IT Security Manager - Wembley

IT Security Manager

Location: Wembley - 5 days on-site
Type: Permanent

Salary: £ per annum + permanent benefits

We're partnered with a large organisation undergoing a major digital and data transformation, and we're looking for an experienced Cyber Security Manager to lead and mature their cybersecurity function.

This is a strategic and governance-focused role, sitting at the intersection of security operations, risk management, and data protection. You'll take ownership of security oversight, working closely with external security providers while ensuring internal teams are aligned to best practice frameworks and regulatory requirements.

Responsibilities

Security Operations & Vendor Oversight

• Own and manage relationships with outsourced 24/7 SOC / MDR providers
• Monitor performance against SLAs and ensure proactive threat detection across cloud environments
• Manage security incident escalations and coordinate response activities across internal and external teams
• Drive value and accountability from third-party security partners

Governance, Risk & Compliance

• Own and maintain the Information Security Policy, Cyber Risk Register, and Risk Appetite framework
• Lead internal and external audits, ensuring compliance with UK GDPR and relevant security standards
• Oversee regulatory reporting and ensure adherence to industry frameworks (e.g., ISO 27001, NIST)
• Focus on practical risk reduction aligned to business priorities

Data Security & Transformation

• Lead the implementation of data security capabilities to discover, classify, and protect sensitive data
• Support broader digital and AI initiatives by ensuring robust data protection practices
• Collaborate with engineering and architecture teams to embed security controls into platforms

Stakeholder Engagement

• Translate complex technical risks and alerts into clear, business-facing insights for senior leadership
• Act as a trusted advisor to the IT Director and wider leadership team on cyber risk and resilience
• Ensure security policies are embedded into delivery through automated controls and best practice frameworks

Skills & Experience Required

• Proven experience managing external MSSPs, SOC, or MDR providers
• Strong knowledge of security frameworks such as ISO 27001, NIST, and UK GDPR
• Experience maintaining enterprise-level risk registers and governance frameworks
• Familiarity with data security posture management (DSPM) tools and data classification platforms
• Good understanding of cloud security (Azure/AWS) and identity protocols (OIDC, SAML, MFA / Entra ID)
• Experience coordinating incident response across multiple stakeholders, including external forensic teams
• Strong commercial awareness with the ability to link security decisions to business outcomes
• Excellent communication skills, with the ability to translate technical risk into business impact