EM Services acts as a managing agent for multiple Town Councils and delivers a wide range of township management and corporate services across the EM Group.
The Cybersecurity Lead is accountable for establishing and driving the cybersecurity programme, governance, and incident readiness across centrally managed Town Councils and, where applicable, the wider EM Group. The role defines baseline cybersecurity policies and standards, coordinates incident response protocols, and serves as the primary escalation point for cybersecurity events affecting Town Councils under the centralized IT service operating model.
Working closely with the IT Service Manager (Service Delivery Manager), Town Council IT Officers, and external vendors, the Cybersecurity Lead ensures consistent security posture uplift, compliance alignment, and effective incident management.
Key Roles & Responsibilitie
s1. Cybersecurity Governance, Policy & Standard
- sOwn and maintain baseline cybersecurity policies, standards and minimum security controls applicable across Town Councils (and EM Group where applicable)
- .Translate cybersecurity expectations into practical standards that can be implemented by IT Officers and vendors across varying Town Council environments
- .Define and maintain cybersecurity governance artefacts (e.g., control checklists, compliance reporting templates) to support consistent implementation and auditability
- .Provide guidance on cybersecurity requirements that can be embedded into IT tenders and vendor scopes (e.g., incident response obligations, security monitoring expectations, baseline configurations)
.2. Incident Response Leadership & Escalatio
- nCoordinate incident response protocols and act as the escalation point for cybersecurity events affecting EM & Town Councils related operations
- .Establish and maintain incident response runbooks, escalation paths and communications templates (internal and stakeholder-facing), aligned to vendor operating models
- .Lead cybersecurity incident triage, containment coordination, and post-incident review, including recommendations for remediation and prevention of recurrence
- .Coordinate with external incident response providers (retainer service) to ensure timely mobilisation, clear handover, and effective delivery during major incidents
.3. Compliance Advisory, Risk Assessments & Remediatio
- nAdvise on cybersecurity compliance expectations, including risk assessments, gap analysis, and remediation planning
- .Maintain a consolidated view of cybersecurity risks and recurring control gaps across Town Councils to inform prioritisation and uplift planning
- .Support Town Councils and IT Officers in preparing evidence and responding to cybersecurity audits, reviews, and governance queries
.4. Enablement of IT Officers & Security Control Implementatio
- nSupport IT Officers in implementing security controls and conducting awareness initiatives, including coaching and technical guidance on baseline controls (e.g., identity security, endpoint hygiene, access governance, incident reporting discipline)
- .Define a structured approach for cybersecurity awareness and uplift across on-site colleagues, leveraging practical scenarios and recurring lessons from incidents
- .Partner with the IT Service Delivery Manager to ensure cybersecurity policies are operationalised through standard service processes, ticketing, change discipline, and escalation governance
.5. Vendor & Stakeholder Alignmen
- tLiaise with vendors to ensure alignment on cybersecurity expectations, reporting, and incident coordination
- .Participate in vendor governance on cybersecurity-related matters, ensuring vendors understand and meet required security baselines and incident response obligations
- .Provide cybersecurity input into service reviews, tender specifications, and scope discussions where cyber responsibilities and boundaries require clarification
.6. Cybersecurity Programme Development (Optional EMHQ Scope
- )Where applicable, lead or co-lead EMHQ cybersecurity programme planning, including group-level governance, awareness, incident readiness, and capability development
- .Build and mature cybersecurity operating rhythms (e.g., quarterly posture reviews, incident simulations/tabletop exercises, periodic control uplift campaigns) to improve resilience over time
.
Required Qualifications & Experien
- ceDegree in Cybersecurity, Information Security, Computer Science, Information Technology, or related disciplin
- e.7–10 years of experience in cybersecurity, cyber governance, incident response, or security operations, including ownership of security programmes, cybersecurity awareness initiatives and incident coordinatio
- n.Hands-on experience developing security policies/standards and translating them into implementable controls across multi-site or multi-entity environment
- s.Proven experience coordinating cybersecurity incidents with internal stakeholders and external service providers/vendor
- s.Experience operating in regulated, public-facing, or multi-stakeholder environments is highly desirabl
e.
Key Competencies & Attribu
- tesCybersecurity Leadership & Ownership – Takes accountability for cyber posture, readiness, and outcom
- es.Governance & Structure – Able to define standards, controls, evidence and assurance processes across multiple entiti
- es.Incident Command & Calm Execution – Able to lead triage, escalation, and coordination under pressu
- re.Stakeholder & Vendor Management – Effective communicator across Town Councils, vendors, and coordinating stakeholde
- rs.Pragmatism & Risk-Based Judgement – Balances ideal security with operational realities and prioritisati
- on.Enablement Mindset – Coaches IT Officers and operational teams to implement controls consisten
tly
