44 jobs found

Information Security Analyst Department: Central Services Employment Type: Permanent Location: Cheltenham Compensation: £40,000 - £45,000 / year Description Employer: Marco (Parent company of PoloWorks) Location: Cheltenham (Hybrid), with occasional travel to London Marco is a leading international insurance group providing capital, risk and operational solutions across the global re/insurance market, with PoloWorks as its UK based services arm. As our organisation continues to grow, we are expanding our Information Security capability and are seeking a talented Information Security Analyst to join the team. As an Information Security Analyst, you will play a key role in strengthening the Marco Group's information security posture across a diverse and evolving technology landscape. You will support the development and implementation of security standards, monitor threats and vulnerabilities, and provide technical expertise across multiple platforms. Working closely with business functions, you will contribute to the protection of Group information, support incident response activities, and ensure compliance with internal and external security requirements. You will report into the Information Security Management function and collaborate with teams across the Group, including PoloWorks. This is a hybrid role based in our Cheltenham office, with occasional travel to London. Key Responsibilities We are looking for a security professional who is confident engaging at all levels of the organisation and capable of working both independently and as part of a collaborative security team. You will often act as a subject matter expert within projects and new business initiatives. You will work closely with the Group Information Security Manager, Risk & Compliance Officers, business leads, technology teams, and external IT suppliers to ensure that security processes, policies, audits and risk management activities are effectively implemented and continuously improved. You will bring strong technical knowledge, sound risk analysis skills, and an understanding of Defence in Depth principles. You should be proactive in staying current with emerging threats and industry best practices. In return, we will support your ongoing development and provide opportunities to grow your expertise within a dynamic international insurance group. Risk identification and assessment Information Security policy maintenance and updates Compliance monitoring Incident response support and planning Security awareness & training (monitoring and delivery) Project and new business risk assessments KRI/KPI monitoring and reporting General security guidance across the Group Skills, Knowledge and Expertise Experience in the Security Sector (Essential) Strong aptitude for staying up to date with Information Security standards and technologies Self motivated with a flexible, proactive approach Experience with data classification and cryptography Knowledge of: Information Security processes NIST CSF and technical controls ISO 27001 framework Data Protection Security assessments Risk management One or more of the following certifications CISMP, ISC2 CC, ISO 27001 LA/LI, CISM, CISSP, CRISC, CESA SANS or equivalent

Job Title: Head of Cyber Security Delivery Job Family: Head of Cyber Security Job Group: Solutions Job Band: B Days: Monday to Friday Hours: 40 hours per week Typically reports to Chief Information Security Officer Classification: Confidential Role Purpose The Head of Cyber Delivery is accountable for defining, mobilising and executing the Cyber Security change portfolio in alignment with the organisation's cyber strategy. Operating within the Cyber Security Leadership Team and reporting directly to the CISO, the role ensures that strategic cyber objectives are translated into structured, governed and measurable programmes of delivery across a complex, highly regulated Critical National Infrastructure (CNI) environment. This position operates at the intersection of Cyber Security, Enterprise IT, Operational Technology (OT), and Business Leadership, ensuring that cyber initiatives are aligned with enterprise risk appetite, regulatory obligations, and operational resilience priorities. Specific Responsibilities Translate the enterprise Cyber Security Strategy into an executable, prioritised and governed delivery roadmap. Lead and mature cyber programme and project delivery disciplines across the Cyber function. Ensure compliance with UK regulatory frameworks applicable to aviation and Critical National Infrastructure. Strengthen Heathrow's cyber resilience posture in the context of evolving threat landscapes. Ensure cyber investment delivers measurable risk reduction and operational value aligned to business objectives. Programme & Project Delivery Lead a team of Cyber Project Managers responsible for delivering a portfolio of security transformation initiatives. Oversee large-scale change programmes spanning IT, OT and airport operational environments. Ensure delivery methodologies are appropriate for a regulated CNI context (e.g., hybrid agile/waterfall, structured assurance checkpoints). Manage interdependencies across technology, operational and regulatory workstreams. Ensure delivery outcomes are measurable in terms of risk reduction, control maturity and compliance uplift. Regulatory & Compliance Alignment UK aviation security frameworks CNI requirements Data protection legislation Relevant standards such as National Cyber Security Centre guidance and ISO/IEC 27001 Stakeholder & Relationship Management Cyber Security leadership CIO and senior IT leadership Operational airport leadership External partners and suppliers Regulatory authorities Capability & Team Leadership Develop and mature the Cyber Delivery function, embedding best practice programme and portfolio management disciplines. Provide functional oversight to technical teams delivering cyber capabilities. Establish a performance culture focused on accountability, transparency and continuous improvement. Mentor and develop Cyber Project Managers and delivery leads. Financial & Commercial Oversight Own cyber delivery budget tracking, forecasting and benefits realisation management. Oversee supplier performance and contract delivery in conjunction with Commercial and Procurement teams. Qualifications and Experience Experience (Essential): Minimum 5 years' experience in a senior cyber, technology or security delivery leadership role. Demonstrable experience leading large-scale transformation programmes in complex, highly regulated environments. Experience operating within Critical National Infrastructure sectors (e.g., aviation, transport, utilities, defence). Proven track record of delivering cyber security capabilities at enterprise scale. Experience engaging directly with executive stakeholders and regulators. Exposure to aviation sector environments and understanding of airport operational systems. Essential Skills: Strong portfolio and programme governance expertise (e.g., MSP, PRINCE2, SAFe or equivalent frameworks). Deep understanding of cyber risk management, threat landscapes and control frameworks. Ability to align cyber investment to quantified risk reduction and business outcomes. Executive-level communication and reporting capability. Advanced stakeholder management and influencing skills. Financial acumen including budget management and benefits realisation. Strong leadership capability across matrix and federated structures. Desirable Skills: Experience integrating IT and Operational Technology (OT) security programmes. Knowledge of aviation-specific regulatory environments. Familiarity with NIS Regulations and UK CNI oversight structures. Experience in crisis management or cyber incident recovery programmes. Exposure to cloud security transformation and identity modernisation initiatives. Education & Professional Certifications: Bachelor's degree in Cyber Security, Information Security, Computer Science, Engineering or related discipline (or equivalent professional experience). Relevant certifications such as CISSP, CISM, CRISC, MSP / PRINCE2 Practitioner, PgMP or equivalent senior programme qualification (desirable). Personal Attributes Strategic thinker with strong execution discipline. Credible and authoritative leader within technical and business environments. High integrity and resilience under pressure. Collaborative, transparent and outcome-driven. Comfortable operating in a highly visible, mission critical national infrastructure setting.

