Cyber Manager
Job Title: Cyber Security Manager
Location: Maidenhead/ Southeast – regular travel between Entities
Role Overview
We are seeking an experienced and adaptable Cyber Security Manager to strengthen cyber resilience, lead security improvements, and embed secure-by-design practices across a diverse range of technical estates. This includes Defence-classified networks, legacy and industrial systems, hybrid IT/OT environments, research platforms, and modern cloud services.
Key Responsibilities
1. Cyber Security Strategy, Planning & Delivery
- Develop, maintain, and execute cyber security plans and roadmaps tailored to each entity’s operational context, regulatory requirements, and risk profile.
- Provide informed security input into business planning, technology adoption, digital initiatives, and transformation programmes.
- Ensure cyber activities support wider organisational objectives, customer expectations, and contractual obligations.
2. Secure-by-Design & Architecture Assurance
- Embed secure-by-design principles across platforms, services, products, and transformation initiatives.
- Review solution designs, technical architectures, and configuration proposals to ensure appropriate security controls and alignment with best practice.
- Provide early engagement and continuous assurance to engineering, IT, OT, digital development teams, and research groups.
3. Cyber Governance & Compliance
- Implement and continuously improve cyber governance frameworks, processes, and metrics suitable for small, agile organisations operating in sensitive environments.
- Manage and maintain entity-level cyber risk registers, ensuring clear visibility, prioritisation, and mitigation progress.
- Ensure alignment with key standards and regulatory frameworks including:
- NCSC guidance and CAF
- ISO 27001
- NIST CSF
- Cyber Essentials Plus
- Secure by Design principles
- Work with procurement to ensure cyber requirements are appropriately flowed down to suppliers, partners, and third-party service providers.
4. Operational Cyber Security Management
- Oversee operational security activities across multiple entities, including:
- Threat detection and monitoring
- Incident response and remediation
- Vulnerability identification and patch management
- Endpoint protection and hardening
- Network and boundary defence
- IDS/IPS tuning, configuration, and alert handling
- Ensure operational security tools, processes, and monitoring capabilities are effectively deployed and maintained.
5. Management of Classified & High-Security Environments
- Govern cyber controls and practices for systems handling Official-Sensitive and above.
- Ensure appropriate physical, procedural, and technical controls are in place across secure research, prototyping, and engineering environments.
- Ensure that classified systems adhere to the appropriate Defence standards, accreditation requirements, and audit expectations.
6. IT & OT Security Integration
- Lead the integration of cyber controls across mixed technology estates, including:
- Traditional IT
- Operational Technology (OT)
- Industrial Control Systems (ICS)
- Legacy and bespoke engineering platforms
- Provide risk-based guidance that accounts for operational constraints and system criticality.
7. Customer Assurance & Stakeholder Engagement
- Act as the central point of cyber expertise for internal entities, customers, and auditors.
- Produce high-quality reporting, assurance documentation, and security evidence packs for customer programmes and assessments.
- Support contract negotiations and customer engagements where cyber security obligations or expectations are discussed.
8. Collaboration & Leadership
- Work closely with IT, OT, engineering, digital development, legal, procurement, programme delivery, and operations teams to embed security throughout the lifecycle.
- Contribute to the development of cyber culture and awareness across the entities supported.
- Provide leadership, mentoring, and task direction to cyber specialists and third-party providers.
Qualifications & Experience
Essential
- 8+ years’ experience in cyber security roles within complex, secure, or regulated environments (e.g., defence, government, national security, critical infrastructure, aerospace, research).
- Demonstrable experience managing cyber security in high-assurance and classified system environments.
- Strong experience across security operations, incident response, vulnerability management, and threat detection.
- Technical knowledge of:
- Identity management and access controls
- PKI and cryptographic services
- SIEM platforms and log analytics
- Firewalls, boundary protection, and secure networking
- Endpoint security and system hardening
- Hands-on implementation experience of frameworks such as:
- NIST CSF
- ISO 27001
- CIS Controls
- Cyber Essentials (Plus)
- Secure by Design / Security by Design
- Proven ability to balance strategic thinking with tactical execution.
- Experience working with OT and legacy systems, including industrial or research environments...
Skills & Competencies
- Able to pivot between strategic engagement (roadmaps, governance, risk, leadership support) and hands-on operational delivery (tooling, response, reviews, configurations).
- Strong analytical, organisational, and communication skills.
- Comfortable advising senior leaders and collaborating across multi-disciplinary teams.
- Experience building positive security cultures in small, innovative organisations.
- Practical mindset, able to deliver effective security outcomes in constrained or agile environments.
Desirable
- Background in defence, aerospace, national security, or critical national infrastructure.
- Familiarity with Defence security policies and standards including:
- DefStan 05-139
- DefCon 658
- DefStan 05-138
- JSP453 / JSP604
- Experience supporting MOD accreditation and assurance processes.
- Experience with Microsoft Azure security, including identity, governance, monitoring, hybrid integration, and Azure-native security controls.
- Professional certifications such as CISSP, CISM, CISA, SABSA, GICSP, or cloud security certifications (e.g., Azure Security Engineer).