Head of Cyber

Lanes Group is a leading nationwide utility services provider with over4500 dedicated employees. Our diverse subsidiaries drive our success across various sectors contributing to a remarkable turnover of over 500 million. We are committed to excellence and innovation ensuring we provide industry leading services to our clients and stakeholders. Join us to be part of a dynamic and growing team that values diversity and

Main Purpose of the role:

TheHead of Cyber Security& Operational Resilienceis the accountable lead for the strategic direction and operational delivery of the organisations security posture. Working in strict alignment withUK NIS Regulationsand theNCSC Cyber Assessment Framework (CAF) the primaryobjectiveis tomaintaina defensible resilient security position across bothcorporate ITandOperational Technology (OT)environments to ensurethe safety and integrity of our services.

As the senior authority on cyber risk you are tasked with ensuring the long-term resilience of the organisations technology estate. You will orchestrate the transition toward aZero Trust architecturewhile enabling safe innovation across smart-water initiatives. You will act as the primary interface for regulatory bodies ensuring that all security investments are risk-led commercially sound and statutorily compliant.

By balancing rigorousITGovernance Risk and Compliance (GRC)with technical pragmatism you will ensure thatIT anddigital transformation programmes aresecure-by-design. Your leadership will uphold the high reliability and public safety standards expected of a critical national infrastructure provider in a high-threat landscape.

Location:Leeds

Hours:Monday to Friday 37.5 Hours per week

Employment Type:Permanent

Organisational Relationships:

This is a high-visibility cross-functional leadership position that bridges the gap between executive strategy and frontline engineering. Internally you will navigate a matrix environment acting as a trusted advisor to corporate users and operational divisions.

You willbe responsible fortranslating complex technical threats into operational risks while simultaneously collaborating with site-based engineers to implement practical security controls that do notimpede operations.

Externally you are the face of the organisations resilience maintaining authoritative relationships with national regulators and security agencies to ensure our compliance and intelligence-sharing capabilities remain at the forefront of the industry.

Key Responsibilities:

1. Strategic Governance & Compliance

You are the architect of the Defensible Position. You must ensure the organizationdoesntjust do security but can prove its efficacy to the government.

• NIS2 & CAF Alignment:Managing the roadmap for theNCSC Cyber Assessment Framework (CAF)to ensure statutory compliance.
• Risk Reporting:Translating complex technical vulnerabilities into business risks for theExecutive Board (CEO/CFO/CRO)to influence the corporate risk appetite.
• Investment Strategy:Building commercially sound business cases for multi-million-pound resilience projects and digital transformation.
  
  

2. Operational Technology (OT) & Physical Safety

You are responsible for both corporate IT Security and Operational Security - A digital failure here has physical consequences.

• IT/OT Convergence:Securing the bridge between corporate networksand operational systems.
• Safety Integration:Partnering withOperations and HSEto ensure security controls support a Safety First culture (e.g. ensuringa firewalldoesntaccidentally block an emergency manual override).
• Incident Response:Developing integrated playbooks that account for both digital recovery and physical emergency protocols.

3. Technical Evolution: Zero Trust & Innovation

You are tasked with modernizing a legacy environment while enabling Smart Water initiatives.

• Zero Trust Roadmap:Leading the transition from traditional perimeter security to aZero Trust architecture ensuring identity-based security across all 4500 employees.
• Secure-by-Design:Acting as the security consultant for all new digital transformation and IoT projects to ensure resilience is baked in not bolted on.
• Threat Intelligence:Leveragingrelationships with the NCSC and industry peers to proactively defend against nation-state or ransomware threats.

4. Supply Chain & Ecosystem Integrity

Lanes Group relies on a massive network of vendors; you are the inspector of that network.

• Vendor Vetting:Overseeing the cybersecurity auditing of third-party suppliers viaProcurement.
• SBOM Management:ImplementingSoftware Bill of Materials (SBOM)requirements to track and manage vulnerabilities within third-party software components.
• Client Assurance:Serving as the authoritative voice for clients who require proof that their service provider (Lanes) is cyber-resilient.

5. Team Leadership & Culture

• Mentorship:Managing and developing your direct reports (Cyber Security Manager Analysts) to stay ahead of the threat landscape.
• Culture Change:Moving cybersecurity from a back-office IT issue to an operational lifeline recognized by site-based engineers and corporate staff alike.

Key Stakeholders:

• The Executive Board (CEO/CFO/CRO):Providing quarterly briefings on the cyber-risk appetite and securing investment for long-term resilience projects.

• GroupIT Director:Direct alignment on corporateIT and Cyberstrategy

• Operations Directors: Ensuring cyber security is integrated intoaSafety First culture.

Wider Departments:

• Legal & Data Privacy (DPO):Collaborating on data protection impact assessments and ensuring that cybersecurity measures align with UK GDPR and NIS2 legal mandates.

• Health Safety & Environment (HSE):Aligning cyber-incident response with physical emergency plans (e.g. manual override protocols during a digital outage).

• Procurement & Supply Chain:Vetting third-party vendors and ensuring all contracts include rigorous cybersecurity clauses and SBOM (Software Bill of Materials) requirements.

External Stakeholders:

• Government and regulatory bodies

• Supplier chain and technical partners

• Industry peer networks

• Clients

At Lanes Group we are dedicated to fostering a diverse and inclusive workplace where everyone feels valued and empowered. We believe that our differences make us stronger and are committed to providing equal opportunities for all employees. We welcome and encourage applications from individuals of all backgrounds including those from underrepresented groups. Join us in our commitment to creating a more inclusive and diverse world.

Required Experience:

Director