Sword is a leading provider of business technology solutions within the Energy, Public, and Finance Sectors, focusing on driving transformation change for clients.
The role involves supporting a critical infrastructure transformation programme aimed at establishing secure, resilient platforms across converged IT and Operational Technology (OT) environments.
The Security & Risk Management Lead will act as the programme’s senior security authority, defining and owning the security vision, risk posture, and regulatory compliance strategy.
The position requires embedding a Secure by Design approach across all lifecycle phases, from architecture to retirement.
The role operates at board level, ensuring that security considerations shape delivery scope, inform design decisions, and meet evolving regulatory expectations.
Responsibilities include serving as the executive security owner, leading the adoption of a Secure by Design framework, influencing the Programme Board, and ensuring alignment with key regulatory and cyber governance frameworks.
The lead will represent the organization in regulatory discussions, audits, and cybersecurity working groups, and will define and govern the security architecture.
The position involves overseeing cyber risk management activities, delivering the Cybersecurity Requirements Specification, and collaborating with ITIL-aligned service functions.
Requirements:
Extensive experience in a senior cyber leadership role (CISO, SRO, or equivalent), ideally within regulated or Critical National Infrastructure (CNI) sectors is required.
Deep knowledge of regulatory and assurance frameworks such as ISA/IEC 62443, NCSC CAF, NIS Regulations, NIST CSF, and ISO/IEC 27001 is essential.
A proven track record of leading secure digital transformation across complex IT/OT environments is necessary.
Strong understanding of enterprise security architecture, Secure by Design practices, and lifecycle risk management is required.
Exceptional communication and stakeholder engagement skills are needed, with confidence in navigating regulatory, technical, and executive domains.
It would be beneficial to have certifications such as CISSP, CISM, CRISC, or equivalent, as well as TOGAF or SABSA enterprise architecture credentials.
Familiarity with IEC 62443 Cybersecurity Expert or Practitioner certification, ITIL, ISO 27019, and NCSC guidance for OT & ICS is also desirable.
Benefits:
The position offers personalized career development with a customized development plan and a range of learning and development opportunities.
Flexible working arrangements are available to support work-life balance, with discussions encouraged to accommodate individual preferences.
A fantastic benefits package includes a generous annual leave allowance, enhanced family-friendly benefits, a pension scheme, access to private health, well-being, and insurance schemes, and an employee assistance programme.
Sword is dedicated to fostering a diverse and inclusive workplace, ensuring fair and equal consideration for all applicants.
