Cyber Manager

Job Title: Cyber Security Manager

Location: Maidenhead/ Southeast – regular travel between Entities

Role Overview

We are seeking an experienced and adaptable Cyber Security Manager to strengthen cyber resilience, lead security improvements, and embed secure-by-design practices across a diverse range of technical estates. This includes Defence-classified networks, legacy and industrial systems, hybrid IT/OT environments, research platforms, and modern cloud services.

Key Responsibilities

1. Cyber Security Strategy, Planning & Delivery

  • Develop, maintain, and execute cyber security plans and roadmaps tailored to each entity’s operational context, regulatory requirements, and risk profile.
  • Provide informed security input into business planning, technology adoption, digital initiatives, and transformation programmes.
  • Ensure cyber activities support wider organisational objectives, customer expectations, and contractual obligations.

2. Secure-by-Design & Architecture Assurance

  • Embed secure-by-design principles across platforms, services, products, and transformation initiatives.
  • Review solution designs, technical architectures, and configuration proposals to ensure appropriate security controls and alignment with best practice.
  • Provide early engagement and continuous assurance to engineering, IT, OT, digital development teams, and research groups.

3. Cyber Governance & Compliance

  • Implement and continuously improve cyber governance frameworks, processes, and metrics suitable for small, agile organisations operating in sensitive environments.
  • Manage and maintain entity-level cyber risk registers, ensuring clear visibility, prioritisation, and mitigation progress.
  • Ensure alignment with key standards and regulatory frameworks including:
  • NCSC guidance and CAF
  • ISO 27001
  • NIST CSF
  • Cyber Essentials Plus
  • Secure by Design principles
  • Work with procurement to ensure cyber requirements are appropriately flowed down to suppliers, partners, and third-party service providers.

4. Operational Cyber Security Management

  • Oversee operational security activities across multiple entities, including:
  • Threat detection and monitoring
  • Incident response and remediation
  • Vulnerability identification and patch management
  • Endpoint protection and hardening
  • Network and boundary defence
  • IDS/IPS tuning, configuration, and alert handling
  • Ensure operational security tools, processes, and monitoring capabilities are effectively deployed and maintained.

5. Management of Classified & High-Security Environments

  • Govern cyber controls and practices for systems handling Official-Sensitive and above.
  • Ensure appropriate physical, procedural, and technical controls are in place across secure research, prototyping, and engineering environments.
  • Ensure that classified systems adhere to the appropriate Defence standards, accreditation requirements, and audit expectations.

6. IT & OT Security Integration

  • Lead the integration of cyber controls across mixed technology estates, including:
  • Traditional IT
  • Operational Technology (OT)
  • Industrial Control Systems (ICS)
  • Legacy and bespoke engineering platforms
  • Provide risk-based guidance that accounts for operational constraints and system criticality.

7. Customer Assurance & Stakeholder Engagement

  • Act as the central point of cyber expertise for internal entities, customers, and auditors.
  • Produce high-quality reporting, assurance documentation, and security evidence packs for customer programmes and assessments.
  • Support contract negotiations and customer engagements where cyber security obligations or expectations are discussed.

8. Collaboration & Leadership

  • Work closely with IT, OT, engineering, digital development, legal, procurement, programme delivery, and operations teams to embed security throughout the lifecycle.
  • Contribute to the development of cyber culture and awareness across the entities supported.
  • Provide leadership, mentoring, and task direction to cyber specialists and third-party providers.

Qualifications & Experience

Essential

  • 8+ years’ experience in cyber security roles within complex, secure, or regulated environments (e.g., defence, government, national security, critical infrastructure, aerospace, research).
  • Demonstrable experience managing cyber security in high-assurance and classified system environments.
  • Strong experience across security operations, incident response, vulnerability management, and threat detection.
  • Technical knowledge of:
  • Identity management and access controls
  • PKI and cryptographic services
  • SIEM platforms and log analytics
  • Firewalls, boundary protection, and secure networking
  • Endpoint security and system hardening
  • Hands-on implementation experience of frameworks such as:
  • NIST CSF
  • ISO 27001
  • CIS Controls
  • Cyber Essentials (Plus)
  • Secure by Design / Security by Design
  • Proven ability to balance strategic thinking with tactical execution.
  • Experience working with OT and legacy systems, including industrial or research environments...

Skills & Competencies

  • Able to pivot between strategic engagement (roadmaps, governance, risk, leadership support) and hands-on operational delivery (tooling, response, reviews, configurations).
  • Strong analytical, organisational, and communication skills.
  • Comfortable advising senior leaders and collaborating across multi-disciplinary teams.
  • Experience building positive security cultures in small, innovative organisations.
  • Practical mindset, able to deliver effective security outcomes in constrained or agile environments.

Desirable

  • Background in defence, aerospace, national security, or critical national infrastructure.
  • Familiarity with Defence security policies and standards including:
  • DefStan 05-139
  • DefCon 658
  • DefStan 05-138
  • JSP453 / JSP604
  • Experience supporting MOD accreditation and assurance processes.
  • Experience with Microsoft Azure security, including identity, governance, monitoring, hybrid integration, and Azure-native security controls.
  • Professional certifications such as CISSP, CISM, CISA, SABSA, GICSP, or cloud security certifications (e.g., Azure Security Engineer).

Job Details

Company
Malloy Aeronautics Ltd
Location
Maidenhead, Berkshire, England, United Kingdom
Employment Type
Full-Time
Salary
Salary negotiable
Posted