Outside IR35 - Hybrid (3 days on‑site in London, 2 days remote)
We urgently need a Cyber Security Manager for a a major national digital transformation programme to support a high‑profile online retail initiative as it moves through procurement and definition phases. This role will play a critical part in shaping a secure, resilient, and scalable digital retail platform used by millions of people.
Required Skills & Experience
- Strong technical expertise across application, infrastructure, cloud, and OS security, including modern web and API architectures.
- Deep understanding of current threats and controls, including OWASP Top Ten (Web & API)
- Experience with key standards and regulations: ISO 27001, PCI DSS, UK GDPR, and relevant government/industry frameworks.
- Strong grounding in core security principles: defence in depth, least privilege, zero trust, security by design.
- Hands‑on experience with threat modelling (e.g., STRIDE) and risk management.
- Proven ability to assess and assure third‑party supplier security within procurement processes.
- Experience establishing security KPIs, governance, and assurance across delivery phases.
- Excellent stakeholder engagement skills, able to influence both technical and non‑technical audiences.
- Comfortable operating in a fast‑paced, complex, and ambiguous delivery environment.
Key Responsibilities
- Embed security‑by‑design across solution architecture, working closely with architects, technical leads, and security stakeholders.
- Define and refine security, resilience, and non‑functional requirements for procurement.
- Lead threat modelling and risk assessments across applications, integrations, data flows, and user journeys.
- Provide actionable recommendations to influence design decisions and acceptance criteria.
- Establish and maintain security governance, including KPIs, review gates, and assurance activities.
- Support incident readiness planning and alignment with wider organisational security objectives.
- Contribute to supplier evaluation through a structured security assessment framework.
- Maintain a comprehensive security risk log, including inherited risks from existing systems and new build components.
Please forward your CV for immediate consideration.
TPBN1_UKTJ