Oxfordshire / Hybrid / Permanent / up to £65,000
About the RoleWe're seeking a Security Lead to take ownership of both client-facing and internal security strategy within our Managed Services environment. This is a strategic and hands-on leadership position - you'll oversee security governance, ensure compliance with leading frameworks (Cyber Essentials, ISO27001, NIST), and maintain a strong internal security posture across our systems and services.
You'll lead Quarterly Security Reviews (QSRs), manage client risk registers, and act as a trusted advisor translating complex risks into clear business outcomes. Internally, you'll own our security frameworks, guide improvement across tools and teams, and ensure compliance through measurable posture metrics and ongoing development.
Key ResponsibilitiesLead client Quarterly Security Reviews (QSRs) covering vulnerabilities, incidents, compliance, and risk registers.
Translate technical risks into meaningful business impacts and recommendations.
Manage internal and client risk registers and exception processes.
Oversee security compliance across frameworks such as Cyber Essentials+, ISO27001, and NIST.
Ensure secure deployment and monitoring of core MSP systems (RMM, XDR, PSA, backup, etc.).
Collaborate with service and project teams to embed security into delivery and change control.
Mentor and develop Security Analysts, maintaining up-to-date certifications and knowledge sharing.
Drive continuous improvement through automation, posture metrics, and emerging threat awareness.
You'll bring a strong balance of strategic thinking, governance, and technical depth, with experience embedding security frameworks in managed environments. You're confident presenting to senior stakeholders and enjoy leading teams and shaping best practice.
Essential Skills & Experience5+ years in IT security or MSP environments.
Strong understanding of Cyber Essentials, ISO27001, or NIST frameworks.
Experience managing patching, vulnerability, and risk governance.
Skilled communicator with the ability to explain risks to non-technical audiences.
Proven experience leading client-facing security reviews.
CISSP, CISM, or equivalent certifications.
Experience auditing or delivering compliance frameworks.
Familiarity with RMM/XDR/EDR, SIEM, and vulnerability scanning platforms.
Background in mentoring or managing small teams.
Exposure to incident response and tabletop exercises.
Reasonable Adjustments:
Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.
If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.