Group Head of IT Department: IT Employment Type: Full Time Location: London Reporting To: Angus Beaumont Description Harmony is on a mission to be the best life safety partner to work with and for. Rated an 'Outstanding Employer' by Best Companies in 2025, we are only getting bigger and stronger - and we're looking for A-players to help us get there. We are passionate about making a difference and obsessed with quality. Our goal is to build a world where every resident can sleep safely at night, knowing their home is 100% safe. This is a security-first leadership role. You will own cyber security and data protection across the Harmony group (Harmony Fire, Solidcor, Auro Technology) end-to-end - strategy, delivery and BAU - acting as the most senior security voice in the business below the Group IT Director. Cyber Essentials Plus, IASME Cyber Assurance and ISO 27001 sit with you. UK GDPR compliance sits with you as the group's Data Protection Lead (a non-statutory role distinct from a formal DPO appointment). The group's security posture, risk register, incident response and audit defensibility all sit with you. If something has a security or data protection dimension, it lands on your desk first. Security cannot exist in isolation, so you will also run the day-to-day IT function - line-managing the IT Technician, overseeing the helpdesk, vendor stack and infrastructure resilience for around 250 users across three trading entities. Operations exist to deliver a secure platform, not the other way around. IT Project Managers will deliver new systems into the group; you will accept those handovers and operationalise them into BAU only once they meet your security bar. Reporting to the Group IT Director, you will be the security leader the group trusts to keep its people productive, its data protected and its certifications intact through 30% year-on-year growth. This is more than an IT role. It is about bringing the right energy, accountability and resilience to our mission of saving lives through fire and height safety. Key Responsibilities Own the group's cyber security strategy, posture and risk register - the most senior security accountability in the business below the Group IT Director. Lead all formal security certifications end-to-end: Cyber Essentials Plus annual recertification, IASME Cyber Assurance alignment and ISO 27001 ISMS - scoping, risk treatment, Statement of Applicability, internal audits, management review and external audit defence. Apply additional frameworks where they strengthen the group's posture - NIST CSF, CIS Controls, NCSC Cyber Assessment Framework - and embed them into operational practice. Act as the group's Data Protection Lead (not a statutory DPO under UK GDPR Article 37) - own UK GDPR and DPA 2018 compliance, ROPA, DPIAs, retention schedules, DSARs, breach notification, processor agreements and supplier due diligence. Run security operations day-to-day - endpoint protection (Bitdefender GravityZone), conditional access, MFA, identity governance, vulnerability management, and security awareness and phishing simulation programmes via KnowBe4. Lead incident response - triage, containment, recovery, post-incident review and reporting, with playbooks kept current and tested. Oversee security across Auro Technology's software stack - IoT device firmware, cloud platforms, mobile and web applications - partnering with the Auro engineering team on secure SDLC, code review, dependency management, secrets handling and product security posture. Act as the security gatekeeper for IT project handovers - accept newly delivered systems from IT Project Managers into BAU only once documentation, monitoring, support runbooks and security controls meet the group's bar. Run vendor and licensing relationships across the IT and security stack - renewals, commercial negotiation and security due diligence on every new supplier before they are onboarded. Run the day-to-day IT function in service of the security mission - line-manage the IT Technician, oversee the Atera helpdesk, own SLAs and personally take the hardest tickets when they have a security dimension. Maintain infrastructure resilience - backups, disaster recovery, business continuity, identity, network and connectivity - owned, documented and tested. Run secure onboarding and offboarding at scale, keeping identity hygiene and asset control airtight as the group grows. Skills, Knowledge and Expertise An A-player mindset - high standards, extreme ownership and the drive to do things properly, the first time. A security professional first and foremost - your career identity is cyber security and information assurance, not IT generalism that happens to include security. Proven track record leading Cyber Essentials Plus and ISO 27001 (or actively driving towards certification) in a real organisation - not a tabletop exercise. Strong working knowledge of UK GDPR and the Data Protection Act 2018, with hands on experience of DSARs, DPIAs, breach response and supplier DPAs. Deep, hands on Microsoft 365 and Entra ID security experience - conditional access, Intune, identity governance, the Defender stack and security baselines. Demonstrable security operations experience - EDR/XDR, vulnerability management, incident response and security awareness programmes. Pragmatic, hands on operator - comfortable running a helpdesk and line managing an IT Technician alongside the security and compliance remit. Confident commercial mindset - budget ownership, vendor negotiation and the ability to challenge supplier security claims with evidence. Excellent written and verbal communication, able to translate technical risk plainly for non technical leadership and field staff. Right to work in the UK and able to travel between London, Yeovil, Chesterfield, Edinburgh and other group sites as required. Recognised certification - CISSP, CISM, ISO 27001 Lead Implementer or Lead Auditor, Microsoft SC 100 / SC 200 / SC 300. IASME Cyber Assurance experience. Formal Data Protection Officer training or qualification (e.g. PC.dp, BCS Practitioner Certificate in Data Protection). Experience in fire safety, construction, manufacturing or field engineering environments. Familiarity with our wider stack - Salesforce, SimPRO, Unleashed, Supabase, Cloudflare, Microsoft Fabric. Hands on experience with KnowBe4 (or equivalent security awareness and phishing simulation platforms). NIST CSF, CIS Controls or NCSC CAF practical experience. Benefits This is a chance to own cyber security and data protection end-to-end for a three entity group at one of the UK's fastest growing safety specialists - with the autonomy to set the security bar, hold certifications and shape the group's posture as we grow 30% year-on-year. At Harmony, we ask a lot - and we give a lot back. The hours are real, the standards are high and the work is demanding, but for those who show up, deliver and go the extra mile, the rewards follow. A-players here enjoy a competitive salary, a performance bonus tied to successful, on time delivery against roadmap milestones and delivery KPIs, a Personal Development Plan with ongoing training and leadership mentoring, unlimited holiday, private medical insurance, enhanced maternity and paternity, lunch, snacks and refreshments on us every day (fresh fruit and Takeaway Fridays included), a team social budget, cycle to work, an auto enrolment pension, two major company events a year and our Reward and Recognition scheme - including European mini breaks for those who go above and beyond. It is a collaborative, high energy environment focused on doing things the right way - technically, ethically and practically - and none of it is a perk for showing up; it's what we share with the people pulling the business forward. Harmony is an equal opportunity employer. We consider all applicants for employment regardless of age, disability, sexual orientation, gender identity, family or parental status, race, colour, nationality, ethnic or national origin, religion or belief. We want everyone who works with us to feel valued and to make a difference.

Supporter CRM and Data Manager Are you passionate about data and income processes and looking to use your skills and experience to help raise vital funds for our local Hospice? Join the team as our Supporter CRM and Data Manager. St. Luke's Hospice is a local charity providing compassionate care to people whose illnesses are no longer curable. We promote dignity in dying and empower people to make the choices they want, from the moment they are diagnosed. This is a great opportunity for an experienced CRM database user and income operations professional, who would like to play an important part in raising vital funds to help St. Luke's Hospice continue caring for local people and families. Based in the Fundraising and Communication directorate, our Supporter CRM and Data Manager will work to manage our supporter CRM database and income processing function, ensuring provision of appropriate data and process related support to enable the teams to deliver efficient and effective fundraising, marketing and stewardship activities. As a registered charity, we are reliant on the generosity of our local community to enable us to continue caring for local people and their families. It is so important that we handle donations, record information, acknowledge support and communicate appropriately to give our supporters the best possible experience and encourage future support. Our supporter Data team is fundamental to our success in this area. We're looking for someone with a passion for data and income processes to manage our supporter CRM, data insight and income operations functions, including line managing two Supporter Data Officers and supporting team volunteers. Working in a team that truly appreciates the importance of data for fundraising, the Supporter CRM and Data Manager role provides an opportunity to work proactively with colleagues to identify data needs and provide expert support to achieve our income and stewardship goals. Salary: SL15 pro rota (£18,034.28 - 23,393.39 depending on experience) Hours: Part time, 22.5 hours per week (working pattern can be discussed at interview) Contract: Permanent Location: Thurrock Hospice site Main responsibilities Development, management and review of processes and procedures for all fundraising income and data across on and offline platforms. Management and development of the Hospice's supporter CRM (Donorflex), leading the relationship with the CRM provider and other data management suppliers. Development and implementation of appropriate CRM training and reference materials for the Hospice's CRM users. Management of the fundraising and marketing data selection function. Management of the team's reporting and insight function, ensuring provision of necessary reports, insights and learning to support future income. Work with key colleagues across the organisation to support the wider Hospice's Data Strategy and development of our data architecture. Line management, development and provision of professional support and guidance to our Supporter Data Officers and volunteers. About you Experience of CRM database management with excellent knowledge of CRM databases. Experience of managing income and data processes and reconciliation. Experience of working with data for marketing purposes, including compliant handling of communication preferences and building marketing data selections. Experience of undertaking data analysis and presenting in appropriate formats to inform business decisions. Demonstrable knowledge and understanding of data protection legislation and industry specific regulation and experience of ensuring compliance within processes and working practices. Excellent attention to detail and problem solving skills. Excellent organisational skills and ability to prioritise effectively to meet deadlines. Ability to work proactively to identify opportunities and solve problems effectively using own initiative. Must be able to attend the Thurrock Hospice (RM14 3EB) and travel to/between Hospice sites. Right to Work St. Luke's Hospice is unable to sponsor work permits or visas. All candidates must have the right to work in the UK. Belonging, Equity, Diversity and Inclusion At St. Luke's Hospice, we are passionate about creating an inclusive workplace that promotes and values diversity. We know through experience that the different ideas, perspectives and backgrounds create a stronger and more creative work environment that delivers better outcomes for the people who access our services. We particularly welcome applications from disabled, LGBT+ and Black, Asian and Minority Ethnic candidates as these groups are currently under represented in our teams. We have policies and procedures in place to ensure that all applicants are treated fairly and consistently at every stage of the recruitment process, including the consideration of access requirements for people who have a disability.

