• Cyber Security Manager
• Outside IR35
• Digital Transformation

Outside IR35 - Hybrid (3 days on site in London, 2 days remote)

We urgently need a Cyber Security Manager for a a major national digital transformation programme to support a high profile online retail initiative as it moves through procurement and definition phases. This role will play a critical part in shaping a secure, resilient, and scalable digital retail platform used by millions of people.

Required Skills & Experience

• Strong technical expertise across application, infrastructure, cloud, and OS security, including modern web and API architectures.
• Deep understanding of current threats and controls, including OWASP Top Ten (Web & API)
• Experience with key standards and regulations: ISO 27001, PCI DSS, UK GDPR, and relevant government/industry frameworks.
• Strong grounding in core security principles: defence in depth, least privilege, zero trust, security by design.
• Hands on experience with threat modelling (eg, STRIDE) and risk management.
• Proven ability to assess and assure third party supplier security within procurement processes.
• Experience establishing security KPIs, governance, and assurance across delivery phases.
• Excellent stakeholder engagement skills, able to influence both technical and non technical audiences.
• Comfortable operating in a fast paced, complex, and ambiguous delivery environment.

Key Responsibilities

• Embed security by design across solution architecture, working closely with architects, technical leads, and security stakeholders.
• Define and refine security, resilience, and non functional requirements for procurement.
• Lead threat modelling and risk assessments across applications, integrations, data flows, and user journeys.
• Provide actionable recommendations to influence design decisions and acceptance criteria.
• Establish and maintain security governance, including KPIs, review gates, and assurance activities.
• Support incident readiness planning and alignment with wider organisational security objectives.
• Contribute to supplier evaluation through a structured security assessment framework.
• Maintain a comprehensive security risk log, including inherited risks from existing systems and new build components.

Please forward your CV for immediate consideration.