We are looking for a hands-on Cyber Security Lead to join a small, close-knit team at our York Head Office. In this pivotal role, you’ll be directly involved in both the technical and strategic sides of our cybersecurity efforts, ensuring the protection of our business from cyber threats and regulatory compliance, while fostering a proactive, security-first culture. If you're looking to make a direct impact in a dynamic environment, this role offers the chance to work closely with the IT, Data, and wider business teams to implement real, hands-on security solutions. You will lead and create Cyber strategy, collaborating with key partners across the IT and Data teams, and all stakeholders from all other business functions to achieve this.
Key Responsibilities:
* Lead and mentor and develop a small cybersecurity team, focusing on a hands-on, technical approach to identifying and mitigating cyber risks, while encouraging collaboration and a proactive security culture across the business.
* Develop, execute, and manage cybersecurity strategies, aligning policies, procedures, and frameworks with business objectives while ensuring compliance with industry standards (GDPR, ISO 27001, Cyber Essentials).
* Take a hands-on role in the evaluation, implementation, and management of key cybersecurity technologies, from improving real-time monitoring and protection mechanisms to leveraging threat intelligence for proactive risk mitigation.
* Take ownership of our incident response plan, ensuring the business is well-prepared to detect, respond to, and recover from cyber threats swiftly and effectively, and conduct regular testing to continuously improve resilience.
* Conduct IT infrastructure reviews and vulnerability assessments, collaborating with team members to close security gaps and integrate new technologies for ongoing protection.
* Implement cloud security, focusing on Azure and multi-cloud environments, ensuring best practices for access control, encryption, and threat detection.
* Spearhead data classification, retention, and lifecycle management policies to ensure sensitive data is securely handled and compliant with all regulatory requirements.
* Act as the main point of contact for third-party security vendors, ensuring that external security solutions align with company objectives and integrate seamlessly into the overall security strategy.
* Champion security awareness across the organisation, delivering training that empowers staff to actively participate in identifying and addressing security risks.
* Lead the development of secure system configurations, including the deployment of Multi-Factor Authentication (MFA) and Single Sign-On (SSO) solutions.
* Maintain a centralised risk register, managing security risks with clear action plans and ongoing risk assessments to continuously strengthen security.
* Advise senior leadership on key security risks and trends, ensuring cybersecurity is integrated into business strategies to enhance resilience and operational continuity.
About You:
* A hands-on, technical leader who thrives in a small team environment and has the expertise to directly implement security solutions while leading by example with a proven ability to build grow and inspire diverse cross functional teams.
* Extensive experience in a senior cybersecurity role, with a proven track record of executing hands-on security strategies, driving security technology implementations, and managing incidents and vulnerabilities.
* Familiar with industry cybersecurity frameworks (NIST, ISO 27001, CIS) and regulations (GDPR, Cyber Essentials) with a strong grasp on compliance, risk management, and embedding security practices across an organisation.
* Demonstrated expertise in ethical hacking and penetration testing, with a focus on real-world application of security techniques and practices to address immediate cybersecurity challenges.
* Skilled in managing and responding to cybersecurity incidents, from threat detection to forensic investigations, and comfortable communicating complex technical issues to both technical and non-technical stakeholders.
* A proactive, strategic thinker with strong analytical skills, able to balance the needs of security with supporting the growth and continuity of the business. Adept at identifying risks, assessing their potential impact, and implementing robust solutions that enhance security while supporting business continuity and growth.
This is an exciting opportunity for a Cyber Security Lead to directly shape and drive the security culture within a dynamic business. If you’re ready to roll up your sleeves and make an immediate impact, we want to hear from you!