Information Security Analyst Department: Central Services Employment Type: Permanent Location: Cheltenham Compensation: £40,000 - £45,000 / year Description Employer: Marco (Parent company of PoloWorks) Location: Cheltenham (Hybrid), with occasional travel to London Marco is a leading international insurance group providing capital, risk and operational solutions across the global re/insurance market, with PoloWorks as its UK based services arm. As our organisation continues to grow, we are expanding our Information Security capability and are seeking a talented Information Security Analyst to join the team. As an Information Security Analyst, you will play a key role in strengthening the Marco Group's information security posture across a diverse and evolving technology landscape. You will support the development and implementation of security standards, monitor threats and vulnerabilities, and provide technical expertise across multiple platforms. Working closely with business functions, you will contribute to the protection of Group information, support incident response activities, and ensure compliance with internal and external security requirements. You will report into the Information Security Management function and collaborate with teams across the Group, including PoloWorks. This is a hybrid role based in our Cheltenham office, with occasional travel to London. Key Responsibilities We are looking for a security professional who is confident engaging at all levels of the organisation and capable of working both independently and as part of a collaborative security team. You will often act as a subject matter expert within projects and new business initiatives. You will work closely with the Group Information Security Manager, Risk & Compliance Officers, business leads, technology teams, and external IT suppliers to ensure that security processes, policies, audits and risk management activities are effectively implemented and continuously improved. You will bring strong technical knowledge, sound risk analysis skills, and an understanding of Defence in Depth principles. You should be proactive in staying current with emerging threats and industry best practices. In return, we will support your ongoing development and provide opportunities to grow your expertise within a dynamic international insurance group. Risk identification and assessment Information Security policy maintenance and updates Compliance monitoring Incident response support and planning Security awareness & training (monitoring and delivery) Project and new business risk assessments KRI/KPI monitoring and reporting General security guidance across the Group Skills, Knowledge and Expertise Experience in the Security Sector (Essential) Strong aptitude for staying up to date with Information Security standards and technologies Self motivated with a flexible, proactive approach Experience with data classification and cryptography Knowledge of: Information Security processes NIST CSF and technical controls ISO 27001 framework Data Protection Security assessments Risk management One or more of the following certifications CISMP, ISC2 CC, ISO 27001 LA/LI, CISM, CISSP, CRISC, CESA SANS or equivalent

Group Head of IT Department: IT Employment Type: Full Time Location: London Reporting To: Angus Beaumont Description Harmony is on a mission to be the best life safety partner to work with and for. Rated an 'Outstanding Employer' by Best Companies in 2025, we are only getting bigger and stronger - and we're looking for A-players to help us get there. We are passionate about making a difference and obsessed with quality. Our goal is to build a world where every resident can sleep safely at night, knowing their home is 100% safe. This is a security-first leadership role. You will own cyber security and data protection across the Harmony group (Harmony Fire, Solidcor, Auro Technology) end-to-end - strategy, delivery and BAU - acting as the most senior security voice in the business below the Group IT Director. Cyber Essentials Plus, IASME Cyber Assurance and ISO 27001 sit with you. UK GDPR compliance sits with you as the group's Data Protection Lead (a non-statutory role distinct from a formal DPO appointment). The group's security posture, risk register, incident response and audit defensibility all sit with you. If something has a security or data protection dimension, it lands on your desk first. Security cannot exist in isolation, so you will also run the day-to-day IT function - line-managing the IT Technician, overseeing the helpdesk, vendor stack and infrastructure resilience for around 250 users across three trading entities. Operations exist to deliver a secure platform, not the other way around. IT Project Managers will deliver new systems into the group; you will accept those handovers and operationalise them into BAU only once they meet your security bar. Reporting to the Group IT Director, you will be the security leader the group trusts to keep its people productive, its data protected and its certifications intact through 30% year-on-year growth. This is more than an IT role. It is about bringing the right energy, accountability and resilience to our mission of saving lives through fire and height safety. Key Responsibilities Own the group's cyber security strategy, posture and risk register - the most senior security accountability in the business below the Group IT Director. Lead all formal security certifications end-to-end: Cyber Essentials Plus annual recertification, IASME Cyber Assurance alignment and ISO 27001 ISMS - scoping, risk treatment, Statement of Applicability, internal audits, management review and external audit defence. Apply additional frameworks where they strengthen the group's posture - NIST CSF, CIS Controls, NCSC Cyber Assessment Framework - and embed them into operational practice. Act as the group's Data Protection Lead (not a statutory DPO under UK GDPR Article 37) - own UK GDPR and DPA 2018 compliance, ROPA, DPIAs, retention schedules, DSARs, breach notification, processor agreements and supplier due diligence. Run security operations day-to-day - endpoint protection (Bitdefender GravityZone), conditional access, MFA, identity governance, vulnerability management, and security awareness and phishing simulation programmes via KnowBe4. Lead incident response - triage, containment, recovery, post-incident review and reporting, with playbooks kept current and tested. Oversee security across Auro Technology's software stack - IoT device firmware, cloud platforms, mobile and web applications - partnering with the Auro engineering team on secure SDLC, code review, dependency management, secrets handling and product security posture. Act as the security gatekeeper for IT project handovers - accept newly delivered systems from IT Project Managers into BAU only once documentation, monitoring, support runbooks and security controls meet the group's bar. Run vendor and licensing relationships across the IT and security stack - renewals, commercial negotiation and security due diligence on every new supplier before they are onboarded. Run the day-to-day IT function in service of the security mission - line-manage the IT Technician, oversee the Atera helpdesk, own SLAs and personally take the hardest tickets when they have a security dimension. Maintain infrastructure resilience - backups, disaster recovery, business continuity, identity, network and connectivity - owned, documented and tested. Run secure onboarding and offboarding at scale, keeping identity hygiene and asset control airtight as the group grows. Skills, Knowledge and Expertise An A-player mindset - high standards, extreme ownership and the drive to do things properly, the first time. A security professional first and foremost - your career identity is cyber security and information assurance, not IT generalism that happens to include security. Proven track record leading Cyber Essentials Plus and ISO 27001 (or actively driving towards certification) in a real organisation - not a tabletop exercise. Strong working knowledge of UK GDPR and the Data Protection Act 2018, with hands on experience of DSARs, DPIAs, breach response and supplier DPAs. Deep, hands on Microsoft 365 and Entra ID security experience - conditional access, Intune, identity governance, the Defender stack and security baselines. Demonstrable security operations experience - EDR/XDR, vulnerability management, incident response and security awareness programmes. Pragmatic, hands on operator - comfortable running a helpdesk and line managing an IT Technician alongside the security and compliance remit. Confident commercial mindset - budget ownership, vendor negotiation and the ability to challenge supplier security claims with evidence. Excellent written and verbal communication, able to translate technical risk plainly for non technical leadership and field staff. Right to work in the UK and able to travel between London, Yeovil, Chesterfield, Edinburgh and other group sites as required. Recognised certification - CISSP, CISM, ISO 27001 Lead Implementer or Lead Auditor, Microsoft SC 100 / SC 200 / SC 300. IASME Cyber Assurance experience. Formal Data Protection Officer training or qualification (e.g. PC.dp, BCS Practitioner Certificate in Data Protection). Experience in fire safety, construction, manufacturing or field engineering environments. Familiarity with our wider stack - Salesforce, SimPRO, Unleashed, Supabase, Cloudflare, Microsoft Fabric. Hands on experience with KnowBe4 (or equivalent security awareness and phishing simulation platforms). NIST CSF, CIS Controls or NCSC CAF practical experience. Benefits This is a chance to own cyber security and data protection end-to-end for a three entity group at one of the UK's fastest growing safety specialists - with the autonomy to set the security bar, hold certifications and shape the group's posture as we grow 30% year-on-year. At Harmony, we ask a lot - and we give a lot back. The hours are real, the standards are high and the work is demanding, but for those who show up, deliver and go the extra mile, the rewards follow. A-players here enjoy a competitive salary, a performance bonus tied to successful, on time delivery against roadmap milestones and delivery KPIs, a Personal Development Plan with ongoing training and leadership mentoring, unlimited holiday, private medical insurance, enhanced maternity and paternity, lunch, snacks and refreshments on us every day (fresh fruit and Takeaway Fridays included), a team social budget, cycle to work, an auto enrolment pension, two major company events a year and our Reward and Recognition scheme - including European mini breaks for those who go above and beyond. It is a collaborative, high energy environment focused on doing things the right way - technically, ethically and practically - and none of it is a perk for showing up; it's what we share with the people pulling the business forward. Harmony is an equal opportunity employer. We consider all applicants for employment regardless of age, disability, sexual orientation, gender identity, family or parental status, race, colour, nationality, ethnic or national origin, religion or belief. We want everyone who works with us to feel valued and to make a difference.

