Maidenhead
Job Title: Cyber Security Manager Location: Maidenhead/ Southeast – regular travel between Entities Role Overview We are seeking an experienced and adaptable Cyber Security Manager to strengthen cyber resilience, lead security improvements, and embed secure-by-design practices across a diverse range of technical estates. This includes Defence-classified networks, legacy and industrial systems, hybrid IT/OT environments, research platforms, and modern cloud services. Key Responsibilities 1. Cyber Security Strategy, Planning & Delivery • Develop, maintain, and execute cyber security plans and roadmaps tailored to each entity’s operational context, regulatory requirements, and risk profile., • Provide informed security input into business planning, technology adoption, digital initiatives, and transformation programmes., • Ensure cyber activities support wider organisational objectives, customer expectations, and contractual obligations. 1. Secure-by-Design & Architecture Assurance • Embed secure-by-design principles across platforms, services, products, and transformation initiatives., • Review solution designs, technical architectures, and configuration proposals to ensure appropriate security controls and alignment with best practice., • Provide early engagement and continuous assurance to engineering, IT, OT, digital development teams, and research groups. 1. Cyber Governance & Compliance • Implement and continuously improve cyber governance frameworks, processes, and metrics suitable for small, agile organisations operating in sensitive environments., • Manage and maintain entity-level cyber risk registers, ensuring clear visibility, prioritisation, and mitigation progress., • Ensure alignment with key standards and regulatory frameworks including:, • NCSC guidance and CAF, • ISO 27001, • NIST CSF, • Cyber Essentials Plus, • Secure by Design principles, • Work with procurement to ensure cyber requirements are appropriately flowed down to suppliers, partners, and third-party service providers. 1. Operational Cyber Security Management • Oversee operational security activities across multiple entities, including:, • Threat detection and monitoring, • Incident response and remediation, • Vulnerability identification and patch management, • Endpoint protection and hardening, • Network and boundary defence, • IDS/IPS tuning, configuration, and alert handling, • Ensure operational security tools, processes, and monitoring capabilities are effectively deployed and maintained. 1. Management of Classified & High-Security Environments • Govern cyber controls and practices for systems handling Official-Sensitive and above., • Ensure appropriate physical, procedural, and technical controls are in place across secure research, prototyping, and engineering environments., • Ensure that classified systems adhere to the appropriate Defence standards, accreditation requirements, and audit expectations. 1. IT & OT Security Integration • Lead the integration of cyber controls across mixed technology estates, including:, • Traditional IT, • Operational Technology (OT), • Industrial Control Systems (ICS), • Legacy and bespoke engineering platforms, • Provide risk-based guidance that accounts for operational constraints and system criticality. 1. Customer Assurance & Stakeholder Engagement • Act as the central point of cyber expertise for internal entities, customers, and auditors., • Produce high-quality reporting, assurance documentation, and security evidence packs for customer programmes and assessments., • Support contract negotiations and customer engagements where cyber security obligations or expectations are discussed. 1. Collaboration & Leadership • Work closely with IT, OT, engineering, digital development, legal, procurement, programme delivery, and operations teams to embed security throughout the lifecycle., • Contribute to the development of cyber culture and awareness across the entities supported., • Provide leadership, mentoring, and task direction to cyber specialists and third-party providers. Qualifications & Experience Essential • 8+ years’ experience in cyber security roles within complex, secure, or regulated environments (e.g., defence, government, national security, critical infrastructure, aerospace, research)., • Demonstrable experience managing cyber security in high-assurance and classified system environments., • Strong experience across security operations, incident response, vulnerability management, and threat detection., • Technical knowledge of:, • Identity management and access controls, • PKI and cryptographic services, • SIEM platforms and log analytics, • Firewalls, boundary protection, and secure networking, • Endpoint security and system hardening, • Hands-on implementation experience of frameworks such as:, • NIST CSF, • ISO 27001, • CIS Controls, • Cyber Essentials (Plus), • Secure by Design / Security by Design, • Proven ability to balance strategic thinking with tactical execution., • Experience working with OT and legacy systems, including industrial or research environments... Skills & Competencies • Able to pivot between strategic engagement (roadmaps, governance, risk, leadership support) and hands-on operational delivery (tooling, response, reviews, configurations)., • Strong analytical, organisational, and communication skills., • Comfortable advising senior leaders and collaborating across multi-disciplinary teams., • Experience building positive security cultures in small, innovative organisations., • Practical mindset, able to deliver effective security outcomes in constrained or agile environments. Desirable • Background in defence, aerospace, national security, or critical national infrastructure., • Familiarity with Defence security policies and standards including:, • DefStan 05-139, • DefCon 658, • DefStan 05-138, • JSP453 / JSP604, • Experience supporting MOD accreditation and assurance processes., • Experience with Microsoft Azure security, including identity, governance, monitoring, hybrid integration, and Azure-native security controls., • Professional certifications such as CISSP, CISM, CISA, SABSA, GICSP, or cloud security certifications (e.g., Azure Security Engineer).