Senior Threat & Vulnerability Analyst

Royal London Group

Macclesfield

7 months ago

Applications closed

Related Jobs

View all jobs

Senior SOC Analyst x 2

Threat Intelligence Specialist

Senior Security Engineer - CIAM XDP

Principal Engineer

Cyber Security - Secure by Design Consultant

Threat Intelligence Business Analyst

Job Title: Senior Threat & Vulnerability Analyst

Contract Type: Permanent

Location: Alderley Edge/Edinburgh

Working style: Hybrid 50% home/office based

Closing date: 7th February 2025

We are expanding our security and resilience team within the CISO office. Over the last few years, we have been on a continuous improvement journey and are looking to expand the team. This new role will allow us to fully enact our threat-led vulnerability management program, risk-assess the rapid uptake of cloud services, drive further improvements across cyber and support our organisational goal of building a secure and resilient mutual. With a security team of more than fifty staff, this new role will continue to enhance our capabilities against an ever-changing cyber threat landscape.

We are seeking a highly skilled and experienced Senior Threat and Vulnerability Analyst to join Royal London. In this role, you will play a critical part in safeguarding our organisation against potential threats and vulnerabilities. Your expertise and strategic thinking will be essential in protecting our sensitive information and ensuring the overall security of our operations.

In this position, you will be responsible for the assessment of vulnerabilities across the Royal London estate. You will help lead on the identification, prioritisation, and remediation tracking of vulnerabilities to ensure that Royal London operates in line with current legislative, regulatory, and business security requirements. You will work closely with cross-functional teams to help them implement security measures and provide guidance on best practices. Additionally, you will need to stay up to date with the evolving cyber threat landscape and proactively research and analyse emerging threats.

This is an excellent opportunity for a meticulous and results-driven professional with a strong background in cybersecurity, and particularly vulnerability management. If you are enthusiastic about protecting sensitive information, customer data and have a proven track record of implementing effective security measures, we would love to hear from you.

About the role

Support the Vulnerability Manager in leading a team of patching and vulnerability analysts providing effective leadership whilst also helping support senior management thereby ensuring vulnerabilities are resolved appropriately by remediation teams and within documented SLAs. Provide guidance, support, and mentorship to foster professional growth and maximise individual and team performance.
Supporting the governance related to this key control.
Ensuring all regular and out-of-band vulnerabilities are risk assessed against agreed risk thresholds and support the prioritisation and remediation work of teams within documented SLA and compensating controls.
Help provide regular KRI metrics and reports, along with a clear narrative for non-compliant remediation activities.
Review and enhance processes and technologies used to support and execute the vulnerability management service.
Work collaboratively with other Security Leads and the wider IT team to triage and remediate security threats and vulnerabilities within agreed SLAs.
Collaborate with the incident response team in investigating and responding to security incidents, providing subject matter expertise and support in the use of security technologies to identify, contain, and remediate threats.
Remain up to date on the latest cyber technologies, threat landscapes and vulnerability exploitation techniques.
Ability to work on their own but also manage others, including third parties.

About you

Proven experience in vulnerability management and application security technologies across an on-prem and Cloud estate. Experience leading a vulnerability management team.

Strong technical understanding of multiple security domains (Identity and Access Management, Data Protection, Networking, Endpoint Protection, Application Security as well as Security Operations).

Proficient in using vulnerability management platforms such as Tenable, Kenna, Qualys, or Rapid7.
Good understanding and practical experience of Cyber Security Frameworks and standards, e.g. NIST.
Excellent senior stakeholder and 3rd party management skills.
Strong understanding of information security concepts, technologies, and best practices.
Excellent problem-solving and analytical skills with effective communication and presentation abilities.
Working knowledge of OWASP, MITRE, CVSS and other standards/frameworks relevant to vulnerability management.
Experience in assessing and managing risks and implementing required mitigation strategies.
Ability to manipulate data, extract insight and provide reporting to key stakeholders for actionable tasks.
Previous experience of working within a regulated environment in the financial services industry desirable.
Able to maintain composure and professionalism in pressurised, stressful, and uncertain situations.
Ability to listen, communicate, constructively challenge, and influence team members, immediate peer group, Operational Resilience function senior leadership team and business management / executives.
Proactively seek to generate ideas for new ways to improve.
Understands and accepts the relevance of others’ views and is prepared to change and be open to collaboration.
Continually analyses and evaluates own performance to identify areas for improvement.
Takes personal responsibility for self-development.
MS Excel and MS Power BI proficiency preferable.
Relevant certifications (e.g., CISSP, CISM, CompTIA Sec+) are a plus.

About Royal London

We are the UK’s largest mutual life, pensions, and investment company, offering protection, long-term savings and asset management products and services.

Our People Promise to our colleagues is that we will all work somewhere inclusive, responsible, enjoyable and fulfilling. This is underpinned by our Spirit of Royal London values of: - Empowered, Trustworthy, Collaborate, Achieve.

We have always been proud to reward employees by offering great workplace benefits such as 28 days annual leave in addition to bank holidays, an up to 14% employer matching pension scheme and private medical insurance. You can see all our benefits here - Our Benefits

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Sep 11, 2025

Careers Education

The Best Free Tools & Platforms to Practise Cyber Security Skills 2025/26

Cyber security is one of the most in-demand career fields in the UK. From preventing data breaches to monitoring networks and defending against ransomware, the role of cyber professionals is critical across every industry. With organisations of all sizes facing increasing threats, demand for skilled professionals continues to rise. But employers don’t just want theory—they want proof that you can analyse systems, detect vulnerabilities, and respond to incidents. The good news is that you don’t need to pay thousands of pounds for training to build practical experience. A wide range of free tools and platforms allow you to practise cyber security skills safely, ethically, and at no cost. This article explores the best free resources available in 2025 to help you gain hands-on skills in ethical hacking, penetration testing, digital forensics, network monitoring, and incident response.

Sep 5, 2025

Jobs

Top 10 Skills in Cyber sScurity According to LinkedIn & Indeed Job Postings

In today’s digital age, cyber security is no longer optional—it’s mission-critical. From financial institutions to healthcare providers, government departments to tech startups, every sector in the UK is under rising cyber threats. As a result, employers are constantly on the hunt for skilled professionals who can defend, detect, and respond effectively. But with cyber threats evolving at pace, what exactly are employers seeking? By analysing job postings on LinkedIn and Indeed, this article reveals the Top 10 cyber security skills UK organisations are demanding in 2025. Read on to discover how to present these skills effectively on your CV, in interviews, and through practical proof of experience.

Aug 31, 2025

Careers

The Future of Cybersecurity Jobs: Careers That Don’t Exist Yet

Cyber security has become one of the most critical issues of our age. Once regarded as a technical problem confined to IT departments, it is now a board-level priority, a government mandate, and a daily necessity for individuals. The shift towards cloud services, remote working, connected devices, and artificial intelligence has dramatically increased the risks of digital attacks. In the UK, cyber security is central to national resilience. The government has identified cyber as a “tier one” threat to national security, alongside terrorism and pandemics. The private sector, from banks to retailers, now sees data breaches and ransomware as existential risks. Global spending on cyber security is projected to exceed $250 billion by 2030, with the UK already home to a thriving cyber industry employing tens of thousands. Yet, as powerful as the industry already is, we are only at the beginning. The technologies shaping the next two decades—AI, quantum computing, edge computing, extended reality, and biotechnology—will radically reshape cyber security. Many of the most vital cyber security jobs of the future don’t exist yet. This article explores why new roles will emerge, the careers likely to appear, how today’s jobs will evolve, why the UK is well-positioned, and how professionals can prepare now.