Cyber Risk Lead

Cyber Risk Lead
Utilities
Predominantly remote: 1-2 days per month in Warwick
6 months+
£650 per day

In short: We require a strong Cyber Risk Lead to develop control frameworks and perform risk assessments on NIS systems. You'll be reporting, dashboarding and be required to tech validate/quantify your findings.

In full:

A Cyber Risk Lead is required to perform control assessments across our systems, using the CIS Control Set as the baseline. The role will be responsible for assessing control effectiveness, engaging with control owners, and helping build visibility of control maturity across the environment.

The successful candidate should be capable of working independently, driving control assessment activity, and developing management dashboards or reporting that clearly show status, trends, gaps, and priorities.

Desired experience and requirements

• Strong cyber risk, control assessment, or assurance background.
• Practical experience using the CIS Controls or a similar control framework.
• Ability to assess control design and operating effectiveness.
• Experience working with control owners to validate evidence, agree actions, and track remediation.
• Strong understanding of governance, risk, and compliance processes.
• Ability to develop and maintain dashboards or reporting for control status and trend analysis.
• Experience working in regulated environments, ideally including NIS, critical infrastructure, or similarly complex operational settings.
• Strong stakeholder management skills and the ability to influence without direct authority.
• Good analytical, documentation, and presentation skills.

More of a nice-to-have, we would welcome candidates with experience in:

• Critical infrastructure, energy, utilities, or other heavily regulated sectors like banking (SOX/PCI)
• NIS aligned environments.
• OT/IT convergence and associated security challenges.
• Control frameworks, assurance programmes, or cyber governance reporting.

Candidates will ideally show evidence of the above in their CV in order to be considered.
Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.

We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.