Job Title: Head of Cyber Security Delivery Job Family: Head of Cyber Security Job Group: Solutions Job Band: B Days: Monday to Friday Hours: 40 hours per week Typically reports to Chief Information Security Officer Classification: Confidential Role Purpose The Head of Cyber Delivery is accountable for defining, mobilising and executing the Cyber Security change portfolio in alignment with the organisation's cyber strategy. Operating within the Cyber Security Leadership Team and reporting directly to the CISO, the role ensures that strategic cyber objectives are translated into structured, governed and measurable programmes of delivery across a complex, highly regulated Critical National Infrastructure (CNI) environment. This position operates at the intersection of Cyber Security, Enterprise IT, Operational Technology (OT), and Business Leadership, ensuring that cyber initiatives are aligned with enterprise risk appetite, regulatory obligations, and operational resilience priorities. Specific Responsibilities Translate the enterprise Cyber Security Strategy into an executable, prioritised and governed delivery roadmap. Lead and mature cyber programme and project delivery disciplines across the Cyber function. Ensure compliance with UK regulatory frameworks applicable to aviation and Critical National Infrastructure. Strengthen Heathrow's cyber resilience posture in the context of evolving threat landscapes. Ensure cyber investment delivers measurable risk reduction and operational value aligned to business objectives. Programme & Project Delivery Lead a team of Cyber Project Managers responsible for delivering a portfolio of security transformation initiatives. Oversee large-scale change programmes spanning IT, OT and airport operational environments. Ensure delivery methodologies are appropriate for a regulated CNI context (e.g., hybrid agile/waterfall, structured assurance checkpoints). Manage interdependencies across technology, operational and regulatory workstreams. Ensure delivery outcomes are measurable in terms of risk reduction, control maturity and compliance uplift. Regulatory & Compliance Alignment UK aviation security frameworks CNI requirements Data protection legislation Relevant standards such as National Cyber Security Centre guidance and ISO/IEC 27001 Stakeholder & Relationship Management Cyber Security leadership CIO and senior IT leadership Operational airport leadership External partners and suppliers Regulatory authorities Capability & Team Leadership Develop and mature the Cyber Delivery function, embedding best practice programme and portfolio management disciplines. Provide functional oversight to technical teams delivering cyber capabilities. Establish a performance culture focused on accountability, transparency and continuous improvement. Mentor and develop Cyber Project Managers and delivery leads. Financial & Commercial Oversight Own cyber delivery budget tracking, forecasting and benefits realisation management. Oversee supplier performance and contract delivery in conjunction with Commercial and Procurement teams. Qualifications and Experience Experience (Essential): Minimum 5 years' experience in a senior cyber, technology or security delivery leadership role. Demonstrable experience leading large-scale transformation programmes in complex, highly regulated environments. Experience operating within Critical National Infrastructure sectors (e.g., aviation, transport, utilities, defence). Proven track record of delivering cyber security capabilities at enterprise scale. Experience engaging directly with executive stakeholders and regulators. Exposure to aviation sector environments and understanding of airport operational systems. Essential Skills: Strong portfolio and programme governance expertise (e.g., MSP, PRINCE2, SAFe or equivalent frameworks). Deep understanding of cyber risk management, threat landscapes and control frameworks. Ability to align cyber investment to quantified risk reduction and business outcomes. Executive-level communication and reporting capability. Advanced stakeholder management and influencing skills. Financial acumen including budget management and benefits realisation. Strong leadership capability across matrix and federated structures. Desirable Skills: Experience integrating IT and Operational Technology (OT) security programmes. Knowledge of aviation-specific regulatory environments. Familiarity with NIS Regulations and UK CNI oversight structures. Experience in crisis management or cyber incident recovery programmes. Exposure to cloud security transformation and identity modernisation initiatives. Education & Professional Certifications: Bachelor's degree in Cyber Security, Information Security, Computer Science, Engineering or related discipline (or equivalent professional experience). Relevant certifications such as CISSP, CISM, CRISC, MSP / PRINCE2 Practitioner, PgMP or equivalent senior programme qualification (desirable). Personal Attributes Strategic thinker with strong execution discipline. Credible and authoritative leader within technical and business environments. High integrity and resilience under pressure. Collaborative, transparent and outcome-driven. Comfortable operating in a highly visible, mission critical national infrastructure setting.

Engine by Starling, was born out of Starling: the UK's first and leading digital bank. Today, Starling delivers intuitive, customer centric tools to help over 4.6 million people and small businesses to be 'good with money'. We believe that great technology has the ability to empower customers to save, spend and manage their money in a new and transformative way. Engine is on a mission to promote this philosophy around the world. Engine is a cloud native, bank built SaaS platform. We provide a comprehensive and cloud native solution to power banks around the world, who share our ambition of building businesses designed to evolve, innovate, and meet growing customer demands. The SaaS technology platform is now available to banks, building societies and credit unions around the world, enabling them to benefit from the modern digital features and efficient back office processes that has helped Starling to achieve its success. At Engine, we follow five guiding principles: listen, keep it simple, do the right thing, own it, and aim for greatness. Having launched in 2022, we are a rapidly growing organisation who adopts the same agile mindset as our technology. As such, we embrace change, the reimagination of processes and have cultivated an environment where our colleagues - and partners - can design, build and collaborate openly, with a strong degree of ownership and empowerment to get things done. Hybrid Working Engine is headquartered in London, with offices in Manchester, Cardiff, Southampton in the UK and internationally Dublin, Sydney, Dubai, Toronto and New York. We have a hybrid approach to working at Engine - our preference is that you're located within a commutable distance of one of our UK offices to enable in person collaboration and interaction with your team. About the Role This role will shape our Security objectives, practices and associated policies and processes within Engine as well as lead the continuous improvement of our Information Security capabilities whilst managing a growing Information Security Team. The successful candidate will act as the liaison between Engine and Starling Bank's Information Security teams whilst also ensuring that they are the point of contact for all Information security related questions raised by Engine clients and our auditors. We're looking for a curious, versatile, adaptable and experienced information security or cyber specialist with executive presence and strong leadership skills who enjoys the challenge of a varied and collaborative role. You'll enjoy problem solving, working with a wide variety of stakeholders, and enabling us to be creative in continuing to provide innovative products and services to support our clients, and stay at the forefront of all things Information Security. What you'll get to do: Manage and maintain the Information Security Policy and Information Security Management System to ensure (i) it meets the needs of Engine, its clients, employees and other stakeholders and (ii) compliance with the relevant industry standards, regulatory and certification requirements such as ISO 27001. Oversee Engine's Information Security governance documents (processes, standards and procedures) and optimise reporting of identified threats and vulnerabilities. Oversee the process for obtaining and maintaining compliance certifications and accreditations including but not limited to ISO 27001, SOC 1, SOC 2 and PCI DSS/3DS through engagement with internal teams and our external auditors. Maintain the Information Security Risk Register; identifying, assessing and mitigating information security risks (including security risks related to third parties and partners) and ensuring coherence with Engine's Risk Management framework. Act as a point of contact for all Information Security related client queries and issues; providing expert opinion and communication during initial client conversations, RFPs, RFIs, delivery and throughout the client lifecycle. Act as an Information Security point of contact for Business Continuity Planning and Disaster Recovery; this includes responsibility for initiation and execution of cyber business impact analysis. Advise the wider organisation on compliance and governance requirements. Oversee Incident Response related to Information Security and ensure coherence and collaboration with the broader Technology response capability. Liaise with external bodies and organisations to keep abreast of the threat landscape, emerging trends, technologies and legislation that have an impact on Information Security. Assist as necessary to investigate security breaches and pursue associated disciplinary and legal matters. Lead and manage a team of subject matter experts to ensure Information Security is managed effectively throughout the IT service delivery lifecycle, addressing client needs. Promote security awareness by collaborating with the relevant teams to provide training and awareness to the wider Engine organisation. deep understanding and knowledge of cyber security principles, security standards and regulatory compliance and its application in a wide variety of organisations with a strong risk culture. experience in a business facing security role, ideally in an Information Security Director, BISO, CISO or similar capacity strong business acumen and commercial awareness with previous experience in a senior client facing role or similar. be a self starter / self motivated with the ability to lead, inspire and drive change through an organisation. have the ability to be pragmatic while balancing the needs of Engine against security. ability to work with a variety of stakeholders across all levels and can adapt communication style to different stakeholders. have an ability to think and plan strategically and systematically while recognising the need to deliver to the business requirements. have previous experience working in a complex IT organisation encompassing service delivery, application development and IT infrastructure. an understanding of best practice within Information Security and risk management including standards such as ISO 27001, NIST, Cyber Essentials and COBIT. an understanding of legislation and regulations that impact information Security. E.g. Data Protection Act and GDPR, Freedom of Information Act, PCI DSS. Have previous experience in leading, developing and motivating a team of subject matter experts. An understanding of current and emerging threats and countermeasures and the organisational challenges to addressing these threats. A good practical knowledge of security technologies and wider business solutions including Identity and access management, SIEM, remote working and cloud technologies. Experience of working in a banking or financial services environment would be beneficial. ISC2 CISSP or ISACA CISM, ISACA CRISC, CISA or Open FAIR qualifications would be beneficial. Interview process Interviewing is a two way process and we want you to have the time and opportunity to get to know us, as much as we are getting to know you! Our interviews are conversational and we want to get the best from you, so come with questions and be curious. In general you can expect the below, following a chat with one of our Talent Team: Initial video interview with Engine's deputy CTO (45 minutes) A secondary, deeper interview, with Engine CTO and Starling Group CISO ( minutes) Final interview with Engine's CEO and Chief of Staff (45 minutes) 33 days holiday (including public holidays, which you can take when it works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary & group income protection Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, MrMrs Smith and Peloton Generous family friendly policies Incentives refer a friend scheme Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. When you provide us with this information, you are doing so at your own consent . click apply for full job details

Pure Cremation is seeking a Data Protection Officer to develop and lead their data protection framework across the Group. This senior role involves ensuring compliance with UK GDPR while maintaining visibility and influence in decision-making. You will work closely with various teams to foster a strong data protection culture. Offering a hybrid work model with flexibility, the position includes benefits such as life assurance and employee assistance programs. The ideal candidate will have proven experience and strong stakeholder engagement skills.

