We're looking for someone to take ownership of the operational backbone behind our development and support teams. Not a coder. Not a CTO. Someone who makes the machinery run - the people, the processes, the infrastructure, the compliance - so our talented developers can focus on what they do best: building brilliant work for our clients. This is a new role for Laser Red, and it's a big one. You'll sit in our Management Team, line manage our development and support teams, and be directly responsible for how our technical function operates day to day. If you're the kind of person who bridges the gap between technical teams and the wider business - someone who's equally comfortable in a 1:1 with a developer and a strategy meeting with directors - we want to hear from you. Full time, permanent position (35 hours a week) Location Hybrid - work from our Lincoln or Grimsby offices, or from home. (Must be a UK resident with a valid driving licence) Why This Role Exists As Laser Red has grown, our Lead Developers have taken on more and more management responsibility alongside their technical work. It's meant less time coding, less time mentoring, and less time doing the things they're genuinely brilliant at. This role fixes that. You'll take on the people management, operational oversight, and cross department coordination so our technical leads can get back to leading technically - setting standards, reviewing code, mentoring the team, and building great solutions. You don't need to be a web developer. You need to be a strong manager with a technical operations background who can earn the trust of a skilled team, bring structure without bureaucracy, and make things run better. What You'll Be Responsible For People management and team development. You'll line manage our development team of around 10 people (including our Lead Backend and Lead Frontend Developers) plus our Support Manager and their team. That means regular 1:1s, performance reviews, career development conversations, recruitment, onboarding, and being the person who handles the day to day people stuff - workload concerns, conflict resolution, wellbeing. You'll be their voice in the Management Team. Capacity planning and resource allocation. Making sure the right people are working on the right things at the right time. You'll own our internal scheduling and capacity tools, coordinate with Project Managers on project handovers, and keep an eye on utilisation - flagging burnout risks or gaps before they become problems. Infrastructure and hosting. We manage hosting across multiple providers for 150+ client websites. You'll own the hosting estate - performance, uptime, cost optimisation - and drive migration projects as we improve our infrastructure. You'll work alongside our senior developers on technical architecture decisions; they own the direction, you own the operations and execution. Security, compliance and governance. Cyber Essentials certification, GDPR compliance, accessibility standards, AI usage policy governance, and regular security reviews. You'll own the compliance posture for the business and liaise with external assessors and auditors as needed. R&D, innovation and continuous improvement. This is where it gets interesting. We want someone who's naturally curious about better ways of working - someone who'll research new tools, trial AI applications, evaluate emerging technologies, and then actually implement them across the team. Not just ideas, but execution. Training, rollout, adoption. You'll champion our innovation time and make sure it delivers real value back to the business. Tooling, systems and technical debt. We have internal tools for estimation, scheduling, and time tracking that need day to day management and adoption. You'll also own the technical debt backlog - the housekeeping that keeps our infrastructure clean and our projects maintainable. Documentation standards, staging site hygiene, repository management, backup cleanup. Reporting and data. Build and maintain operational dashboards that give leadership clear visibility on infrastructure costs, team utilisation, hosting profitability, and technical health. Not vanity metrics - useful data that drives decisions. Client facing technical advisory. Where the opportunity arises, you'll support our Account Managers on client conversations that involve digital systems, process improvement, or operational efficiency. Particularly with manufacturing, engineering, and industrial clients, your operational and systems expertise adds genuine commercial value. How This Role Works We want to be transparent about how this fits into the team. Our Lead Developers retain all technical authority. They own code standards, architecture decisions, code review, technical mentoring, and tooling choices. They're the people who decide how things are built and whether the quality is right. You own the operational layer around them. People management, resource planning, processes, infrastructure, compliance, reporting. You decide what gets worked on and when. You make sure the team has what they need. You handle the management overhead so the technical leads don't have to. The relationship works when both sides trust each other. You don't need to evaluate code quality - you need to listen to the people who can, champion their recommendations, and translate technical needs into business decisions. The absolute must haves: Proven experience managing technical teams. - doesn't have to be web or agency. Manufacturing, engineering, IT operations backgrounds are equally valid. What matters is you've managed skilled people and done it well. Strong IT operations and infrastructure knowledge. - server management, hosting, networking fundamentals. You understand the systems side of technology. Compliance experience. - GDPR, Cyber Essentials, ISO, accessibility standards, or equivalent. You've worked within compliance frameworks and ideally led a business through certification. Project management discipline. - you can take something from business case to delivery without losing the thread. You plan, you track, you deliver. Data literacy. - comfortable building reports and dashboards, making sense of operational metrics, and using data to drive decisions rather than gut feel. Genuinely good with people. - you build trust, you handle difficult conversations, you develop people. You can earn the respect of a team who know more about their craft than you do. Process improvement mindset. - Lean, continuous improvement, operational