Cyber Security Lead

Cyber Security Lead

Oxfordshire - Hybrid - 2 days per week (Flexible)

50k - 60k plus Benefits

Our Client are an award-winning leading IT company offering complete outsourced IT solutions to organisations across the UK and Europe. Based in Oxfordshire they provide a comprehensive range of support services, software and hardware solutions to major blue-chip clients and their technicians are highly skilled in planning, implementing and trouble shooting.

They strive to become one of the top places to work in the UK - in fact, they believe that they already are! Most of the team have been here for years, have built a terrific career, and as corny as it may sound, they really do call themselves the Planet Family.

They welcome new people to the team all the time, from all backgrounds and all levels of experience.

They are able to attract talent to our business by investing in staff training and staff rewards, which has become a bedrock of our success. This initiative has resulted in staff becoming even better at what they do, great staff retention and greater company buy-in from the team. As part of this strategy, the more staff learn via official courses, the better the service and the more we reward them.

Primary Purpose

The Security Lead is both the client-facing strategist and the internal accountable owner of security within the MSP. They lead Quarterly Security Reviews (QSRs), own the client risk register and exception process, and ensure services are delivered in line with frameworks such as Cyber Essentials, ISO27001, and NIST.

Internally, the Security Lead is accountable for the MSP's own security posture ensuring tools, processes, and teams meet the same standards we deliver to clients. They monitor measurable posture metrics (e.g., Microsoft Secure Score, Vulnerability etc.), ensure continuous improvement, and keep the MSP's security practice relevant through ongoing training, certifications, and emerging threat awareness. While day-to-day execution is delegated to Security Analysts and service teams, the Security Lead owns security end-to-end: identifying risks, embedding controls, and ensuring compliance is demonstrable.

Key Responsibilities

Client-Facing

• Lead Quarterly Security Reviews (QSRs), presenting patch/vulnerability posture, incidents, compliance status, and risk register updates.
• Translate technical security risks into clear business impact and outcomes.
• Own the client exception process, ensuring risks are documented, communicated, and signed off.
• Support Account Managers and Strategic Partnership Managers in roadmap and IT strategy sessions.
• Act as the strategic security escalation point for clients when risks require senior involvement.

Internal MSP Security

• Own the MSP's internal security frameworks and certifications (e.g., CE+, ISO, SOC 2).
• Oversee patching, vulnerability, and risk management of MSP-owned infrastructure and tools.
• Ensure MSP's technology stack (RMM, XDR, PSA, backup, etc.) is securely deployed and monitored.
• Drive staff security awareness, training, and compliance with secure processes.
• Delegate operational tasks to Security Analysts while retaining accountability for end-to-end outcomes.

Governance & Standards

• Maintain the client and internal risk registers.
• Define and evolve gold-standard security "whitepapers" for projects and BAU.
• Sign off security requirements for project scope/designs that impact compliance or frameworks.
• Collaborate with Service Delivery Manager and Project Delivery Manager to ensure security is embedded in BAU, change control, and project execution.
• Monitor and report on client posture metrics (e.g., Microsoft Secure Score, M365 compliance dashboards).
• Drive continuous posture improvement across client environments.

Team Leadership & Growth

• Mentor and develop Security Analysts.
• Ensure team certifications remain up to date (minimum 2 per year per Analyst).
• Lead internal knowledge-sharing sessions to keep the team and wider MSP relevant against new threats and frameworks.
• Champion automation (RPA/AI) in evidence gathering, reporting, and triage.
• Identify scale points for growing the Security Practice (e.g., Security Architect, more Analysts).

Behaviors Required

• Strategic Thinking - able to translate technical risks into business outcomes and align security initiatives with client goals and budgets.
• Strong Governance Mindset - experienced in managing frameworks (Cyber Essentials, ISO27001, NIST) and embedding them into MSP operations and client environments.
• Risk Communication - skilled at presenting complex security issues clearly to non-technical stakeholders, both internally and at client leadership level.

• Technical Depth - hands-on understanding of vulnerability management, patch governance, endpoint security (EDR/XDR), and cloud (M365/Azure security).
• Analytical Skills - capable of interpreting scan results, posture metrics (e.g., Microsoft Secure Score), and incident trends into actionable insights.
• Delegation & Leadership - experienced in mentoring Analysts and delegating effectively while retaining accountability for outcomes.
• Collaboration - able to work cross-functionally with Service Delivery, Projects, Account Managers, and vendors to embed security consistently.
• Continuous Learning - committed to staying current with evolving threats, frameworks, and technologies, and ensuring the team is trained and certified.
• Client-Facing Confidence - comfortable leading Quarterly Security Reviews (QSRs), participating in roadmap sessions, and engaging with C-level stakeholders.
• Change Agent - able to influence internal teams and clients to adopt best practice, even when it means shifting established ways of working.

Person Specification:

Minimum

• 5+ years in IT security or MSP environment.
• Strong knowledge of Cyber Essentials, ISO27001, or NIST frameworks.
• Experience with patch/vulnerability management governance.
• Ability to communicate technical risks in business language.
• Proven ability to run client-facing reviews or presentations.

Desirable

• CISSP, CISM, or equivalent certifications.
• Experience delivering or auditing compliance frameworks.
• Familiarity with RMM/XDR/EDR, SIEM, and vulnerability scanning platforms.
• Experience leading small teams (mentoring, guiding).
• Exposure to incident response and tabletop exercises.

What Success Looks Like:

Success means the Security Lead is recognised by clients as a trusted advisor who simplifies security into business language. All client and internal risks are captured, visible, and acted upon with no blind spots. QSRs consistently deliver actionable improvements that feed into roadmaps and IT strategy, while client security posture measurably improves quarter-on-quarter (demonstrated in metrics such as Microsoft Secure Score, CE+ readiness, and vulnerability closure rates).

Internally, the MSP leads by example: our own systems, tools, and processes are secure, audit-ready, and improving over time. The Security Lead ensures their team is certified, trained, and ahead of industry changes, delegating operational execution while embedding governance across service,

INDIT

Planet Recruitment acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. Planet Recruitment is an Equal Opportunities Employer.

By applying for this role your details will be submitted to Planet Recruitment. Our Candidate Privacy Information Statement explains how we will use your information.

Only candidates with the relevant skills and experience will be contacted after application, if you do not hear back from us within 7 days you have unfortunately been unsuccessful in your application.

Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and abilities to perform the duties of the position.