Cyber Security Lead

Senior Cyber Security Lead

Cyber Security, Security Lead, Azure, AWS, NIST, ISO 27001, Cyber Essentials Plus, IAM, EntraID, Forgerock, CISSP, CISM, CCSP, Financial Services, Pension, Government

£85,000 per annum

Bedford

The Cyber Security Lead will report directly to the Head of Information Security and will play a pivotal role in safeguarding the integrity and resilience of our Financial Services clients inhouse platforms. Leading the design, assurance, and continuous improvement of security systems and tooling, ensuring alignment with national cyber standards and best practices

Responsibilities

• Working in close partnership with third-party security and service providers to ensure systems and networks are proactively monitored, security events are accurately detected and triaged, and incidents are responded to base on their severity and business impact.
• Collaborating with architects, risk owners, and delivery teams to embed secure design principles and ensure the security operations centre (SOC) is equipped to handle emerging threats effectively.
• Lead security assurance activities including penetration tests, technical risk assessments, assurance reviews, and third-party security evaluations to ensure alignment with internal and external standards.
• Chairing security governance and technical authority forums to ensure pension providers and schemes connect to the ecosystem in a secure and compliant manner.
• Representing security within change boards and design authorities and ensuring that security non-functional requirements (NFRs) are clearly defined, prioritised, and tracked within product and service delivery.
• Maintaining compliance with national cybersecurity standards, regulatory expectations, and internal frameworks by authoring, updating, and enforcing the PDP Code of Connection (CoCo) security requirements, ensuring all participants meet defined security criteria before connecting to the ecosystem.

Experience.

• Knowledge of supporting the design or implementation of secure systems, you can support the design and review of system architectures through the application of patterns and principles.
• Experience of defining secure architecture principles and applying them to the design and review of on-premises and cloud-based systems, particularly within AWS and Azure environments.
• Knowledge of embedding security requirements throughout the solution lifecycle, from initial design through development, testing, and into operational deployment.
• Demonstrate a strong understanding of leading operational security functions, including SOC operations, threat intelligence, and vulnerability management.
• Experience of managing the incident response lifecycle, including triage, containment, investigation, remediation, and conducting post-incident reviews.
• Demonstrate capability in planning, scoping, and reviewing security assurance activities, including penetration tests, IT health checks, and vulnerability assessments.
• Experience of maintaining a technical risk register and developing appropriate compensating controls where residual risks exceed tolerance thresholds.
• Understanding of how to embed security into agile and DevSecOps processes by feeding non-functional requirements (NFRs) into delivery backlogs.

In the first instance please submit your CV.