Location: Hybrid - 3 days office based (Andover) and 2 days home based, with flexibility to attend the office when required, and travel to other Pure locations. Hours: 37.5 hours per week The Opportunity We're the Pure Group, and we're looking for a genuine Data Protection Officer - not a box-ticking compliance manager. This is a senior, high-impact role with the independence, visibility, and authority to shape how data protection operates across our Group. You'll work closely with senior leadership, challenge constructively, and help embed practical, commercially focused privacy thinking into a fast-moving regulated business. This is an opportunity to lead from the front, influence decision-making at every level, and build a data protection culture that supports both our customers and our continued growth. About Us The Pure Group was founded to disrupt the market - and we've done exactly that. Today, we're the UK's leading provider of later-life and end-of-life planning services, including funeral plans, insurance products, and cremation services. We are FCA regulated, customer-focused, and proud to have earned more 5-star Trustpilot reviews than any competitor in our sector. Our values shape how we work every day - Care Deeply, Take Accountability, Never Settle. The Role As our statutory Data Protection Officer, you'll lead and develop the Group's data protection framework, ensuring it remains robust, proportionate, and fit for a growing regulated business. You will: Act as the Group's statutory DPO and lead UK GDPR compliance Provide independent oversight and constructive challenge across the business Develop and deliver the Group's data protection strategy and roadmap Maintain effective policies, controls, governance frameworks, and risk management processes Advise on FCA-related regulatory considerations, including Consumer Duty, ICOBS, and FPCOB Lead data incidents, breach management, complaints, and ICO engagement Advise on privacy considerations relating to AI, marketing activity, and PECR compliance Manage and oversee Subject Access Requests and wider data rights requests Partner with teams across Marketing, Customer Experience, Compliance, IT, and Operations Deliver engaging training and awareness initiatives across the workforce Build strong relationships across the Group and maintain a visible, approachable presence What Success Looks Like Data protection embedded into day-to-day business operations Clear, effective, and proportionate governance frameworks A workforce that understands its data protection responsibilities Trusted, credible advice that enables good decision-making Strong stakeholder relationships across all levels of the business High visibility across the business - every knows the DPO A pragmatic approach that balances compliance with commercial reality About You Proven experience operating as a Data Protection Officer within a regulated environment Strong working knowledge of UK GDPR and wider privacy legislation Proven track record advising on FCA-regulated activities Good understanding of ICO guidance relating to AI and data protectionStrong knowledge of PECR and data rights management Proven track record - building and improving data protection frameworks and controls Confidence influencing and challenging senior stakeholders Ability to operate effectively in a fast paced, evolving business Proven track record - delivering training and improving organisational awareness And just as importantly, you are: Emotionally intelligent, you influence, not just instruct Credible and resilient, you hold your ground when it matters Pragmatic, balancing compliance with commercial reality A strong communicator, effective from operational teams to Board level You are resilient and thrive under pressure and meet deadlines. What We Offer Life Assurance 4 x basic salary Company or SMART pension Family-friendly benefits Employee Assistance Programme (24/7 support) Discounted gym membership & Cycle to Work scheme Free on site parking Please note, we may need to undertake a vetting process through the Disclosure and Barring Service (DBS) or Disclosure Scotland on new employees, dependent on requirement. All gaps in your CV must be disclosed. We reserve the right to close this advertisement early if we receive a high volume of suitable applications. Equal Opportunity Employer The Pure Group strives to be an equal opportunity employer. We welcome applications from all backgrounds - regardless of age, gender, ethnicity, sexual orientation, disability, religion or belief. We celebrate difference because we believe it enriches our work and strengthens the way we support one another. If you need any additional support or adjustments during the recruitment process, please let us know.

We're 1st Central, a market-leading insurance company utilising smart data and technology at pace. Rapid growth has been based on giving our 1.4 million customers exactly what they want: great value insurance with an excellent service. And that's the same for our colleagues too; we won Insurance Employer of the Year at the British Insurance Awards 2024 and our Glassdoor score is pretty mega too! At 1st Central, data sits at the heart of everything we do, so protecting it is both a legal obligation and a core responsibility. We're looking for a Group Head of Data Protection (DPO) who's passionate about privacy, someone who's curious, commercially aware, and ready to shape the future of data protection across our Group. You'll be our senior voice on all things data protection - advising the Executive, Boards and senior leaders, and setting the strategic direction for privacy across the Group. You'll lead a high performing Privacy team and make sure we're not just compliant, but confident in how we manage and protect data. We're looking for someone who has: Significant experience as a DPO or from a similar compliance role Expert knowledge of data privacy legislation including GDPR Expert knowledge of cybersecurity risks and other information security standards, such as ISO27001 The ability to make good judgements regarding data privacy risks and to prioritise resources and activity around managing those risks What's involved: To be responsible for the development of a high performing Privacy team creating a clear vision whilst building strong relationships inside and outside the Group, in order to collaborate with and influence the executive and senior management across the Group and externally with corporate partners, including data subjects, regulators, suppliers and professional bodies To have an excellent understanding of the key regulatory and statutory rules, regulations, principles and codes of practice incumbent upon Group companies and the jurisdictions in which they are domiciled in so far as they are relevant to the delivery of appropriate Data Protection compliance requirements, and to keep such awareness up to date To define with the Executive, Boards and other senior stakeholders, and implement the Group's Data Protection Strategy To define, scope, gain Audit Committee approval for, and deliver the Group's data privacy programme To report to the Group's Risk Committees on the compliance position highlighting key risks, incidents and matters requiring decisions by the relevant Board or senior management To act as Data Protection Officer for all Group entities where the role is required, and be owner of the Group Data Protection Policy To take overall responsibility for the oversight of Data Protection compliance and related Regulatory matters across the Group Inform and advise Senior Management on data protection laws and policies Monitor compliance with data protection laws and policies, and report on this to the Executive, SICL Management Committee, FCIM Management Committee and Group Audit committees. Oversee the maintenance of records required to demonstrate data protection compliance Supervise the Privacy Team's completion of data protection impact assessments and develop and execute relevant project plans Manage a program of awareness-raising and training to deliver compliance and to foster a data privacy culture within the company Review Data Protection clauses in client terms and supplier contracts Define, implement, and lead a data incident response and data breach notification procedure as well as provide incident management response where applicable Be the contact point with and co-operate with the relevant Data Protection Authorities and to data subjects when exercising their individual data rights as well as supervise and advise on the response to such requests Being the focal point for all activity relating to data protection Promote a culture of awareness of data security throughout the company Comply with the requirements, and act in accordance with, the Group Code of Conduct and Fitness and Propriety policies at all times Responsibility for maintaining department risk registers, providing evidence and commentary for controls, updates for Mitigation Actions and maintaining control matrices and attestations. Also, to ensure that your employees are aware of their responsibility to identify and report risk. Ensure compliance with Company Policies, Values and guidelines and other relevant standards/ regulations at all times, including compliance with the Senior Managers Certification Regime (SMCR) Conduct Rules Job-specific Competencies Experience & Knowledge Knowledge of FCA requirements (including individual responsibilities in relation to Consumer Duty) Significant experience as a DPO or from a similar compliance role Proven track record in leading data protection issues at a senior level Project management experience Experience of interfacing with data protection regulators Experience in designing and implementing a data protection strategy Experience leading a department Educated to degree level IAPP CIPP/E or CIPM or equivalent data privacy qualification Qualified Lawyer Very familiar with UK, Gibraltarian, Guernsey and European data protection laws and practices, including (but not limited to) the Data Protection Act 2018, Privacy & Electronic Communications Regulations 2003 and the General Data Protection Regulation A knowledge of best practice in information security, risk management, legal or audit Expert knowledge of data privacy legislation including GDPR Expert knowledge of cybersecurity risks and other information security standards, such as ISO27001 Skills Ability to make good judgements regarding data privacy risks and to prioritise resources and activity around managing those risks Excellent time management and organisation skills Ability to conduct the role independently and with integrity Ability to plan, organise and prioritise tasks and projects Strong analytical skills Extremely strong communication, influencing and stakeholder management skills Behaviours Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels Strong team player and proven ability to lead and manage a team Enthusiastic and positive The ability to remain calm, controlled and resilient Self motivated and enthusiastic An organised and proactive approach Strives to drive business improvements to contribute to the success of the business If you're ready to lead, influence and make a real impact, we'd love to hear from you. What can we do for you? People first. Always. We're passionate about our colleagues and know the best people deserve an extraordinary working environment. We owe it to them so that's what we offer. Our workplaces are energetic, inspirational, supportive. To get a taste of the advantages you'll enjoy, take a look at all our perks in full here. Intrigued? Our Talent team can tell you everything you need to know about what we want and what we're offering, so feel free to get in touch.

