Cybersecurity Programme Lead

Our Oil & Gas Operator client is currently recruiting for the position of Cybersecurity Programme Lead based in Aberdeen

3/2 hybrid working
38 days paid holiday
PAYE Rate Negotiable. 
Role overview
 
To lead the delivery of its enterprise-wide cyber security maturity uplift.
 
The role will be accountable for driving the company’s security maturity across all NIST CSF functions (Govern, Identify, Protect, Detect, Respond, Recover) and aligned with the UK Cyber Assessment Framework (CAF).
 
The Programme Manager will own the end-to-end cyber improvement roadmap, coordinating delivery across IT, Security, Procurement, HR, Legal, Enterprise Risk Management (ERM), and business teams.
 
This role is responsible for translating strategy into execution, ensuring that priority controls, governance, and capabilities are implemented effectively, and that progress is measured, evidenced, and reported to senior stakeholders.
 
Cyber security programme leadership and delivery:
 
Own and deliver the company cyber security improvement programme aligned to NIST CSF and UK CAF
Define, maintain, and execute the integrated delivery roadmap to achieve Level 3 maturity by 2026
Establish programme governance, milestones, dependencies, and delivery plans across all workstreams
Track delivery progress, manage risks, issues, and interdependencies across multiple initiatives
Ensure clear alignment between cyber priorities, enterprise risk, and business objectives
 
Cross-functional coordination and stakeholder engagement:
 
Coordinate delivery across IT, Security, Procurement, Legal, ERM, and operational teams
Act as the central point of accountability for programme execution and cross-functional alignment
Drive engagement and accountability across business units and third parties
Support supplier and third-party risk integration into programme delivery
Provide clear, consistent communication to senior leadership and governance forums
 
Maturity uplift across NIST CSF domains:
 
Govern: enhance structured cyber reporting, and security standards
Identify: Ensure accurate asset inventory, classification, and vulnerability management coverage
Protect: Oversee enhancement of key controls including configuration, access control, and data protection as well as training, awareness and supply chain security
Detect: Increase monitoring coverage and use cases
Respond: Establish and mature incident response processes, roles, and testing (e.g. tabletop exercises)
Recover: Embed resilience through backup, recovery planning, and regular testing of recovery capabilities
 
Programme controls, reporting, and assurance:
 
Define and track KPIs and maturity metrics aligned to NIST CSF and CAF
Provide regular reporting on programme status, risks, control effectiveness, and outcomes
Ensure appropriate evidence is produced to support regulatory, audit, and assurance requirements
Support internal and external audits and regulatory engagement
Maintain a clear view of residual risk and ensure escalation through governance forums
 
Skills, experience & attributes of candidate:
Proven experience delivering large-scale cyber security or technology transformation programmes
Strong understanding of cyber security frameworks (NIST CSF, UK CAF, ISO 27001)
Experience operating across complex stakeholder environments and driving cross-functional delivery
Strong programme management capability (planning, risk management, governance, and reporting)
Ability to translate cyber strategy into structured, deliverable plans
Confident engaging senior leadership and influencing decision-making
Strong analytical and problem-solving skills with a pragmatic, outcome-focused approach
                   
Contract position
 
If you feel that you are well suited to the above opportunity and would like to find out more then please contact Orion Group for more information or apply by forwarding your current CV quoting reference: TR/(phone number removed)

People are our business worldwide
 
Orion Group was founded in 1987 and is now one of the largest, independent, international recruitment companies. We have a network of 200 employees working from 24 offices, delivering a range of services – Talent Acquisition, Recruitment Outsourcing Services, Retained Search, Global Workforce Solutions, Completions & Commissioning and Materials Management – across 68 countries. As a global leader in workforce solutions, we recruit personnel across the Engineering & Technical, Office & Commercial, Scientific and Skilled Trades disciplines, for sectors including Oil & Gas, Life Science, Power & Utilities, Constructions & Infrastructure, Manufacturing and Renewables