Job Description
Cyber Security Programme Manager
£950 per day | Inside IR35 | 12-month contractLondon (Hybrid)Insurance sector - Insurance experience is essential
The Opportunity
We're looking for a seasoned Cyber Security Programme Manager to lead and deliver complex, high-impact security programmes for a major insurance client. This role sits at the heart of enterprise cyber transformation, driving resilience, regulatory compliance, and risk reduction across a large, regulated environment.
You'll be accountable for shaping strategy into executable programmes, coordinating multiple workstreams, and ensuring cyber initiatives land on time, on budget, and with real business impact.
Key Responsibilities
* Lead end-to-end delivery of large-scale cyber security programmes across multiple domains
* Own programme governance, planning, RAID, financials, and executive reporting
* Translate cyber risk into clear business outcomes for senior stakeholders
* Coordinate delivery across internal teams, third parties, and system integrators
* Ensure alignment with insurance regulatory requirements (e.g. FCA, PRA, GDPR, ISO)
* Drive delivery of security initiatives across legacy and cloud environments
* Manage dependencies across IT, Security, Risk, Legal, and the wider business
* Embed security-by-design into enterprise change initiatives
Essential Experience
* Proven experience as a Cyber Security Programme Manager in large, complex organisations
* Strong insurance sector experience - mandatory
* Track record delivering multi-million-pound cyber or technology transformation programmes
* Deep understanding of cyber risk, security controls, and regulatory drivers in financial services
* Comfortable operating at C-suite and Board level
* Excellent governance, communication, and stakeholder management skills
Security Domains
* Identity & Access Management (IAM, PAM)
* Cloud Security (AWS, Azure, GCP)
* Security Operations (SOC, SIEM, SOAR)
* Vulnerability Management & Threat Intelligence
* Data Security & Privacy
* Network & Infrastructure Security
* Endpoint & Mobile Security
* Third-Party / Supply Chain Risk
* Incident Response & Cyber Resilience
Tools & Technologies (typical exposure)
* IAM: SailPoint, Okta, Azure AD, CyberArk
* SIEM/SOC: Splunk, Sentinel, QRadar
* Cloud: AWS, Azure security tooling, CSPM solutions
* Endpoint: CrowdStrike, Defender, Carbon Black
* Vulnerability: Tenable, Qualys, Rapid7
* GRC: ServiceNow GRC, Archer
* DevSecOps & CI/CD security tooling
* Zero Trust architectures
Eames Consulting is acting as an Employment Business in relation to this vacancy.