Job Title: Engineering Manager - Insurance Team Location: Manchester N.B. This role does not come with relocation assistance , therefore candidates must be currently based in the UK in order to be considered. Hybrid working policy: 2 days in the Manchester office per week Who are we? At we make it easier for everyone to experience the world. We began by taking hotel bookings online over 25 years ago and we've been shaping the travel industry ever since. Today, we're building a platform that connects all parts of the trip - from accommodation to transport, tickets, tours and more. Insurance is the easiest way to protect your trip and travel with peace of mind. As part of our Connected Trip vision, has ambitious growth plans for the insurance business as it looks to develop a global footprint of insurance product offerings across the group. Through innovation, industry sector knowledge and clear customer focus, the team's challenge is to substantially enhance the Insurance customer experience. Working in collaboration with leading industry partners, our insurance products are designed to give customers assurance they have the protection they need to allow them to relax and enjoy the trip - great value cover backed by a first class experience should they need to make a claim. Role Overview As the Engineering Manager in the Insurance Offer Team located in Manchester, you will be building the Insurance platform in You will be working closely with various teams spread across verticals within Booking's frameworks to make it easier for the 8.5M people who open our apps/website everyday to purchase insurance. With a talented team of product managers, backend developers, and data analysts, you will create a seamless customer experience to increase user engagement and bookings. This is a Backend team that works with latest cloud based technologies , java is the main language used in the team. You will have the opportunity to coach and mentor a varied set of capable engineers. The role of Engineering Manager is to primarily manage, coach and develop an engineering team (software and test engineers), ensuring the development of both (the individual and team as a whole) are in line with organisational objectives and direction. Manages all activities of an engineering scope through the direction of activities, to design new products and modify existing endpoints, ensuring that deliverables are on time and with acceptable quality. The role holder is required to analyse technology trends, human resource needs, and market demand to plan projects to ensure resilience in line with current demand and future ambition. In addition to this, the role will confer with leaders, production, key stakeholders and marketing teams to determine engineering feasibility, cost effectiveness, scalability and time-to-market for new and existing products. Key Job Responsibilities and Duties Managing People Managing Team Coaching/Mentoring End to End System Ownership Technical Incident Management Building software applications Architectural Guidance Automation and toil reduction Monitoring and Alerting improvementsCritical Thinking Continuous Quality and Process Improvement Qualifications & Skills High proficiency in technical leadership Solid understanding of building robust and resilient systems Strong focus on delivery management Strong cross team collaboration skills; you are able to work with other teams to generate objectives and measure value Solid understanding of how the web works starting at the request through to the response Proficient in the use of design patterns and frameworks such as MVC or Spring Solid experience of Continuous Integration, Continuous Testing, Continuous Delivery, and Agile Solid understanding of cloud technologies and how they can be leveraged to solve problems at scale Proficient in cloud cost management; Your skills ensure efficient allocation of resources, cost control, and strategic utilisation of cloud services to maximise value and minimise expenses. Quality first mind-set for writing code using techniques such as TDD, BDD and Agile Good understanding of security principles and writing secure code Solid understanding of Agile practices Benefits & Perks: Global Impact, Personal Relevance A great, brand new office in the heart of Manchester Free breakfast and lunch 25 days' paid holiday plus bank holidays (rising to 28 days after 3 years of service) Health & well-being benefits such as mental health support, access to health insurance, etc. Employer contribution pension Industry-leading parental leave and adoption leave Great discounts on accommodation, car rentals and other group benefits From day one of your employment with us, we offer 22 weeks' fully paid leave for all new parents, regardless of gender or the way you become a parent Carer's leave. 10 days' fully paid leave per year for colleagues who are caring for ill family members. Hybrid Working (UK): We believe in office attendance at least 40% of your time whilst empowering you with the flexibility to plan where to do your best work. Wellbeing & Inclusion at Inclusion, Diversity, Belonging, Wellbeing and Volunteering (IDBWV) have been a core part of our company culture since day one. This ongoing journey starts with our very own employees, who represent over 140 nationalities and a wide range of ethnic and social backgrounds, genders and sexual orientations. Take it from our Chief People Officer, Paulo Pisano: "At the diversity of our people doesn't just create a unique workplace, it also creates a better and more inclusive travel experience for everyone. Inclusion is at the heart of everything we do. It's a place where you can make your mark and have a real impact in travel and tech." We will ensure that individuals with disabilities are provided reasonable adjustments to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to discuss any requirements. is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

IT Director Cardiff Newport Bristol South West IntaPeople are pleased to be appointed exclusively on the recruitment of a newly created executive-level for a Care Group that has experienced sustained growth since inception and now operates across multiple regulated sectors and regions. The organisation currently supports 40+ settings and employs more than 700+ Team Members. The proposed role would provide executive-level oversight of technology strategy, digital transformation, cyber security, infrastructure planning, business continuity, information governance and enterprise-wide systems development. The role is intended to support the continued development of a scalable, resilient and strategically aligned technology function suitable for a growing and geographically diverse organisation. This role focuses on leveraging emerging technologies to drive revenue, scale operations, and manage enterprise-wide risk, while delegating and holding to account day-to-day service delivery of the Head of IT. As the organisation continues to expand, the operational complexity, regulatory requirements, digital dependency and scale of the Group have increased significantly. Technology is now a critical enabler of operational resilience, regulatory compliance, service quality, communication, cyber security and organisational scalability. Key responsibilities at a glance Enterprise Architecture & Transformation: Design the multi-year digital roadmap to transition the Group from legacy systems to scalable, cloud-first and AI-driven environments where appropriate. Business-IT Alignment: Collaborate with the C Suite and GLT to ensure technology is a catalyst for business growth rather than just a support function. Capital Investment Strategy: Oversee the total cost of ownership (TCO) for Group-wide technology investments; perform high-level ROI analysis for major capital expenditures. M&A Support: Lead technical due diligence and integration strategies for business acquisitions and expansion. Information Security Governance: Set the high-level security posture and risk appetite for the Group; lead the strategic response to evolving global threat landscapes. Data & Analytics: Champion a Group-wide data strategy that moves beyond GDPR compliance into business intelligence and predictive analytics to inform executive decision-making. Data Protection and DSAR's: Will assume the role of the Group's Data Protection Officer. Strategic Vendor Management: Manage high-level relationships with technology partners at an account executive level. Organisational Design: Architect the future structure of the IT and technology related departments to ensure they scale ahead of the Group's growth. Technical Knowledge Strong understanding of cloud-based environments and enterprise systems. Experience of Microsoft 365 technologies and related infrastructure. Understanding of information governance, cyber security and business continuity principles. Knowledge of business intelligence, reporting and data governance frameworks. Experience (at a glance) Significant experience within senior technology leadership roles. Experience leading technology strategy and organisational change within multi site environments. Experience of digital transformation, infrastructure planning and cyber security governance. Experience of leading teams, supplier relationships and enterprise-wide projects. Experience operating within regulated or compliance led environments would be advantageous. Role overview (at a glance) Information Technology Director / IT Director Salary to be discussed at qualification stage - dependant on experience Job location - Hybrid/Remote with ad hoc travel to their HQ in the South West area. Competitive Company car allowance 25 days annual leave + Bank Holidays 9 day working fortnight Working hours - 36.5 hours per week Flexible working policy Remote/Hybrid working - please discuss further with candidate depending on location Private Medical insurance (after length of service) Company wide Pension contribution Medical perks towards dental/eye care etc. Interview structure Informal meeting with CEO or/and COO Formal onsite meeting with CEO, COO, CFO and other team members including a task based presentation.

