IT Security Manager - Wembley

IT Security Manager

Location: Wembley - 5 days on-site
Type: Permanent

Salary: £(phone number removed) per annum + permanent benefits

We're partnered with a large organisation undergoing a major digital and data transformation, and we're looking for an experienced Cyber Security Manager to lead and mature their cybersecurity function.

This is a strategic and governance-focused role, sitting at the intersection of security operations, risk management, and data protection. You'll take ownership of security oversight, working closely with external security providers while ensuring internal teams are aligned to best practice frameworks and regulatory requirements.

Responsibilities

Security Operations & Vendor Oversight

Own and manage relationships with outsourced 24/7 SOC / MDR providers
Monitor performance against SLAs and ensure proactive threat detection across cloud environments
Manage security incident escalations and coordinate response activities across internal and external teams
Drive value and accountability from third-party security partnersGovernance, Risk & Compliance

Own and maintain the Information Security Policy, Cyber Risk Register, and Risk Appetite framework
Lead internal and external audits, ensuring compliance with UK GDPR and relevant security standards
Oversee regulatory reporting and ensure adherence to industry frameworks (e.g., ISO 27001, NIST)
Focus on practical risk reduction aligned to business prioritiesData Security & Transformation

Lead the implementation of data security capabilities to discover, classify, and protect sensitive data
Support broader digital and AI initiatives by ensuring robust data protection practices
Collaborate with engineering and architecture teams to embed security controls into platformsStakeholder Engagement

Translate complex technical risks and alerts into clear, business-facing insights for senior leadership
Act as a trusted advisor to the IT Director and wider leadership team on cyber risk and resilience
Ensure security policies are embedded into delivery through automated controls and best practice frameworksSkills & Experience Required

Proven experience managing external MSSPs, SOC, or MDR providers
Strong knowledge of security frameworks such as ISO 27001, NIST, and UK GDPR
Experience maintaining enterprise-level risk registers and governance frameworks
Familiarity with data security posture management (DSPM) tools and data classification platforms
Good understanding of cloud security (Azure/AWS) and identity protocols (OIDC, SAML, MFA / Entra ID)
Experience coordinating incident response across multiple stakeholders, including external forensic teams
Strong commercial awareness with the ability to link security decisions to business outcomes
Excellent communication skills, with the ability to translate technical risk into business impact
Only candidates based in UK and eligible to work in UK are allowed