Cyber Security Manager

We're looking for a dynamic hands on Cyber Security Manager to lead, strengthen and mature our operational cyber security capability across a complex, multi supplier environment.

This is a technical leadership role for someone who enjoys staying close to the detail while also leading people, improving processes and driving change. You'll take ownership of day to day security operations, incident response, vulnerability management and identity security, while managing a specialist team and key security suppliers.

Working closely with colleagues across technology, data, infrastructure, information governance and audit, you'll help ensure the organisation is secure by design, resilient in practice and prepared for assurance, audit and regulatory scrutiny.

This is a 12 month fixed term contract.

• Operate security controls to defined Minimum Security Baselines and policies; meet SLA/SLOs for patching, vulnerability Mean Time To Remediate, identity hygiene and change success.
• Lead technical incident response (contain-eradicate-recover) and support ISIM with incident governance and reporting.
• Lead the technical Disaster Recovery posture for cyber incidents (runbooks, rehearsal/exercises, recovery validation), aligning with ISIM's BCP/DR requirements.
• Maintain security tooling (EPP/EDR, firewalls, email/web filtering, SIEM inputs, identity protections, posture/ASR rules) and ensure robust monitoring/alerting.
• Own technical enforcement of Identity & Access Management (e.g., conditional access, privileged access hygiene, risky-user reduction), maintain IAM hygiene KPIs, and implement ISIM's policy requirements in identity platforms.
• Provide and manage the technical control evidence for CE+ and PCI DSS, and deliver remediation of audit/assessment findings to agreed SLAs (Information Security & Integrity Manager owns the programme and audit responses).
• Provide operational evidence (metrics, logs, runbooks) into CAB and Business Management Unit assurance packs.
• Provide and manage technical control evidence for CE+ and PCI DSS and deliver remediation of audit/assessment findings to agreed SLAs; operate and harden in-scope controls (e.g., endpoint, identity, network, logging) in line with ISIM policy.
• Commission and technically coordinate penetration testing; own remediation.
• Manage a security engineering team and suppliers; build skills, SOPs and reusable patterns.
• Contribute technical content to awareness and training led by ISIM.

• Proficiency with reporting and visualisation tools (e.g., Power BI, Excel, dashboarding platforms).
• Experience working in or alongside portfolio-led environments with multiple concurrent projects or product teams.
• Aligning to ISO 27001 in complex, multi supplier environments.
• Leading technical incident response and remediation.
• Hybrid cloud security in Microsoft 365 / Azure.
• Operating security controls at scale (firewalls, endpoint, identity, email/web, vulnerability/patch).
• Establishing policies, MSBs, risk registers, DPIAs, and supplier security.
• Commissioning pen tests and driving remediation.
• Managing technical teams and suppliers
• Experience working with operational, service, delivery or technology related data.
• Experience producing dashboards, reports or analytics for senior stakeholders.
• Experience supporting continuous improvement or lessons learned processes.

This role is based at 16 Summer Lane, Birmingham, B19 3SD, with 2/3 days per week spent in the office. You'll participate in an out of hours/on call rota for critical incident response, coordinating with the SOC/MSSP to support 24 7 escalation and containment.

We advertise salary ranges, with new appointments typically starting at the lowest salary point. In exceptional cases, the salary point may be adjusted to secure the best candidate. This approach allows for potential year on year salary increases, offering progression and appropriate rewards to employees. Requests for salaries above the maximum advertised range will not be considered.

• Local Government Pension Scheme (one of the most generous pension schemes in the UK).
• Shared Cost Additional Voluntary Contribution scheme where you can build an additional pot of money alongside your pension with contributions exempt from Income Tax and National Insurance contributions (NICs).
• 28 days paid annual leave (with an option to purchase more) + Statutory days.
• EV car benefit scheme
• Healthcare plans.
• Discounted gym membership, will writing and mortgage advice.
• An option to buy a bicycle, including e bikes and adapted pedal cycles, at a discounted rate.
• 3 days of paid leave each year to volunteer.
• Interest free financing through SmartTech to buy the latest technology.
• Discounted shopping with over 2,000 big name retailers, and more. You can now also obtain a Costco membership through the WMCA.
• Boundless unlocks unlimited entry to top rated UK attractions and loads of extra benefits and discounts.
• Eye Care Scheme offering a free eye test and a financial contribution towards your glasses.

If you have an accessibility need, disability, or condition that means you might require changes to the application or recruitment process, please get in touch with our Recruitment Team ().

Proof of Right to Work in the UK will be required for all applicants in accordance with UK Home Office requirements, before any employment offer can be confirmed.

Non-UK applicants (excluding Ireland) would be required to hold a relevant Visa from the UK Visas and Immigration (UKVI).