Cyber Security Principal

The Cyber Security Principal is a hands-on senior role, strengthening Tecknuovo’s internal information and cyber security posture while also delivering external advisory and commercial value through customer-facing security expertise. This role works closely with Delivery, Technical, IT, and Business Operations leaders.

The role provides strategic oversight of Tecknuovo’s cyber and information security maturity, ensuring security governance, risk management, compliance obligations, and the secure adoption and governance of AI technologies are not only maintained but continuously strengthened as the business scales.

The role is also accountable for delivering security advisory and assurance services to public sector and regulated clients, building Tecknuovo’s market credibility and contributing to revenue growth through security-led opportunities. Combining strategic leadership, operational influence, and commercial delivery, the Cyber Security Principal acts as the security equivalent to our Technical Director function with accountability for security quality, assurance, governance, and innovation across both the business and client environments.

Key responsibilities

• Own and evolve Tecknuovo’s Information Security Management System, ensuring ISO 27001 compliance is embedded into operational practice and supported by scalable, practical governance

• Define and maintain the organisation’s cyber security strategy, threat model, risk appetite, and prioritised roadmap, translating complex risks into clear actions and leadership decisions

• Act as the senior strategic security advisor to the executive board, providing horizon scanning, risk insight, and recommendations on security investment, controls, and resilience

• Provide security oversight, mentorship, and strategic direction to the IT Manager, supporting capability development while maintaining clear separation from day-to-day operational ownership

• Support Business Operations leadership in embedding security within broader assurance, compliance, and governance frameworks, including ISO standards and audit readiness

• Lead internal security reviews, penetration testing programmes, incident response planning, and business continuity activities from a security perspective

• Establish and strengthen a security-aware culture across the business, including employed teams, freelance consultants, suppliers, and third parties

• Advise on AI governance, emerging technologies, and associated security implications, working closely with Technical and AI programme stakeholders

• Deliver senior security advisory and assurance services to public sector and regulated clients, acting as a trusted advisor across security risk, assurance, and architecture engagements

• Shape and deliver security-focused workstreams within wider transformation programmes, partnering with client security and risk leaders to ensure credible, defensible delivery

• Identify, qualify, and support the growth of security advisory opportunities across existing accounts and new prospects, contributing to a revenue-generating security service line

• Support bids, proposals, and procurement submissions by shaping security narratives, compliance positioning, assurance frameworks, and security architecture content

• Produce market-facing thought leadership, case studies, and security insights that strengthen Tecknuovo’s reputation as a credible security partner

• Build and mature internal security capability, frameworks, standards, tooling, and methodologies that support both internal governance and client delivery

• Develop security capability pathways and mentoring structures that strengthen internal talent and reduce dependency, aligned to Tecknuovo’s broader capability-building philosophy

• Maintain oversight of data protection, privacy, and contractual security obligations, working with leadership on UK GDPR, governance, and client security commitments

• Contribute security expertise into wider business initiatives including B-Corp, ESG, ISO 42001 readiness, and enterprise risk management frameworks

Who you are and how you’ll make an impact

You are an experienced security leader who has built, led, and matured cyber and information security functions within large organisations, regulated sectors, or government environments. Your background includes strategic ownership of security governance, risk management, and compliance frameworks, combined with the credibility to advise senior stakeholders, boards, and audit committees on complex security and risk matters.

You bring genuine depth across both governance and technical security domains, with practical experience spanning areas such as ISMS ownership, ISO 27001, cyber strategy, incident response, cloud and network security, identity and access management, vulnerability management, and privacy considerations. You are comfortable translating technical risk into business language and making clear, pragmatic recommendations that support commercial and operational decision-making.

Alongside your internal leadership capability, you have strong client-facing advisory experience and are confident operating at senior levels with CISOs, CIOs, security architects, and risk leaders. You understand how to scope, position, and deliver security advisory work in a way that balances security integrity with commercial value, helping clients strengthen their own security capability while building trust in Tecknuovo as a delivery partner.

You are highly collaborative and operate effectively through influence rather than hierarchy, building strong partnerships across leadership teams, delivery functions, and operational stakeholders. You are equally comfortable mentoring developing practitioners as you are shaping strategic direction, and you are motivated by the opportunity to build something lasting within a growing organisation while continuing to deliver meaningful external impact.

Your success will be reflected in a stronger and more resilient internal security posture, increased confidence and capability across teams, growth in security advisory opportunities, and stronger market credibility with public sector and regulated clients.

A day in the life

A typical day might begin with reviewing security priorities, risk items, or governance updates, ensuring internal initiatives remain aligned to the organisation’s security roadmap and compliance obligations. You may meet with the CLOO or MD to advise on emerging risks, investment decisions, or business priorities requiring security input.

You could then work with the IT Manager or Business Operations Partner to review security controls, audit actions, or upcoming assurance activities, providing strategic guidance while enabling operational teams to retain ownership and execution.

Later in the day, you may shift into client-facing activity-leading a security assurance session, contributing to an architecture review, advising on cyber risk within a live transformation programme, or supporting a proposal for a new public sector opportunity.

Alongside delivery, you spend time shaping longer-term capability: refining internal frameworks, reviewing security standards, developing reusable methodologies, or contributing to market-facing thought leadership. You remain closely connected to evolving areas such as AI governance, supply chain risk, and security maturity, ensuring both Tecknuovo and its clients remain resilient, credible, and prepared for future challenges.

Across all aspects of the role, you balance internal governance with external delivery, ensuring security is not treated as a compliance exercise alone but as a strategic enabler of business trust, growth, and operational resilience.

Equal Opportunities

At Tecknuovo, we’re committed to creating an inclusive, barrier-free recruitment process and working environment for everyone. We want all candidates to have the best possible opportunity to succeed throughout their application. As a Disability Confident Committed employer, we actively encourage conversations about reasonable adjustments and will invite shortlisted candidates to share any adjustments they may need during the recruitment process.