Cyber Response Planning Lead

As a Cyber Response Planning Lead , you will play a key role within the Cyber Resilience and Information Security team at Thames Water, supporting the organisation’s preparedness to respond effectively to cyber incidents across critical infrastructure. Working closely with cybersecurity leadership, IT and OT teams, and business stakeholders, you will ensure that incident response capabilities are robust, tested, and continuously improved.

This role contributes to Thames Water’s cybersecurity resilience by designing and delivering cyber incident exercises, enhancing stakeholder readiness, maintaining response documentation, and ensuring lessons learned are embedded into continuous improvement activities. You will collaborate across the organisation to strengthen incident response capabilities while maintaining high standards of governance, reporting, and compliance.

Security Clearance: CTC (Counter Terrorist Check) clearance is essential. You must currently hold or be able to attain CTC clearance for this role.

What you’ll be doing as a Cyber Response Planning Lead

• Lead the design, delivery, and documentation of cyber incident simulations and exercises across IT, OT, Digital, and operational business units.
• Develop and execute diverse cyber incident scenarios including ransomware, insider threats, supply chain attacks, OT compromise, and data loss.
• Analyse exercise outcomes to identify lessons learned, gaps, and improvement opportunities.
• Coordinate and deliver stakeholder awareness sessions and role-based training to enhance incident response readiness.
• Maintain stakeholder engagement records and ensure visibility of training and preparedness activities.
• Collaborate with IT, OT, and business resilience teams to strengthen organisational preparedness and alignment.
• Lead periodic reviews and updates of incident response documentation, including plans, playbooks, workflows, and communication guides.
• Ensure documentation aligns with evolving threats, operational changes, and regulatory requirements.
• Conduct structured post-incident and post-exercise analysis to identify root causes and improvement actions.
• Maintain and manage a lessons-learned register, ensuring findings are prioritised and tracked.
• Facilitate review sessions with stakeholders to agree actionable recommendations.
• Oversee tracking and validation of remediation and improvement actions.
• Maintain audit-ready documentation including incident logs, dashboards, and governance reports.
• Produce regular reporting for leadership on incident trends, exercise outcomes, and organisational readiness.

Base location – Hybrid – Clearwater Court, Reading.
Working pattern – 36 hours Monday to Friday.

What you should bring to the role

• Significant experience in cyber incident management, emergency planning, or IT risk management.
• Experience working within critical infrastructure, utilities, or public sector environments.
• Experience coordinating incident exercises and embedding continuous improvement activities.
• Experience developing and maintaining incident management plans, procedures, and policies.
• Strong ability to work under pressure and manage multiple priorities.
• Excellent communication and interpersonal skills to engage technical and non-technical stakeholders.
• Ability to build strong relationships and work collaboratively across teams.
• Self-motivated with the ability to work independently and drive initiatives forward.

Technical experience and skills

• Proficiency in incident management tools and cybersecurity technologies.
• Knowledge of cybersecurity frameworks such as ISO 27001, NIST SP 800-61, and MITRE ATT&CK.
• Ability to analyse incidents, exercises, and trends to drive improvements in response capability.
• Experience in maintaining structured documentation, including plans, reports, and evidence sets.

Desirable qualifications and experience

• Broader knowledge and experience within cybersecurity or information security.
• Experience working with vendors and commercial or procurement teams.
• Experience delivering training and simulations to improve organisational preparedness.
• Experience supporting regulatory compliance aligned to industry standards (e.g., SEMD, CAF).

Desirable technical skills and qualifications

• Bachelor’s degree in Computer Science, IT, Cyber Security, or a related field.
• Professional certifications such as CISSP, CISM, or CRISC.

What’s in it for you?

• Competitive salary between £68,000 and £78,000 per annum, depending on experience.
• Annual Leave - 26 days holiday per year, increasing to 30 with the length of service. (plus bank holidays)
• Generous Pension Scheme through AON.
• Performance-related pay plan directly linked to company performance measures and targets.
• Access to lots of benefits to help you take care of you and your family’s health and wellbeing, and your finances – from annual health MOTs and access to physiotherapy and counselling, to Cycle to Work schemes, shopping vouchers and life assurance.

Find out more about our benefits and perks (Please note different T&Cs apply if on secondment)

Who are we?
We’re the UK’s largest water and wastewater company, with more than 16 million customers relying on us every day to supply water for their taps and toilets. We want to build a better future for all, helping our customers, communities, people, and the planet to thrive. It’s a big job and we’ve got a long way to go, so we need help from passionate and skilled people, committed to making a difference and getting us to where we want to be in the years and decades to come.

Learn more about our purpose and values

Working at Thames Water
Thames Water is a unique, rewarding, and diverse place to work, where every day you can make a difference, yet no day is the same. As part of our family, you’ll enjoy meaningful career opportunities, flexible working arrangements and excellent benefits.

If you’re looking for a sustainable and successful career where you can make a daily difference to millions of people’s lives while helping to protect the world of water for future generations, we’ll be here to support you every step of the way. Together, we can build a better future for our customers, our region, and our planet.

Real purpose, real support, real opportunities. Come and join the Thames Water family. Why choose us? Learn more.

We’re committed to being a great, diverse, and inclusive place to work. We welcome applications from everyone and want to ensure you feel supported throughout the recruitment process. If you need any adjustments, whether that’s extra time, accessible formats, or anything else just let us know, we’re here to help and support.

When a crisis happens, we all rally around to support our customers. As part of Team Thames, you’ll have the opportunity to sign up to support our customers on the frontline as an ambassador. Full training will be given for what is undoubtedly an incredibly rewarding experience. It’s also a great opportunity to learn more about our business and meet colleagues.

Disclaimer: Due to the high volume of applications we receive, we may close the advert earlier than the advertised date, so we encourage you to apply as soon as possible to avoid disappointment.