Overview
Our Oil & Gas Operator client is currently recruiting for the position of Cybersecurity Programme Lead based in Aberdeen.
* 3/2 hybrid working
* 38 days paid holiday
* PAYE Rate Negotiable.
Role overview
To lead the delivery of its enterprise-wide cyber security maturity uplift. The role will be accountable for driving the company’s security maturity across all NIST CSF functions (Govern, Identify, Protect, Detect, Respond, Recover) and aligned with the UK Cyber Assessment Framework (CAF).
The Programme Manager will own the end-to-end cyber improvement roadmap, coordinating delivery across IT, Security, Procurement, HR, Legal, Enterprise Risk Management (ERM), and business teams. This role is responsible for translating strategy into execution, ensuring that priority controls, governance, and capabilities are implemented effectively, and that progress is measured, evidenced, and reported to senior stakeholders.
Cyber security programme leadership and delivery
* Own and deliver the company cyber security improvement programme aligned to NIST CSF and UK CAF
* Define, maintain, and execute the integrated delivery roadmap to achieve Level 3 maturity by 2026
* Establish programme governance, milestones, dependencies, and delivery plans across all workstreams
* Track delivery progress, manage risks, issues, and interdependencies across multiple initiatives
* Ensure clear alignment between cyber priorities, enterprise risk, and business objectives
Cross-functional coordination and stakeholder engagement
* Coordinate delivery across IT, Security, Procurement, Legal, ERM, and operational teams
* Act as the central point of accountability for programme execution and cross-functional alignment
* Drive engagement and accountability across business units and third parties
* Support supplier and third-party risk integration into programme delivery
* Provide clear, consistent communication to senior leadership and governance forums
Maturity uplift across NIST CSF domains
* Govern: enhance structured cyber reporting, and security standards
* Identify: Ensure accurate asset inventory, classification, and vulnerability management coverage
* Protect: Oversee enhancement of key controls including configuration, access control, and data protection as well as training, awareness and supply chain security
* Detect: Increase monitoring coverage and use cases
* Respond: Establish and mature incident response processes, roles, and testing (e.g. tabletop exercises)
* Recover: Embed resilience through backup, recovery planning, and regular testing of recovery capabilities
Programme controls, reporting, and assurance
* Define and track KPIs and maturity metrics aligned to NIST CSF and CAF
* Provide regular reporting on programme status, risks, control effectiveness, and outcomes
* Ensure appropriate evidence is produced to support regulatory, audit, and assurance requirements
* Support internal and external audits and regulatory engagement
* Maintain a clear view of residual risk and ensure escalation through governance forums
Skills, experience & attributes
* Proven experience delivering large-scale cyber security or technology transformation programmes
* Strong understanding of cyber security frameworks (NIST CSF, UK CAF, ISO 27001)
* Experience operating across complex stakeholder environments and driving cross-functional delivery
* Strong programme management capability (planning, risk management, governance, and reporting)
* Ability to translate cyber strategy into structured, deliverable plans
* Confident engaging senior leadership and influencing decision-making
* Strong analytical and problem-solving skills with a pragmatic, outcome-focused approach
Contract position
If you feel that you are well suited to the above opportunity and would like to find out more then please contact Orion Group for more information or apply by forwarding your current CV quoting reference: TR/082347
#J-18808-Ljbffr