IT Security Manager

Responsible For

We are seeking an experienced, hands‑on IT Security Manager to lead a small in‑house team responsible for strengthening and maintaining the organisation’s cyber security posture across all IT systems, services and infrastructure. You will manage the implementation of security controls, ensure compliance with industry and governance standards and best practice, oversee risk management activities, and support the secure operation of cloud, network and application environments.

This role is well suited to a seasoned IT Security Engineer with strong practical experience who is ready to progress into a managerial position.

Key Purpose of Job

To act as a trusted advisor to IT leadership and technical teams, providing strategic direction, technical expertise and operational oversight to protect the organisation’s data, systems and users. The role combines technical leadership with day‑to‑day operational management, covering all aspects of IT security. It also requires driving continuous improvement through regular risk assessments and proactive mitigation activities.

Key Tasks

· Lead, mentor, and support a small cybersecurity and infrastructure security team, fostering a collaborative and high-performing environment.

· Assist with the creation, management, and tracking of the IT security budget, ensuring effective prioritisation of security investments and resources.

· Provide practical technical leadership and remain hands-on in operational security activities where required.

· Develop team capability through coaching, knowledge sharing, training, and process improvement initiatives.

· Develop, maintain, and execute the organisation’s IT security strategy, policies, and standards.

· Help establish and mature team procedures, standards, documentation, and operational best practices.

· Act as a senior escalation point for complex security and infrastructure security issues.

· Ensure alignment with frameworks such as ISO 27001, NIST, CIS Controls, and relevant regulatory requirements (e.g., GDPR), as well as shareholder directives.

· Advise senior stakeholders on cyber threats, emerging risks, and security investment priorities.

· Oversee day‑to‑day security operations including monitoring, threat response, vulnerability management, and incident handling.

· Ensure the organisation’s SIEM, EDR, firewalls and other security tools are well‑configured and maintained.

· Work closely with infrastructure, engineering, and operational teams to embed security best practices into technical solutions and processes.

· Manage relationships with managed security service providers and other security vendors.

· Ensure secure configuration and monitoring of cloud platforms (Azure, AWS) and hybrid infrastructure.

· Review and approve changes to networks, systems and architecture from a security perspective.

· Promote secure development practices across software engineering teams.

· Oversee vulnerability remediation and work closely with developers to resolve identified risks.

· Conduct regular risk assessments and ensure appropriate risk treatment plans are in place.

· Maintain relationships and good working practises with the wider Protective Security team.

· Manage relationships with business teams to understand their workflows and identify areas where security can be embedded. Create and implement security protocols and guidelines tailored to their business processes.

· Ensure all projects identify and address security requirements and follow Secure by Design principles.

· Oversee cyber security audits, compliance initiatives and certification efforts.

· Maintain security documentation, registers and evidence repositories for audit readiness.

· Lead the response to cyber incidents and coordinate with technical teams to contain and remediate threats.

· Ensure good threat intelligence sources for the latest security threats and mitigation strategies.

· Maintain and continuously improve incident response playbooks, disaster recovery plans and continuity strategies.

· Deliver lessons‑learned reviews and drive improvements to prevent recurrence.

· Deliver security awareness training and foster a strong security culture across the organisation.

· Provide security guidance to IT teams, project managers and senior leadership team.

· Communicate technical risks in clear, business‑friendly language.

PERSON SPECIFICATION (essential requirements)

Qualifications

· Degree in Computing or equivalent.

· CISSP, CISM, CCSP, CRISC, CEH, or similar (desirable).

· Cloud security certifications such as AZ‑500 or AWS Security Specialty (desirable).

Experience

· Proven experience in an IT security leadership or management role.

· Strong background in cyber security operations, cloud security and enterprise IT systems.

· Hands‑on experience with security tools such as SIEM (Splunk), EDR, vulnerability scanners and cloud security platforms.

· Experience with ISO 27001 compliance

· Experience in Risk Management

Knowledge & Skills

· Cloud security (Azure/AWS).

· Identity & access management, MFA, RBAC, PAM.

· Network and endpoint security.

· Threat detection, incident response and vulnerability management.

· Secure development and DevSecOps principles.

· Knowledge of Splunk ES would be an advantage

· Strong communication and stakeholder management abilities.

· Ability to work collaboratively with both technical and non‑technical teams.

· Analytical thinking and a pragmatic approach to balancing risk with business needs.