Sword is a leading provider of business technology solutions within the Energy, Public, and Finance Sectors, focusing on transformation change for clients.
The role supports a critical infrastructure transformation programme aimed at establishing secure, resilient platforms across IT and Operational Technology (OT) environments.
The Security & Risk Management Lead will act as the programme’s senior security authority, defining and owning the security vision, risk posture, and regulatory compliance strategy.
The position requires embedding a Secure by Design approach across all lifecycle phases, from architecture to retirement.
The role operates at board level, ensuring security considerations shape delivery scope, inform design decisions, and meet regulatory expectations.
Responsibilities include serving as the executive security owner, leading the adoption of a Secure by Design framework, influencing the Programme Board, and ensuring alignment with regulatory frameworks.
The lead will represent the organization in regulatory discussions, audits, and cybersecurity working groups, and define the security architecture using ISA/IEC 62443 methodology.
The position involves managing cyber risk activities, delivering the Cybersecurity Requirements Specification, and overseeing cyber risk posture management across the service lifecycle.
Collaboration with ITIL-aligned service functions is essential to integrate cybersecurity into the Target Operating Model.
Requirements:
Extensive experience in a senior cyber leadership role (CISO, SRO, or equivalent), ideally within regulated or Critical National Infrastructure (CNI) sectors is required.
Deep knowledge of regulatory and assurance frameworks such as ISA/IEC 62443, NCSC CAF, NIS Regulations, NIST CSF, and ISO/IEC 27001 is essential.
A proven track record of leading secure digital transformation across complex IT/OT environments is necessary.
Strong understanding of enterprise security architecture, Secure by Design practices, and lifecycle risk management is required.
Exceptional communication and stakeholder engagement skills are needed, with confidence in navigating regulatory, technical, and executive domains.
It would be beneficial to have certifications such as CISSP, CISM, CRISC, or equivalent, as well as TOGAF or SABSA enterprise architecture credentials.
Familiarity with IEC 62443 Cybersecurity Expert or Practitioner certification, ITIL, ISO 27019, and NCSC guidance for OT & ICS is also desirable.
Benefits:
The position offers personalized career development with a customized development plan and a range of learning opportunities.
Flexible working arrangements are available to support work-life balance, with discussions encouraged to accommodate individual preferences.
A fantastic benefits package includes a generous annual leave allowance, enhanced family-friendly benefits, a pension scheme, access to private health, well-being, and insurance schemes, and an employee assistance programme.
Sword is dedicated to fostering a diverse and inclusive workplace, ensuring fair consideration for all applicants regardless of background or experience.
