabletop exercises)
• Recover: Embed resilience through backup, recovery planning, and regular testing of recovery capabilities

• Programme controls, reporting, and assurance
• Define and track KPIs and maturity metrics aligned to NIST CSF and CAF
• Provide regular reporting on programme status, risks, control effectiveness, and outcomes
• Ensure appropriate evidence is produced to support regulatory, audit, and assurance requirements
• Support internal and external audits and regulatory engagement
• Maintain a clear view of residual risk and ensure escalation through governance forums

Skills, experience & attributes of candidate:

• Proven experience delivering large-scale cyber security or technology transformation programmes
• Strong understanding of cyber security frameworks (NIST CSF, UK CAF, ISO 27001)
• Experience operating across complex stakeholder environments and driving cross-functional delivery
• Strong programme management capability (planning, risk management, governance, and reporting)
• Ability to translate cyber strategy into structured, deliverable plans
• Confident engaging senior leadership and influencing decision-making
• Strong analytical and problem-solving skills with a pragmatic, outcome-focused approach