Overview IT Services at the University of Sheffield provide a full range of complex IT and technology enabled services that support education, research, workplace, corporate services and infrastructure enablers to all staff and students. The Information Security team in IT Services is seeking a Security Assurance Officer in the Security Operations team to contribute to its ongoing mission to keep the University safe and secure. The role involves working with the Security Assurance Manager to provide assurance to the University and its partners that information can be protected. Responsibilities include leading information security projects, developing and disseminating policies, and responding to requests for advice and guidance. Core Responsibilities Support the Information Security Team: Assist in protecting University information assets by continually reporting on security risk and compliance metrics and delivering improvements. Project Leadership: Lead information security projects designed to deliver technical and cultural changes to University assets and processes. Risk Assessment: Perform high and low level information security risk assessments. Policy & Procedure Development: Develop and implement new information security processes, procedures, and practices, and advise on or implement technologies to control risks. Control Monitoring: Track, monitor, and deliver improvements to information security controls across various faculties, departments, and research groups. Lead Compliance Activities: Manage and lead assurance activities for standards such as Cyber Essentials+, PCI DSS, NHS DSPT, ONS SRS AOC and GDPR. Risk Guidance: Provide support to manage risks, feeding into departmental and corporate risk registers and recommending suitable controls. Expert Advice: Respond to enquiries and provide expert support and guidance to all members of the University. Decision Making: Make recommendations on information security issues and potential developments to ensure the University's infrastructure and policies support security goals. Awareness & Training: Promote information security awareness and skills, providing tailored training solutions where necessary. Cross Departmental Collaboration: Work with colleagues in IT security, data protection, and research data management to ensure consistency in information support and governance. Stay Current: Keep up to date with published standards, legislation, and guidelines relevant to information security. General Duties: Perform any other duties commensurate with the grade of the post. Essential Criteria Previous relevant experience in information security. A solid understanding of information security principles, techniques and compliance standards. Ability to work at speed, to a high standard and to deliver to agreed timescales. Ability to work at scale, in a diverse technology environment and while managing multiple supplier relationships at once. Professional approach to work; being self confident, innovative, organised and having a commitment to ongoing professional development. Excellent communication skills, both written and verbal. Desirable Criteria Experience in working to, and evidencing compliance of relevant standards and frameworks such as ISO/IEC 27001, PCI DSS, GDPR/DPA 2018. Experience collaborating with others, at all levels, to deliver information security value. Experience of and ability to deliver specialist training to others, at all levels. Relevant information security qualifications (e.g., CISSP, CompTIA Sec+, ISO 27001 Lead Implementer, PCI DSS ISA). A good understanding of information management principles and related information systems in an IT context. Disability Confident Employer The University of Sheffield is a Disability Confident Employer. If you have a disability and meet the essential criteria for this role you will be invited to take part in the next stage of the selection process. Security Clearance BPSS clearance will be required for this role. Possession of a criminal record is not an automatic bar to employment; each case is examined in its own right.

Competitive salary, annual bonus, car allowance and an extensive benefits package. The role in a nutshell: Responsible for all aspects of Information Security within Toyota Financial Services UK, including compliance with Corporate Policies, the ongoing promotion of Information Security across the organisation and to operate an effective Information Security Management System (ISMS). About the 'Department': The Business Technology Solutions (BTS) department are responsible for delivering end-to-end business technology and change through their four key functions of Governance, Projects & Change, Delivery and Technical Operations. They look after both TFSUK and KINTO UK. The mission of BTS is to Give (the Business the technology, applications and services it needs), to Guide (the Business through Change using their expertise and experience) and to Guard (always protect the Business, its Customers & its Data). What you'll be doing: Maintain, mature and align the BTS' ISMS with ISO27001:2022 through management and evolution of the company's Information Security policies, maintaining best practice and alignment with Corporate and Regulatory requirements, including the Global Information Security Group framework (GISG), General Data Protection Regulation (GDPR), Sarbanes-Oxley (SOX) PCI-DSS & Cyber Essentials Plus. Manage Information Security aspects of the third-party due diligence process, including subject matter expertise to support onboarding of new suppliers, ongoing assessment of existing suppliers, contract reviews. Manage/Co-ordinate or provide reporting material for regular information security meetings including supplier security reviews, risk register reviews, metrics. Provide clear and actionable information security reporting to senior leadership. Manage/operate Information Security related tools such as GRC tool and Supplier assessment tool. Own and maintain the BTS Risk register, ensuring risks are identified, assessed and documented in accordance with internal risk methodology, including exception handling. Working in partnership with the Data Protection Officer (DPO) & Legal & Compliance to protect the organisation's information. Overseeing Audit Findings and any associated remediation across BTS including gathering, management and submission of control evidence to support assurance activities, internal compliance reviews (GISG) and any regulatory requirements Manage the Information Security Awareness programme, including maintenance of the training schedule, annual employee training, creation of materials and assist with co-ordination of monthly phishing campaigns. Proactively raising the profile of Information Security across the organisation, its stakeholders, vendors and customers. Working in partnership with the Business & BTS teams to ensure all Projects, Changes, policies and procedures are compliant with corporate information security policies. Management of the annual Security Incident Response Test (SIRT), as well as ensuring the remediation of any findings. Undertake Security related Testing, including Phishing, Security Incident Response Tests Co-ordinate response to security incidents and breaches to ensure any impact is contained and relevant information obtained to facilitate analysis and improvement plans. Maturing the Information Security mindset across TFS UK. What you'll get to own: Management of TFSUK's ISO27001 certification, ensuring the ongoing certification is retained Management of TFSUK's GISG posture, ensuring compliance against the extensive control set Management of the GISG Vendor Assessment process for Information Security assurance of all TFSUK vendors Development & Management of the Information Security Strategy and subsequent annual reviews Oversight of remediation work for all open IT audit findings Management of IT Risk Register and ongoing monthly reviews Information Security Reporting & Performance KPIs Key Experience & Skills: Proven experience in developing, implementing, maintaining and leading an effective ISMS and information security control assurance programme. Strong stakeholder management skills, including technical members of staff and senior executives, stakeholder negotiation and influencing. Good analytical skills. Strong understanding of ISO27001, GDPR, SOX & Information Security Risk Management Understanding of information security tools Experience with business continuity, third party risk management and incident management. Attributes & Behaviours: Strong written and verbal communication skills Ability to interact professionally with a broad range of technical and non-technical stakeholders across the business Keen problem solver and critical thinker Strong multi-tasker, able to work effectively on several projects at one time in a busy and time-driven work environment Proactive, determined and self-motivated At Toyota Financial Services (TFS) it is more than just an externally bench-marked salary and bonus, we also offer: Hybrid working pattern is 2 days in the office and 3 days from a location of your choice. Access to attractive car schemes for you (& your family) for Toyota & Lexus cars Excellent pension scheme (up to 6% employee contribution and 15% employer contribution). Generous annual leave of 25 days which increases with service and holiday purchase option Private Medical Healthcare (single, partner/spouse and dependent children) with Digital GP Service Group Income Protection cover with Aviva including physical, mental, and financial wellbeing services Employee Assistance Program Eye tests Onsite gym, Sports and Social Club, & flu jabs to keep you healthy Wellbeing hour each month and many more initiatives throughout the year to encourage a healthy mind and body, and to raise awareness and celebrate diversity, equity and inclusion. Dress for your day policy to make you feel comfortable at work Eco HQ, free parking & restaurant Two volunteering days per year Reward gateway voucher discounts Flexible working scheme and we welcome flexible working conversations at interview Regular 121s with your manager, a personal development review (PReview) each quarter A wide range of learning & development opportunities including Linked In Learning courses £250 contribution towards you learning something new outside of work Annual events (e.g., summer party, BBQ & Xmas party) including Countdown to Christmas events every December - it is so much fun! At Toyota Financial Services (TFS) we value everyone and are pleased to be recognised as a Disability Confident Employer.

