Security Manager – Digital Transformation (Inside IR35)
We’re looking for a proactive and highly experienced Security Manager to lead the security strategy for a major UK Public Sector digital programme. If you’re passionate about embedding security by design, managing risks at scale, and ensuring alignment with governance and privacy frameworks, this role will put you at the heart of a high-impact transformation.
📍 Location: UK, Remote
📅 Contract Duration: Until 31 March 2026
💼 Contract Type: Inside IR35
Responsibilities
🛡️ Acting as the primary security lead for the Digitalisation programme and associated digital solutions
📊 Producing and presenting monthly security governance reports, risk registers, and security cases
⚠️ Leading risk assessments, managing mitigation controls, and contributing to DPIAs
🔍 Supporting HMG Secure-by-Design assurance across the entire delivery lifecycle
🛠️ Feeding into control design activities—DevSecOps, threat modelling, workshops, and design reviews
🧪 Managing and coordinating penetration testing and remediation efforts
🚨 Leading security incident response for the programme, from detection to resolution
🎓 Running tailored security awareness training for teams
🔒 Maintaining continuous oversight of emerging threats, vulnerabilities, and ensuring swift action
📄 Supporting alignment with future certification frameworks such as GovAssure, NCSC CAF, ISO27001
Requirements:
🧠 In-depth knowledge of NIST, ISO27001, ISO27701, NCSC, and Cabinet Office security best practices
✅ Proven track record across full security lifecycle: risk management, governance, incidents, pen testing
🏛️ Experience working in the UK Public Sector, ideally with the NHS/NHSE and government design principles
⚙️ Hands-on experience in Agile/DevOps settings using tools like Jira and Confluence
Bonus Points 📘
📌 Certifications such as CISSP, CISM, or ISO 27001 Lead Implementer/Auditor
🏥 Familiarity with NHS-specific or healthcare-related data protection requirements
Deadline for applications is 30.05.2025 (17:00.)