At Heathrow, the safety and security of our passengers and operations is our top priority. We're looking for a Cyber Security Manager - Threat Management to help lead our threat defence capabilities, protect our digital and operational environments, and contribute to the UK's critical national infrastructure. This is a unique opportunity to play a key leadership role in our Cyber Security function, supporting the development and delivery of our cyber strategy while managing a team of high-performing Cyber Security Analysts.
Responsibilities
* Lead and develop a team of Cyber Security Analysts to detect, defend, and respond to cyber threats across IT and OT environments.
* Own and improve cyber security controls, tools, and monitoring capabilities aligned with frameworks such as ISO 27001, NIST, and Cyber Assessment Framework (CAF).
* Report on cyber threats, risks, vulnerabilities, and controls to both internal stakeholders and external auditors, regulators, and assurance bodies (e.g. CAA ASSURE, PCI-DSS, GDPR).
* Support the creation and maintenance of security roadmaps, policies, and frameworks that underpin Heathrow's cyber security strategy and compliance obligations.
* Collaborate with teams across Technology, Data Protection, Corporate Risk, Security Intelligence, and Operations to drive cyber maturity.
* Lead cyber transformation initiatives and ensure compliance with regulatory, legislative, and contractual requirements.
Qualifications
* Proven experience in Cyber Security management within complex, regulated environments.
* Strong knowledge of threat management tools and practices, with hands‑on experience applying frameworks such as ISO 27001, NIST SP‑800.
* Expertise in risk management, vulnerability management, and security governance.
* Familiarity with compliance regimes such as PCI‑DSS, GDPR, and sector‑specific oversight like the CAA Cyber Oversight (CAP 1753) or NIS Directive.
* Skilled in translating technical threats and controls into business‑relevant insights for senior stakeholders.
* Certifications such as CISM, CISSP, CRISC, GSEC, or equivalent are highly desirable.
* Desirable: Experience in Critical National Infrastructure, Operational Technology (OT) Security, and Microsoft security tools (e.g., Sentinel, Defender).
#J-18808-Ljbffr