Cyber Risk Management Lead Location: Immingham or London Contract Type: Permanent, Full-Time About VPI VPI is a leading energy company dedicated to delivering efficient, low-carbon power solutions across the UK. We are committed to operational excellence, innovation, and environmental stewardship. As part of our growth and continued investment in engineering expertise, we are seeking a highly skilled Cyber Risk Management Lead to join our VPI Cyber Security Team. The Role The Cyber Risk Management Lead will oversee the implementation and continuous improvement of VPI's cyber risk management framework, focusing on Governance, Risk, and Compliance (GRC). Based in Immingham or London, with occasional travel, the role supports both Operational Technology (OT) and Information Technology (IT) domains, aligning security operations with industry standards and regulatory requirements. Responsibilities include managing a cyber risk toolkit, overseeing change management policies, contributing to DevOps security, and ensuring risk resilience across IT and OT operations. The role also involves liaising with regulators, supporting business development projects, and leading workstreams within VPI's Cyber Security strategy, with potential line management duties. Preferred candidates will have experience in high-assurance security environments, knowledge of NCSC's Cyber Assessment Framework (CAF) and NIS regulations, and an understanding of energy sector technology principles, including the Purdue model. Key Responsibilities Lead or directly complete risk assessment outputs to inform risk management activities across IT and OT. Including the correlation of individual outputs into group and strategic level risk tracking. Manage the implementation and iterative evolution of the cyber security risk toolkit, including the proportionate use of tools such as threat modelling, attack trees and scenario-based exercises. Develop and implement cyber security policies and processes considerate of VPI risk posture and regulatory requirements. Including their correlation into staff education and awareness materials, aligned with Secure by Design principles. Manage an operational relationship with IT first line security services within an outsourced SOC operating model. Include the correlation of operational data into risk tracking and controls refinement. Manage the definition of VPI cyber threat intelligence requirements and act as a contributor for external threat intelligence review and interpretation. Manage the scoping of cyber risk requirements for business development projects and manage the direct or in-direct delivery of risk outputs aligned with delivery milestones. Act as a contributor within a supply chain risk management framework, managing the correlation of supplier risk into reporting, considerate of asset criticality, remote access and sensitive data exposure. Lead the delivery of defined CISO strategic objectives across business operations, acting as Deputy NIS Reporting Officer (NRO) for regulatory outputs and interactions. Act as a bronze or silver level responder within the cyber security incident response framework. Managing the containment, remediation and return to business-as-usual operations following control failures or breaches. What We're Looking For Self-motivated and able to work autonomously within defined strategic objectives. Humble with a human considerate view of people, process and technology. Desire, aptitude and attitude to learn, develop, and share your knowledge and experience with colleagues. Embraces change and ability to adapt self and others to new situations / working methods. Flexible approach towards applying your skills to meet evolving business needs. Ability to work on multiple work projects running together and identify critical priorities. Key Skills & Attributes Essential: Experience of managing the triaging and assessment of SIEM alerts across an enterprise IT environment Experience managing the control configuration of business applications and services Experience of directly implementing NCSC secure by design principles or CAF aligned requirements into cyber security business operations. Experience of leading incident response activities. Subject matter expert for defined cyber security specialism or multi-experienced across 1-3 cyber domains. Advanced communication skills, including a proven ability to identify technical metrics and correlate into reporting outputs modelled on stakeholder interests. Advanced Microsoft packages - Word, Excel, Powerpoint, Teams and Outlook. Desirable Cyber Security certifications or badges, including but not limited to Certified Information Security Manager [CISM], SANS GICSP, ISO27001 implementor or auditor, Azure/AWS/Google Badge Series - Associate to Expert, Certified Information Systems Security Professional (CISSP). Familiarity with IEC 62443 standards and certifications Familiarity with an out-sourced SOC operating model and IDS tools and implementation methods relevant to IT and OT environments. Experience of line management or mentoring colleagues or team members. Experience leading the development of capital investment proposals for cyber security tools and services. Educated to HND/Degree level. Why Join VPI? Be part of an innovative company at the forefront of the energy sector. Work on technically challenging projects across multiple sites. Contribute to a company that values safety, environmental responsibility, and continuous improvement. Opportunities for professional growth and development. Ready to Apply? If you are a driven Cyber Security Lead looking for a new challenge within a dynamic and forward-thinking organisation, we want to hear from you Apply today and help shape the future of power generation. Rullion celebrates and supports diversity and is committed to ensuring equal opportunities for both employees and applicants.