Head of Cyber

Lanes Group is a leading nationwide utility services provider with over 4,500 dedicated employees. Our diverse subsidiaries drive our success across various sectors, contributing to a remarkable turnover of over £500 million. We are committed to excellence and innovation, ensuring we provide industry leading services to our clients and stakeholders. Join us to be part of a dynamic and growing team that values diversity and  

Main Purpose of the role:

The Head of Cyber Security & Operational Resilience is the accountable lead for the strategic direction and operational delivery of the organisation’s security posture. Working in strict alignment with UK NIS Regulations and the NCSC Cyber Assessment Framework (CAF), the primary objective is to maintain a defensible, resilient security position across both corporate IT and Operational Technology (OT) environments to ensure the safety and integrity of our services. 

As the senior authority on cyber risk, you are tasked with ensuring the long-term resilience of the organisation’s technology estate. You will orchestrate the transition toward a Zero Trust architecture while enabling safe innovation across smart-water initiatives. You will act as the primary interface for regulatory bodies, ensuring that all security investments are risk-led, commercially sound, and statutorily compliant. 

By balancing rigorous IT Governance, Risk, and Compliance (GRC) with technical pragmatism, you will ensure that IT and digital transformation programmes are secure-by-design. Your leadership will uphold the high reliability and public safety standards expected of a critical national infrastructure provider in a high-threat landscape. 

Location: Leeds

Hours: Monday to Friday – 37.5 Hours per week 

Employment Type: Permanent

Organisational Relationships:

This is a high-visibility, cross-functional leadership position that bridges the gap between executive strategy and frontline engineering. Internally, you will navigate a matrix environment, acting as a trusted advisor to corporate users and operational divisions. 

You will be responsible for translating complex technical threats into operational risks, while simultaneously collaborating with site-based engineers to implement practical security controls that do not impede operations.

Externally, you are the face of the organisation’s resilience, maintaining authoritative relationships with national regulators and security agencies to ensure our compliance and intelligence-sharing capabilities remain at the forefront of the industry. 

Key Responsibilities:

1. Strategic Governance & Compliance

You are the architect of the "Defensible Position." You must ensure the organization doesn't just "do" security but can prove its efficacy to the government. 

• NIS2 & CAF Alignment: Managing the roadmap for the NCSC Cyber Assessment Framework (CAF) to ensure statutory compliance. 


• Risk Reporting: Translating complex technical vulnerabilities into business risks for the Executive Board (CEO/CFO/CRO) to influence the corporate risk appetite. 


• Investment Strategy: Building commercially sound business cases for multi-million-pound resilience projects and digital transformation.
  
  

2. Operational Technology (OT) & Physical Safety

You are responsible for both corporate IT Security and Operational Security - A digital failure here has physical consequences. 

• IT/OT Convergence: Securing the "bridge" between corporate networks and operational systems. 


• Safety Integration: Partnering with Operations and HSE to ensure security controls support a "Safety First" culture (e.g., ensuring a firewall doesn't accidentally block an emergency manual override). 


• Incident Response: Developing integrated playbooks that account for both digital recovery and physical emergency protocols. 

3. Technical Evolution: Zero Trust & Innovation

You are tasked with modernizing a legacy environment while enabling "Smart Water" initiatives. 

• Zero Trust Roadmap: Leading the transition from traditional perimeter security to a Zero Trust architecture, ensuring identity-based security across all 4,500+ employees. 


• Secure-by-Design: Acting as the security "consultant" for all new digital transformation and IoT projects to ensure resilience is baked in, not bolted on. 


• Threat Intelligence: Leveraging relationships with the NCSC and industry peers to proactively defend against nation-state or ransomware threats. 

4. Supply Chain & Ecosystem Integrity

Lanes Group relies on a massive network of vendors; you are the "inspector" of that network. 

• Vendor Vetting: Overseeing the cybersecurity auditing of third-party suppliers via Procurement. 


• SBOM Management: Implementing Software Bill of Materials (SBOM) requirements to track and manage vulnerabilities within third-party software components. 


• Client Assurance: Serving as the authoritative voice for clients who require proof that their service provider (Lanes) is cyber-resilient. 

5. Team Leadership & Culture

• Mentorship: Managing and developing your direct reports (Cyber Security Manager, Analysts) to stay ahead of the threat landscape. 


• Culture Change: Moving cybersecurity from a "back-office IT issue" to an "operational lifeline" recognized by site-based engineers and corporate staff alike. 

Key Stakeholders: 

• The Executive Board (CEO/CFO/CRO): Providing quarterly briefings on the cyber-risk appetite and securing investment for long-term resilience projects. 

• Group IT Director: Direct alignment on corporate IT and Cyber strategy 

• Operations Directors: Ensuring cyber security is integrated into a "Safety First" culture. 

Wider Departments: 

• Legal & Data Privacy (DPO): Collaborating on data protection impact assessments and ensuring that cybersecurity measures align with UK GDPR and NIS2 legal mandates. 

• Health, Safety & Environment (HSE): Aligning cyber-incident response with physical emergency plans (e.g., manual override protocols during a digital outage). 

• Procurement & Supply Chain: Vetting third-party vendors and ensuring all contracts include rigorous cybersecurity clauses and SBOM (Software Bill of Materials) requirements. 

External Stakeholders: 

• Government and regulatory bodies 

• Supplier chain and technical partners 

• Industry peer networks 

• Clients

At Lanes Group, we are dedicated to fostering a diverse and inclusive workplace where everyone feels valued and empowered. We believe that our differences make us stronger and are committed to providing equal opportunities for all employees. We welcome and encourage applications from individuals of all backgrounds, including those from underrepresented groups. Join us in our commitment to creating a more inclusive and diverse world.