We are redirecting you to the source. If you are not redirected in 3 seconds, please click here.

Security and Risk Management Lead - (Outside IR35) at Sword. Location Information: Glasgow, Scotland, United Kingdom - Remote. . Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving real transformation change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals.. About the role:. We’re supporting the delivery of a critical infrastructure transformation programme designed to establish secure, resilient platforms across converged IT and Operational Technology (OT) environments. This multi-year programme is governed by the highest standards of cyber assurance and regulatory scrutiny.. As the . Security & Risk Management Lead, . you willact as the programme’s senior security authority. You will define and own the security vision, risk posture and regulatory compliance strategy, embedding a Secure by Design approach across every lifecycle phase — from architecture through to retirement.. Operating at board level, you’ll ensure security considerations shape delivery scope, inform design decisions, and meet evolving regulatory expectations. Your work will be integral to establishing a compliant, assured, and future-ready cyber operating model.. As the Security & Risk Management Lead, you will:. . Serve as the executive security owner for the programme, accountable for cyber posture, risk exposure, and regulatory alignment. . Lead the adoption and enforcement of a . Secure by Design (SbD). framework across architecture, build, operations, and decommissioning. . Influence the Programme Board, shaping strategic delivery, scope, and assurance outcomes. . Ensure alignment with key regulatory and cyber governance frameworks, including:. . . NCSC CAF (Enhanced Profile). . Ofgem NIS CAF Overlay. . NIS Regulations (UK). . ISA/IEC 62443 series. . ISO/IEC 27001, 31010, and NIST CSF. . . Represent the organisation in regulatory discussions, audits, and cybersecurity working groups. . Define and govern the security architecture using ISA/IEC 62443 zones and conduits methodology. . Provide assurance of technical controls across Security Levels SL1 to SL4, validating patterns such as segmentation, RBAC, and incident containment. . Lead cyber risk management activities including threat modelling and formal risk analysis (Bow-Tie, Attack Trees, Swiss Cheese, HAZOPs). . Own the delivery of the Cybersecurity Requirements Specification (CRS) for all programme systems. . Oversee end-to-end cyber risk posture management across the service lifecycle, from assessment and design to decommissioning. . Collaborate with ITIL-aligned service functions and ensure the Target Operating Model integrates cybersecurity as a pillar of reliability and resilience. . Requirements. . Extensive experience in a senior cyber leadership role (CISO, SRO, or equivalent), ideally within regulated or Critical National Infrastructure (CNI) sectors. . Deep knowledge of regulatory and assurance frameworks such as ISA/IEC 62443, NCSC CAF, NIS Regulations, NIST CSF, and ISO/IEC 27001. . Proven track record of leading secure digital transformation across complex IT/OT environments. . Strong understanding of enterprise security architecture, Secure by Design practices, and lifecycle risk management. . Exceptional communication and stakeholder engagement skills, with confidence navigating regulatory, technical, and executive domains. . It would be great if you also had:. . CISSP, CISM, CRISC or equivalent. . TOGAF or SABSA enterprise architecture credentials. . IEC 62443 Cybersecurity Expert or Practitioner certification. . Familiarity with ITIL, ISO 27019, and NCSC guidance for OT & ICS. . Benefits. At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. . We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package: . . Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. . . Flexible working: Flexible work arrangements to support your work-life balance. We can’t promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. . . A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well-being, and insurance schemes, an employee assistance programme, discounted cash plan and more.... . . At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don’t tick all the boxes but feel you have some of the relevant skills and experience we’re looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. . If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.. .