JOB PURPOSE:

The Cyber Security Portfolio Manager is responsible for the development and effective management of a large and complex portfolio of projects and programmes that are delivering enhanced cyber security technology, process and organisational change against a defined by multi-year strategy.

DIMENSIONS:

• People – lead and manage resources assigned to deliver projects will vary, as a minimum the post holder will have direct management of circa 9+ permanent and temporary project resources which could rise to over 25 at peak project demand.
• Financial - shared responsibility for £1-3m annual budget covering permanent resources, tools and professional services, with governance and oversight responsibility for project/ programme budgets of approximately £80m over a 3-5 year time horizon.
• Planning and Organisation: drive cohesion across the portfolio, identifying shared objectives, potential conflicts and common risks and issues and work with project and program teams to design plans for optimizing outcomes across the portfolio. collaborating with senior stakeholders on the prioritization of portfolio, tracking the scope, budget, and enforcing rigor around managing change.

• Stakeholders – regular and ongoing interaction with executive and senior management stakeholders across IT, IS and the Business, and the primary liaison between the internal security team and multiple global vendors of security services.

PRINCIPAL ACCOUNTABILITIES:

1. Transform the Cyber Security Strategy and strategic business objectives into an aligned cyber security portfolio of programs and projects, working closely with the Cyber Security Architecture Manager to develop the cyber security roadmap, and the Cyber Security Governance Manager on control remediation plans and assigning to teams to execute and deliver the expected benefits and cyber security capability and control enhancements to the organisation.
2. Define and implement robust controls and standards for projects and programs to ensure the health of the portfolio is maintained with strong management of budgets, resources, risks, issues and scope.
3. Develop portfolio-level performance metrics and provide senior management with regular, accurate and timely management information on the portfolio status and against key performance indicators (KPIs).
4. Effectively manage, lead and develop the Cyber Security Portfolio team, to ensure the quality and timeliness of services and deliverables to meet business requirements, reviewing performance and driving continuous improvement of the cyber security portfolio capabilities.
5. Closely collaborate with senior leaders, technical subject matter experts, operational teams and portfolio governance personnel to address issues and risks threatening the outcomes of the projects and to ensure the smooth transition of the new services into BAU operational management.
6. Accountable for the full cyber security project lifecycle, from initiation to completion, ensuring all project work for existing and future projects is delivered successfully, to agreed deadlines/schedule, meeting business objectives and financial targets.
7. Support Project Managers and Program Managers during the analysis and planning stages, driving adherence to processes, procedures, methods, and standards for program delivery.
8. Lead activities required for the realisation of the benefits of each part of the change programme, ensuring alignment with expected benefits.
9. Provide effective leadership to project teams, champion the adoption of industry best practice project management principles, methods and tools, govern the change control process, and assess and manage complex and material project risks.
10. Oversee and govern the efficient and effective management of the overall cyber security team including the administration of team finances, contracts, compliance, personnel and performance.
11. Champion a continuous improvement culture across control documentation and knowledge management.
12. Deputise for Head of Cyber Security and Technology Risk for certain pre-agreed Cyber Security Portfolio tasks and activities.

NATURE AND SCOPE:

The Information Systems Department works supporting the company in the achievement of its strategy and vision to become the best performing DNO. The team achieve this through the provision of technology solutions, as well as the optimisation of current solutions to improve how the company operates. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore strongly underpinned by effective cyber security.

As Cyber Security Portfolio Manager, the job holder is responsible for the development, effective management and delivery of Cyber Security Resilience programme and project portfolio.

The Cyber Security Programme Manager will be responsible for managing and delivering the cyber security roadmap across the organisation. This role requires a deep understanding of programme and portfolio management concepts, technologies, and best practices, as well as the ability to collaborate effectively with cross-functional teams. The ideal candidate will possess effective communication skills and will be committed to delivering high-quality security projects that result in tangible risk reduction. The ideal candidate will have a proven track record in delivering cyber security change and transformation, ideally within critical national infrastructure or the energy-industry.

The Cyber Security Portfolio Manager’s has five main functions/services.

1. Portfolio Management and Leadership: Create clear, coherent approaches to guide effective program/project setup, execution, and control. Define a comprehensive portfolio plan, defining clear objectives, deliverables, timelines, budgets, and resource allocation. Conduct regular risk assessments and implement mitigation strategies to proactively manage potential threats and challenges. Monitor program progress, identify potential roadblocks, and proactively initiate corrective actions. Maintain clear communication channels with stakeholders, ensuring timely updates and transparent reporting on status and progress. Operate controls and reporting standards for projects and programs within the portfolio.
2. Value and Benefit Realisation – identify key value drivers and define metrics to monitor portfolio performance. Establish robust budget management across the portfolio and working with Finance and project teams to accurately forecast, track, escalate and report. Support activities required for the realisation of the projected benefits of each part of the program, to deliver committed business outcomes.
3. Risk Management - identification, investigation, resolution and escalation of program issues and risks impacting project delivery to the appropriate senior stakeholders; ensuring mitigation strategies are developed and executed when necessary.
4. Programme Management Office (PMO) - Ensuring consistent implementation of common PMO standards, reporting, and closure process across programs. Coordinate and report programme and portfolio health, financial tracking and reporting, trend analysis for plan and budget including annual planning, quarterly/monthly forecasts, etc.
5. CISO Office Administration – management and administration of the overall cyber security budget, supplier and contract management, function performance reporting, organise and coordinate team meetings and events, monitor staff training and development requirements. drive continuous improvement culture, govern documentation and knowledge management, training and compliance administration, recruitment and onboarding administration etc.

The job holder's principal challenge is to translate the Cyber Security Strategy and strategic Business objectives into a multifaceted roadmap of strategic and tactical projects and programs to deliver the required services, products and systems with the expected level of quality, and to the agreed schedule and cost.

SKILLS, QUALIFICATIONS AND EXPERIENCE:

• Minimum of 7 years of experience managing large-scale cyber security programmes delivering all aspects of cyber security transformation – including technology, processes, and culture.
• Hold an industry recognised Project, Program, and/or Portfolio Management certification such as Portfolio Management Professional (PfMP), Program Management Professional (PgMP), Managing Successful Programmes (MSP), Project Management professional (PMP).
• Significant hands on experience managing programme management concepts such as resource allocation, programme/project budgets, risk management, benefits tracking, programme assurance, etc.
• Excellent understanding and experience in leading the implementation of cyber security technologies and capabilities – including Security Operations, SIEM platforms, PAM, Vulnerability Management.