Senior Data Administrator - Musculoskeletal (MSK) Services The closing date is 01 June 2026 We are looking for a dynamic and enthusiastic administrator with a particular interest in interpreting and presenting data to join and help develop our team. The successful candidate will provide a high level of administrative support to the MSK team within Surrey Downs Health and Care (SDH&C) Community Services through oversight and management of all Referral and Administration related work within MSK. This will include liaising with clinicians, service users, referring parties and other administrative or partner organisation staff. We expect the successful candidate to lead by example in ensuring an efficient, patient focused service. A strong understanding of data, Microsoft Excel and EMIS are essential; along with the confidence to articulate any issues and problem solve solutions. Support the organisation in achieving the vision of excellence in everything we do by promoting equal opportunities, fairness, equity and inclusion through best practice working, monitoring, training and evaluation. Main duties of the job To provide a high level of administrative support to the MSK team. This will include liaising with clinicians, service users, referring parties and other administrative or partner organisation staff. Respond to all queries in a timely and professional manner. To provide regular reviews on the MSK service's waiting list data, identify trends, report any concerns and pro-actively assist with the management of these lists. Participate in the recruitment and line manage a team of administrators who are responsible for delivering a high quality efficient administration service. Work closely with and deliver a wide range of high quality efficient administration services to clinical leads and operational managers, team leaders and clinicians for a specified range of services. Contribute to the continual review & evaluation of all administrative systems and procedures and associated policies in order that improvements and developments can be made. Job responsibilities Administration Support the business unit in the delivery of services across the business unit and in developing standardised administration processes. Support the Clinical Leads and Managers in ensuring high quality customer service and key performance indicators are met. Provide regular reviews on the MSK services waiting list data, identifying trends, escalating concerns and pro-actively assisting with the management of these lists and problem solving solutions. Attend and participate in relevant meetings e.g. with MSK Team, SPA, Local Administrators, EMIS team. Raise and manage orders for the MSK service through NHS Supply Chain and SBS, liaising with local clinical and administrative staff to co ordinate these orders. Participate in the development and updating of standard operating procedures (SOPs) for all administrative processes. Plan, co ordinate and manage the workflow within the wider administration team in collaboration with other senior administrators and the Clinical Manager/Operations Manager. Act as the line manager of a designated group of administrators, monitoring delivery of the workflow, allocating and checking work to ensure an efficient and effective admin service is provided to all clinicians and clinical team managers in a timely manner. Allocate and re allocate tasks on a daily basis as required as organisational priorities change. Contribute to the process of rota planning and flexible working within the team to ensure that workflow is managed between different tasks on all sites and that reception areas are covered at all times. Ensure that all public and professional enquiries are dealt with by the administrative team in an efficient, polite and confidential manner and/or passed onto the relevant member of staff for action. Provide data to inform the staffing plan to recruit and develop admin staff in line with changing business needs and budget, participating in recruitment tasks, sitting on interview panels and inducting new members of staff. Provide starters induction and leavers processes of MSK personnel; liaising with HR and IM&T as appropriate to ensure that all processes and resource logs are accurately maintained, with assets, resources and access to IT systems managed to information governance and other policy standards. Participate in the communication and information cascade to the MSK team and associated administrators within the business unit via team meetings and other communication methods. Maintain good communications with clinicians and managers in relation to the administration and customer services provided by the team. Responsible for the formal supervision and performance management reviews of a delegated group of administrators from within the business unit, identifying training and skills development needs to feed the training plan, to ensure that individuals within the admin team have the knowledge and skills required to perform and deliver their specified job tasks. Evaluate, monitor and support the development of skills within the administrative team to enable the full range of tasks to be completed as required; providing advice and guidance as appropriate and alerting the Clinical Manager/Operational Manager to any additional support or action required to achieve the skills gain required. Prioritise and take responsibility for own workload; recognise and support colleagues who need guidance and assistance. Responsible for the implementation and monitoring of annual leave and absence management processes, statutory and mandatory training attendance and other HR policies for the MSK team within the business unit. Maintain securely the personnel records of administrators and clinical personnel on behalf of clinical managers, in accordance with the confidentiality policy and data protection act. Maintain emergency contact details for emergency planning and safe working practices of peripatetic staff purposes. Participate in the initial stages of performance management, grievance and discipline procedures, when appropriate. Investigate any internal or external complaints relating to the administration service in line with the SDH&C complaints policy. Estates, Procurement, Medical Devices and Business Continuity Support the clinical manager/operations manager in their role as premises manager for the sites within the business unit; undertaking delegated tasks to manage the shared site and resources smoothly and efficiently. Attend site user meetings and alert the Clinical Manager/Operations Manager to any accommodation relocation, exchange, new use requests and vacancy of rooms that are reported in the course of the working role. Ensure any non clinical accident or incident involving admin personnel or a member of the public is reported in line with the SDH&C policy, completing documentation in the correct time frame. Alert the Clinical/Operations Manager to any risks that need urgent attention. Monitor the functioning of patient management systems and communications technologies across the business unit and alert the Clinical/Operational Manager to any issues. Work in partnership with the Procurement and Estates Senior Administrator to ensure that all purchasing and procurement is carried out in line with procurement policies and processes. Coordinate ordering on site to ensure minimum waste, best price and that the correct procedures have been adhered to. Ensure appropriate level of stationary, office supplies and clinical equipment and materials are available to meet administration and clinical team needs, and ensure that stocks are stored securely with effective stock monitoring in place. Undertake regular monitoring of all site equipment ensuring it is maintained in good working order, reporting issues to Estate and Facilities Services to arrange for appropriate maintenance and repair work to be carried out where necessary and once authorised. Ensure that all estates repairs are reported in line with the estates procedure, alerting the NHS Property Services to any new works required or repairs not being delivered in a timely manner. Undertake regular monitoring of accommodation in accordance with health and safety regulations, alerting the Clinical/Operations Manager to issues identified. Act as first point of contact for health and safety issues including fire duties, security and first aid. Assist in the coordination, completion and reporting of audits of site based equipment, estate and services received, to support contract monitoring and quality standards under CQC and other regulations. Coordinate and monitor the ordering, delivery, collection and stock taking of Equipment Store daily leaving equipment peripheral store, if located within the business unit. Undertake actions on Medical Devices Agency safety notices or hazard warning notices as requested by the Clinical Manager/Operations Manager, Governance team administrator, or clinical manager. Undertake any delegated role and support others to fulfil responsibilities as local fire officers to coordinate evacuation procedures, first aid procedures and health and safety procedures. Support the clinical managers in the development of clinical service business continuity plans and in the development of site specific business continuity plans. Participate in the programme of review and complete any actions allocated. . click apply for full job details

Role Purpose The Head of IT provides strategic leadership and operational oversight of all IT and digital services across St Leonards School. The postholder will lead the School through a period of strategic digital development, ensuring that technology effectively supports teaching and learning, operational efficiency, cyber security resilience and long term growth. The role combines strategic planning, operational management, cyber security leadership and data protection accountability. The Head of IT will ensure that IT services are robust, secure, innovative and aligned with the School's wider strategic objectives. Strategic Leadership & Digital Development Design and develop, implement and regularly review the School's IT and Digital Strategy in alignment with the overall School Strategic Plan. Lead digital transformation initiatives that enhance teaching, learning and administrative efficiency. Chair or contribute to digital roadmap planning, ensuring clear priorities and measurable outcomes. Advise the Executive Team and Governors on emerging technologies, risks, opportunities and sector trends. Ensure digital infrastructure supports future growth, resilience and innovation. IT Operations & Service Delivery Oversee the delivery of effective, responsive and high quality IT support services to staff and pupils. Ensure appropriate service levels, performance monitoring and continuous improvement of IT support. Maintain robust IT infrastructure including networks, servers, cloud services, devices and telephony (mobile and fixed line). Ensure business continuity and disaster recovery plans are in place, tested and regularly reviewed. Monitor system performance and uptime to ensure minimal disruption to teaching and operations. Cyber Security & Risk Management Lead the development and continuous improvement of the School's cyber security framework. Work with internal colleagues and external suppliers to strengthen cyber defences and system resilience. Ensure compliance with recognised security standards and best practice. Oversee risk assessments, penetration testing, patch management and incident response planning. Report cyber risks and mitigation strategies to senior leadership and Governors. Guide the Executive on incident management planning and lead on SAR requests and IT Cyber breach. Data Protection & GDPR (DPO Function) Act as the School's Data Protection Officer (DPO). Ensure compliance with UK GDPR and Data Protection legislation. Maintain oversight of data processing activities and the School's Data Protection Policy. Manage data breaches and report incidents as required. Provide training and guidance to staff on data protection responsibilities. Oversee Data Protection Impact Assessments (DPIAs). AI integration and oversight The Head of IT is responsible for overseeing the strategic implementation, governance, security, and ethical use of AI technologies within the school. Ensures that AI systems support educational objectives while protecting data, maintaining compliance with regulations, and promoting responsible AI use among staff and students. Budget & Financial Management Develop and manage the annual IT budget. Lead long term IT financial planning and capital investment proposals. Ensure cost effective procurement of hardware, software and services. Monitor contracts and licensing to ensure value for money and compliance. Present budget updates and investment proposals to the Finance, IT & Estates Committee. Supplier & Contract Management Manage relationships with external IT support providers (including IO or equivalent). Oversee third party contractors, cyber security providers and website managers. Negotiate contracts, service level agreements and renewals. Ensure suppliers meet performance, compliance and safeguarding expectations. Team Leadership & Line Management Line manage the IT team, including: Help Desk Technician Database (MIS) Officer Set clear objectives, performance standards and professional development plans. Foster a culture of service excellence, accountability and continuous improvement. Ensure appropriate cover arrangements and succession planning. Teaching & Learning Innovation Work closely with academic staff to support digital learning initiatives. Promote effective use of educational technology in classrooms. Support staff training and digital upskilling. Identify opportunities to enhance pupil digital literacy and innovation. Governance & Reporting Member of the Digital Strategy Group. Work closely with the Executive Team. Provide reports and updates to the Finance, IT & Estates Committee and Board of Governors. Contribute to risk registers and compliance reporting. Cross School Collaboration Collaborate with: Senior Leadership Team External Relations (CRM, digital marketing, website) Finance (systems integration and compliance) HR (systems, payroll interfaces, staff data) Estates (infrastructure, cabling, physical security) Commercial operations External website managers & third party contractors Person Specification Essential Honours degree (or equivalent professional experience) in IT, Computer Science or related field. Recognised IT professional qualifications. Significant experience in senior IT leadership. Experience managing cyber security frameworks and risk. Experience managing budgets and external suppliers. Strong team management and leadership capability. Demonstrable knowledge of GDPR and data protection compliance. Desirable Experience in the education sector. Experience acting as DPO. Experience leading digital transformation programmes. Cyber security certifications (e.g. CISSP, CISM, CEH). Personal Attributes Strategic thinker with strong operational delivery capability. Calm and decisive under pressure. Excellent communicator across technical and non technical audiences. Highly organised with strong governance awareness. Committed to safeguarding and pupil wellbeing.