Cyber Security Programme Manager £950 per day | Inside IR35 | 12-month contract London (Hybrid) Insurance sector - Insurance experience is essential The Opportunity We're looking for a seasoned Cyber Security Programme Manager to lead and deliver complex, high-impact security programmes for a major insurance client. This role sits at the heart of enterprise cyber transformation, driving resilience, regulatory compliance, and risk reduction across a large, regulated environment. You'll be accountable for shaping strategy into executable programmes, coordinating multiple workstreams, and ensuring cyber initiatives land on time, on budget, and with real business impact. Key Responsibilities Lead end-to-end delivery of large-scale cyber security programmes across multiple domains Own programme governance, planning, RAID, financials, and executive reporting Translate cyber risk into clear business outcomes for senior stakeholders Coordinate delivery across internal teams, third parties, and system integrators Ensure alignment with insurance regulatory requirements (e.g. FCA, PRA, GDPR, ISO) Drive delivery of security initiatives across legacy and cloud environments Manage dependencies across IT, Security, Risk, Legal, and the wider business Embed security-by-design into enterprise change initiatives Essential Experience Proven experience as a Cyber Security Programme Manager in large, complex organisations Strong insurance sector experience - mandatory Track record delivering multi-million-pound cyber or technology transformation programmes Deep understanding of cyber risk, security controls, and regulatory drivers in financial services Comfortable operating at C-suite and Board level Excellent governance, communication, and stakeholder management skills Security Domains Identity & Access Management (IAM, PAM) Cloud Security (AWS, Azure, GCP) Security Operations (SOC, SIEM, SOAR) Vulnerability Management & Threat Intelligence Data Security & Privacy Network & Infrastructure Security Endpoint & Mobile Security Third-Party / Supply Chain Risk Incident Response & Cyber Resilience Tools & Technologies (typical exposure) IAM: SailPoint, Okta, Azure AD, CyberArk SIEM/SOC: Splunk, Sentinel, QRadar Cloud: AWS, Azure security tooling, CSPM solutions Endpoint: CrowdStrike, Defender, Carbon Black Vulnerability: Tenable, Qualys, Rapid7 GRC: ServiceNow GRC, Archer DevSecOps & CI/CD security tooling Zero Trust architectures Eames Consulting is acting as an Employment Business in relation to this vacancy.