- Company Name
- Joseph Rowntree
- Job Title
- Cyber Security Lead
- Job Description
-
**Job Title:** Cyber Security Lead
**Role Summary:**
Provide senior strategic and operational leadership for enterprise cyber security. Develop and enforce security standards, oversee risk management, incident response, disaster recovery, and business continuity. Act as the sole cyber security authority, advising executive leadership, coordinating with external providers, and ensuring compliance with ISO 27001, NIST, CIS Controls, GDPR, UK Data Protection Act, and Cyber Essentials.
**Expectations:**
- Deliver comprehensive cyber security strategy and policy framework.
- Maintain and update the cyber risk register; lead investigations of breaches.
- Ensure continuous improvement of security maturity and organisational resilience.
- Communicate effectively with senior stakeholders and external parties under pressure.
**Key Responsibilities:**
- Define and implement security standards, controls, and governance mechanisms.
- Maintain cyber risk register; assess, document, and report risks.
- Lead incident response, cyber forensics, and post‑incident analyses.
- Coordinate disaster recovery (DR) and business continuity planning (BCP), setting RPO and RTO targets.
- Oversee security monitoring via SIEM, SOC services, and automated threat detection tools.
- Conduct vulnerability scans, penetration test reviews, and risk assessments for projects and procurement.
- Deliver security awareness programs, phishing simulations, and staff training.
- Liaise with third‑party vendors for security assurance and audit alignment.
- Support regulatory compliance, audits, and certification processes.
- Provide strategic advice and briefings to executive leadership and boards.
**Required Skills:**
- Deep knowledge of ISO 27001, NIST, CIS Controls, GDPR, UK Data Protection Act, Cyber Essentials.
- Expertise in disaster recovery, business continuity, risk management, and internal controls.
- Proficiency with security technologies: SIEM, firewalls, EDR, MFA, encryption, Microsoft Purview, Microsoft Entra.
- Experience in incident response, cyber forensics, enterprise security architecture, and secure‑by‑design principles.
- Strong analytical, investigative, and risk assessment capabilities.
- Excellent communication, stakeholder management, and decision‑making under pressure.
**Required Education & Certifications:**
- Bachelor’s degree in Computer Science, Information Security, or related field.
- Professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer, or equivalent.
- Additional certifications in DR/BCP, threat intelligence, or cloud security preferred.
Yorkshire, United kingdom
On site
Senior
15-01-2026