Maidenhead
Job Title: Cyber Security Manager \n Location: Maidenhead/ Southeast – regular travel between Entities \n Role Overview \n We are seeking an experienced and adaptable Cyber Security Manager to strengthen cyber resilience, lead security improvements, and embed secure-by-design practices across a diverse range of technical estates. This includes Defence-classified networks, legacy and industrial systems, hybrid IT/OT environments, research platforms, and modern cloud services. \n Key Responsibilities \n 1. Cyber Security Strategy, Planning & Delivery \n\n • Develop, maintain, and execute cyber security plans and roadmaps tailored to each entity’s operational context, regulatory requirements, and risk profile.\n, • Provide informed security input into business planning, technology adoption, digital initiatives, and transformation programmes.\n, • Ensure cyber activities support wider organisational objectives, customer expectations, and contractual obligations.\n\n 1. Secure-by-Design & Architecture Assurance \n\n • Embed secure-by-design principles across platforms, services, products, and transformation initiatives.\n, • Review solution designs, technical architectures, and configuration proposals to ensure appropriate security controls and alignment with best practice.\n, • Provide early engagement and continuous assurance to engineering, IT, OT, digital development teams, and research groups.\n\n 1. Cyber Governance & Compliance \n\n • Implement and continuously improve cyber governance frameworks, processes, and metrics suitable for small, agile organisations operating in sensitive environments.\n, • Manage and maintain entity-level cyber risk registers, ensuring clear visibility, prioritisation, and mitigation progress.\n, • Ensure alignment with key standards and regulatory frameworks including:\n, • NCSC guidance and CAF\n, • ISO 27001\n, • NIST CSF\n, • Cyber Essentials Plus\n, • Secure by Design principles\n, • Work with procurement to ensure cyber requirements are appropriately flowed down to suppliers, partners, and third-party service providers.\n\n 1. Operational Cyber Security Management \n\n • Oversee operational security activities across multiple entities, including:\n, • Threat detection and monitoring\n, • Incident response and remediation\n, • Vulnerability identification and patch management\n, • Endpoint protection and hardening\n, • Network and boundary defence\n, • IDS/IPS tuning, configuration, and alert handling\n, • Ensure operational security tools, processes, and monitoring capabilities are effectively deployed and maintained.\n\n 1. Management of Classified & High-Security Environments \n\n • Govern cyber controls and practices for systems handling Official-Sensitive and above.\n, • Ensure appropriate physical, procedural, and technical controls are in place across secure research, prototyping, and engineering environments.\n, • Ensure that classified systems adhere to the appropriate Defence standards, accreditation requirements, and audit expectations.\n\n 1. IT & OT Security Integration \n\n • Lead the integration of cyber controls across mixed technology estates, including:\n, • Traditional IT\n, • Operational Technology (OT)\n, • Industrial Control Systems (ICS)\n, • Legacy and bespoke engineering platforms\n, • Provide risk-based guidance that accounts for operational constraints and system criticality.\n\n 1. Customer Assurance & Stakeholder Engagement \n\n • Act as the central point of cyber expertise for internal entities, customers, and auditors.\n, • Produce high-quality reporting, assurance documentation, and security evidence packs for customer programmes and assessments.\n, • Support contract negotiations and customer engagements where cyber security obligations or expectations are discussed.\n\n 1. Collaboration & Leadership \n\n • Work closely with IT, OT, engineering, digital development, legal, procurement, programme delivery, and operations teams to embed security throughout the lifecycle.\n, • Contribute to the development of cyber culture and awareness across the entities supported.\n, • Provide leadership, mentoring, and task direction to cyber specialists and third-party providers.\n\n Qualifications & Experience \n Essential \n\n • 8+ years’ experience in cyber security roles within complex, secure, or regulated environments (e.g., defence, government, national security, critical infrastructure, aerospace, research).\n, • Demonstrable experience managing cyber security in high-assurance and classified system environments.\n, • Strong experience across security operations, incident response, vulnerability management, and threat detection.\n, • Technical knowledge of:\n, • Identity management and access controls\n, • PKI and cryptographic services\n, • SIEM platforms and log analytics\n, • Firewalls, boundary protection, and secure networking\n, • Endpoint security and system hardening\n, • Hands-on implementation experience of frameworks such as:\n, • NIST CSF\n, • ISO 27001\n, • CIS Controls\n, • Cyber Essentials (Plus)\n, • Secure by Design / Security by Design\n, • Proven ability to balance strategic thinking with tactical execution.\n, • Experience working with OT and legacy systems, including industrial or research environments...\n\n Skills & Competencies \n\n • Able to pivot between strategic engagement (roadmaps, governance, risk, leadership support) and hands-on operational delivery (tooling, response, reviews, configurations).\n, • Strong analytical, organisational, and communication skills.\n, • Comfortable advising senior leaders and collaborating across multi-disciplinary teams.\n, • Experience building positive security cultures in small, innovative organisations.\n, • Practical mindset, able to deliver effective security outcomes in constrained or agile environments.\n\n Desirable \n\n • Background in defence, aerospace, national security, or critical national infrastructure.\n, • Familiarity with Defence security policies and standards including:\n, • DefStan 05-139\n, • DefCon 658\n, • DefStan 05-138\n, • JSP453 / JSP604\n, • Experience supporting MOD accreditation and assurance processes.\n, • Experience with Microsoft Azure security, including identity, governance, monitoring, hybrid integration, and Azure-native security controls.\n, • Professional certifications such as CISSP, CISM, CISA, SABSA, GICSP, or cloud security certifications (e.g., Azure Security Engineer).\n\n