Skills

Leadership Incident Response Architecture Risk Reporting Organization Team Leadership

Job Specifications

Lanes Group is a leading nationwide utility services provider with over 4,500 dedicated employees. Our diverse subsidiaries drive our success across various sectors, contributing to a remarkable turnover of over £500 million. We are committed to excellence and innovation, ensuring we provide industry leading services to our clients and stakeholders. Join us to be part of a dynamic and growing team that values diversity and

Main Purpose of the role:

The Head of Cyber Security & Operational Resilience is the accountable lead for the strategic direction and operational delivery of the organisation’s security posture. Working in strict alignment with UK NIS Regulations and the NCSC Cyber Assessment Framework (CAF), the primary objective is to maintain a defensible, resilient security position across both corporate IT and Operational Technology (OT) environments to ensure the safety and integrity of our services.

As the senior authority on cyber risk, you are tasked with ensuring the long-term resilience of the organisation’s technology estate. You will orchestrate the transition toward a Zero Trust architecture while enabling safe innovation across smart-water initiatives. You will act as the primary interface for regulatory bodies, ensuring that all security investments are risk-led, commercially sound, and statutorily compliant.

By balancing rigorous IT Governance, Risk, and Compliance (GRC) with technical pragmatism, you will ensure that IT and digital transformation programmes are secure-by-design. Your leadership will uphold the high reliability and public safety standards expected of a critical national infrastructure provider in a high-threat landscape.

Location: Leeds

Hours: Monday to Friday – 37.5 Hours per week

Employment Type: Permanent

Organisational Relationships:

This is a high-visibility, cross-functional leadership position that bridges the gap between executive strategy and frontline engineering. Internally, you will navigate a matrix environment, acting as a trusted advisor to corporate users and operational divisions.

You will be responsible for translating complex technical threats into operational risks, while simultaneously collaborating with site-based engineers to implement practical security controls that do not impede operations.

Externally, you are the face of the organisation’s resilience, maintaining authoritative relationships with national regulators and security agencies to ensure our compliance and intelligence-sharing capabilities remain at the forefront of the industry.

Key Responsibilities:

1. Strategic Governance & Compliance

You are the architect of the "Defensible Position." You must ensure the organization doesn't just "do" security but can prove its efficacy to the government.

NIS2 & CAF Alignment: Managing the roadmap for the NCSC Cyber Assessment Framework (CAF) to ensure statutory compliance.
Risk Reporting: Translating complex technical vulnerabilities into business risks for the Executive Board (CEO/CFO/CRO) to influence the corporate risk appetite.
Investment Strategy: Building commercially sound business cases for multi-million-pound resilience projects and digital transformation.

2. Operational Technology (OT) & Physical Safety

You are responsible for both corporate IT Security and Operational Security - A digital failure here has physical consequences.

IT/OT Convergence: Securing the "bridge" between corporate networks and operational systems.
Safety Integration: Partnering with Operations and HSE to ensure security controls support a "Safety First" culture (e.g., ensuring a firewall doesn't accidentally block an emergency manual override).
Incident Response: Developing integrated playbooks that account for both digital recovery and physical emergency protocols.

3. Technical Evolution: Zero Trust & Innovation

You are tasked with modernizing a legacy environment while enabling "Smart Water" initiatives.

Zero Trust Roadmap: Leading the transition from traditional perimeter security to a Zero Trust architecture, ensuring identity-based security across all 4,500+ employees.
Secure-by-Design: Acting as the security "consultant" for all new digital transformation and IoT projects to ensure resilience is baked in, not bolted on.
Threat Intelligence: Leveraging relationships with the NCSC and industry peers to proactively defend against nation-state or ransomware threats.

4. Supply Chain & Ecosystem Integrity

Lanes Group relies on a massive network of vendors; you are the "inspector" of that network.

Vendor Vetting: Overseeing the cybersecurity auditing of third-party suppliers via Procurement.
SBOM Management: Implementing Software Bill of Materials (SBOM) requirements to track and manage vulnerabilities within third-party software components.
Client Assurance: Serving as the authoritative voice for clients who require proof that their service provider (Lanes) is cyber-resilient.

5. Team Leadership & Culture

Mentorship: Managing and developing

About the Company

Lanes Group is the UK's leading provider of specialist drainage, utility, and asset maintenance services. With a strong focus on innovation, safety, and customer satisfaction, we offer comprehensive solutions that keep essential infrastructure operating efficiently and effectively. Founded in 1992, Lanes Group has grown to become a national leader, delivering high-quality services to a wide range of sectors including water utilities, rail, highways, energy, and commercial properties. Our expertise spans from emergency drain... Know more