Cyber Security Contracts Manager (NIS/CAF)

Cyber Security Contracts Manager (NIS/CAF)

Utilities

Remote working: very rare travel to Warwick

6 months

£800 per day

In short: Utilities is heavily-regulated and given we work with multiple suppliers we must adhere to certain framework-driven compliances (NIS/CAF). We need someone to oversee and review our current contracts with suppliers and look for gaps that would leads us to fail an audit.

The person we need will wear 2 hats:

1) would be to have strong knowledge around NIS / CAF process and policies, where they apply and how to write scope documents.

2 would be someone who knows how to review a supplier contract from a Cyber framework perspective.

We appreciate that this is a niche requirement so if you lean more towards NIS / CAF policies with *some* contract experience then we’re open to a chat; similarly, if you lean more towards contracts management but have reviewed supplier agreements with a focus on cyber then please also apply.

Requirement

We are seeking an additional resource to support the development of our processes, policies and contract documents relating to the Cyber Assessment Framework (CAF) and Network and Information (NIS) Regulations.

Assignment Overview

We are seeking an experienced Cyber Assessment Framework (CAF) and Network and Information (NIS) Regulations to undertake a contract assignment focused on updating and enhancing service supplier contracts across four operational sites within the energy sector. Each site supports four to five operational systems, with contracts requiring updates to ensure the provision of services will support and sustain CAF Enhanced Profile compliance.

This role will work closely with operational, technical, and commercial stakeholders to review existing contractual arrangements, identify gaps, and implement updated contract terms aligned with regulatory, operational, and assurance requirements.

Key Responsibilities

• Review and assess existing service supplier contracts across four operational sites
• Identify contractual gaps, risks, and improvement opportunities related to CAF Enhanced Profile compliance
• Work with internal stakeholders (operations, engineering, cyber/security, legal, and commercial teams) to validate service requirements and compliance needs
• Update and negotiate contract terms, service schedules, KPIs, and obligations to ensure appropriate maintenance, support, and assurance coverage
• Engagement and negotiation with service suppliers to agree revised contractual positions
• Ensure contractual outputs are practical, measurable, and aligned with operational maintenance realities
• Develop and implement a consistent contractual approach across sites while accommodating site‑specific requirements
• Maintain clear documentation, contract registers, and audit trails to support compliance assurance
• Provide regular progress updates and risk assessments to project or commercial leads

Key Deliverables

• Updated and agreed service supplier contracts supporting CAF Enhanced Profile compliance
• Clear service definitions, KPIs, SLAs, and compliance obligations
• A consistent contractual framework across all operational sites
• Documented risks, assumptions, and mitigation actions

Skills and Experience

Essential

• Proven experience in CAF, cyber resilience, assurance, or compliance‑driven contracting environments
• Strong experience reviewing, updating, and negotiating supplier contracts
• Ability to work in complex, multi‑site operational environments
• Clear understanding of service‑based contracting and supplier management
• Strong stakeholder management and communication skills
• Detail‑oriented approach with strong documentation and governance practices

Desirable

• Experience in regulated or operationally critical environments such as energy, utilities, water, rail, MoD or similar sectors
• Experience working on contract remediation or compliance uplift programmes
• Direct experience of delivering into a security framework (e.g. CAF, 62443, NIST)
• Direct experience of delivering service contracts for data centres

Personal Attributes

• Pragmatic and solutions‑focused
• Comfortable working autonomously within a defined assignment scope
• Able to balance commercial, operational, and compliance considerations
• Confident engaging with both technical and non‑technical stakeholders

Candidates will ideally show evidence of the above in their CV in order to be considered.

Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.

We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.