Overview:
Scope of Work:
To provide technical leadership and delivery assurance across the Cyber and Security portfolio, acting as the senior technical authority and delivery lead to ensure programmes and projects are securely designed, effectively mobilised, governed, and delivered in line with organisational risk appetite and regulatory expectation.
Establish initiatives for long‑term technical sustainability by strengthening security architecture, maturing technical and delivery controls, aligning specialist cyber resources, and supporting the development, implementation, and ongoing operation of strategic supplier contracts and security platforms
Act as a senior technical partner to the IT leadership team, providing clear architectural direction and technical assurance, embedding delivery discipline, and ensuring appropriate governance, documentation, and evidence‑based assurance mechanisms are consistently applied across the cyber and security portfolio:
-
CAF / eCAF Readiness and Evidence‑Led Assurance: Lead and coordinate CAF and eCAF activity across the cyber portfolio, including control interpretation and mapping, remediation definition, evidence strategy, and tracking of audit and assurance actions, providing demonstrable regulatory compliance and readiness.
-
AMP8 Cyber Technical Leadership: Act as the senior technical lead for agreed AMP8 cyber initiatives, providing technical direction and assurance across design, build, and transition into BAU. Work in partnership with the Project Manager to shape delivery sequencing, manage technical dependencies, and ensure solutions achieve defined security, control, and resilience outcomes.
-
Risk, Compliance, and Control Integration: Ensure cyber initiatives are technically designed and implemented in line with governance, risk, and compliance requirements across CAF/eCAF and wider AMP8 obligations, embedding required controls into solution design, delivery activities, and operational handover.
-
Supplier and Third‑Party Technical Oversight: Provide technical oversight of suppliers and third parties supporting cyber initiatives, supporting mobilisation, validating technical deliverables and acceptance criteria, managing technical dependencies, and ensuring assurance and security obligations are met.
-
Stakeholder and Architecture Alignment: Act as a senior technical point of coordination across IT Transformation, Architecture, Operations, and business stakeholders, aligning technical priorities, managing trade-offs, and escalating design or assurance decisions where required.
Output expected:
-
Technical Risk, Dependency, and Assurance Input: Ongoing technical input to portfolio‑level risks, dependencies, and constraints, highlighting security, resilience, and regulatory impacts to support escalation and decision‑making.
-
Cyber Technical Direction for AMP8: Technical input into the AMP8 cyber roadmap, including sequencing, high‑risk dependencies, and critical milestones, to inform portfolio planning and delivery decisions.
-
CAF / eCAF Technical Readiness View: A clear technical view of CAF/eCAF target state, control gaps, priority remediation items, and assurance expectations, including guidance on evidence required to demonstrate compliance.
-
Solution and BAU Readiness Input: Technical definition and assurance input for each initiative, covering solution approach, security and control expectations, and operational readiness considerations for transition into BA
-
Validated technical priorities and roadmap
A clearly validated and prioritised cyber and security portfolio, confirming that delivery focus is on the most material risks, regulatory requirements, and agreed AMP8 outcomes. -
Clear and proportionate technical scope
Cyber initiatives with well-defined, technically coherent scope, validated against organisational risk appetite and longer term architecture direction before and during delivery. -
Technical assurance over delivery setup and execution
Technical input and assurance that cyber initiatives are correctly scoped, designed, and set up for effective delivery, with risks, dependencies, and control expectations understood early. -
Predictable delivery of cyber capability
Coordinated delivery of cyber and security initiatives that strengthens organisational resilience and reduces risk in a controlled and transparent way. -
Regulatory and operational confidence
Clear assurance that cyber capabilities meet regulatory, audit, and operational expectations and are embedded into business‑as‑usual operations. -
Trusted senior decision support
Clear, concise insight and advice enabling senior leaders to make informed, timely decisions on cyber priorities, trade‑offs, and investment. -
Sustainable transition into business‑as‑usual
Structured handover of cyber capabilities into operational teams, with clearly defined ownership, support models, and processes to ensure long‑term sustainability and effectiveness. -
Effective change management and adoption
Proactive management of organisational change, ensuring cyber initiatives are understood, adopted, and embedded across technology, process, and people.