efficiency. You spot waste and fix it without creating bureaucracy. Curious about technology. - you actively research, trial, and implement better ways of working. AI, automation, new tools - you're the person who makes innovation actually happen. Comfortable in a small business. - we're a team of 33. You'll roll your sleeves up. There's no one to delegate everything to. Nice to have (but honestly, we can teach you): Agency, SaaS, or digital environment experience - even tangentially. If you've worked adjacent to web development, that helps. Linux server familiarity - command line, SSH, server administration. CI/CD and deployment pipeline understanding - even conceptually. Knowing what a release process looks like matters. ERP, MES, or scheduling tool experience - production planning, resource management, capacity systems. These skills transfer directly. Budget and CAPEX management - experience managing technology budgets and making the financial case for investment. Client advisory experience - advising businesses on digital transformation, systems implementation, or operational improvement. Manufacturing, engineering, or industrial sector background - our core client base is in these sectors. If you speak their language, that's a genuine advantage. Experience & Qualifications 3+ years managing technical teams in any sector Degree or equivalent experience in a relevant field (IT, business, engineering, operations) Any formal management training or qualifications are a bonus, but real world experience matters more Full UK driving licence What You'll Achieve in Your First 90 Days Month 1 - Meet every member of the dev and support teams. Understand our tools, systems, and how work flows through the business. Build relationships with the team leads and the wider Management Team. Month 2 - Start delivering quick wins: documentation gaps, hosting cost optimisation, process improvements. Take over 1:1s with the dev team. Establish a regular security review cadence. Begin building the operational dashboards leadership needs. Month 3 - Present a 6 month roadmap covering infrastructure, compliance, R&D priorities, and process improvements. Have at least one visible win the team can point to and say "that made my life easier." Establish a working rhythm where the Lead Developers feel empowered and supported. Here's what's in it for you! A seat at the table: You'll be part of the Management Team with direct input into how the business operates and grows. This isn't a middle management role that gets told what to do - you'll shape the direction of the technical function. Real autonomy: We'll give you the scope to make this role your own. We've told you what we need - how you deliver it is up to you. . click apply for full job details
18/06/2026
Full time
We're looking for someone to take ownership of the operational backbone behind our development and support teams. Not a coder. Not a CTO. Someone who makes the machinery run - the people, the processes, the infrastructure, the compliance - so our talented developers can focus on what they do best: building brilliant work for our clients. This is a new role for Laser Red, and it's a big one. You'll sit in our Management Team, line manage our development and support teams, and be directly responsible for how our technical function operates day to day. If you're the kind of person who bridges the gap between technical teams and the wider business - someone who's equally comfortable in a 1:1 with a developer and a strategy meeting with directors - we want to hear from you. Full time, permanent position (35 hours a week) Location Hybrid - work from our Lincoln or Grimsby offices, or from home. (Must be a UK resident with a valid driving licence) Why This Role Exists As Laser Red has grown, our Lead Developers have taken on more and more management responsibility alongside their technical work. It's meant less time coding, less time mentoring, and less time doing the things they're genuinely brilliant at. This role fixes that. You'll take on the people management, operational oversight, and cross department coordination so our technical leads can get back to leading technically - setting standards, reviewing code, mentoring the team, and building great solutions. You don't need to be a web developer. You need to be a strong manager with a technical operations background who can earn the trust of a skilled team, bring structure without bureaucracy, and make things run better. What You'll Be Responsible For People management and team development. You'll line manage our development team of around 10 people (including our Lead Backend and Lead Frontend Developers) plus our Support Manager and their team. That means regular 1:1s, performance reviews, career development conversations, recruitment, onboarding, and being the person who handles the day to day people stuff - workload concerns, conflict resolution, wellbeing. You'll be their voice in the Management Team. Capacity planning and resource allocation. Making sure the right people are working on the right things at the right time. You'll own our internal scheduling and capacity tools, coordinate with Project Managers on project handovers, and keep an eye on utilisation - flagging burnout risks or gaps before they become problems. Infrastructure and hosting. We manage hosting across multiple providers for 150+ client websites. You'll own the hosting estate - performance, uptime, cost optimisation - and drive migration projects as we improve our infrastructure. You'll work alongside our senior developers on technical architecture decisions; they own the direction, you own the operations and execution. Security, compliance and governance. Cyber Essentials certification, GDPR compliance, accessibility standards, AI usage policy governance, and regular security reviews. You'll own the compliance posture for the business and liaise with external assessors and auditors as needed. R&D, innovation and continuous improvement. This is where it gets interesting. We want someone who's naturally curious about better ways of working - someone who'll research new tools, trial AI applications, evaluate emerging technologies, and then actually implement them across the team. Not just ideas, but execution. Training, rollout, adoption. You'll champion our innovation time and make sure it delivers real value back to the business. Tooling, systems and technical debt. We have internal tools for estimation, scheduling, and time tracking that need day to day management and adoption. You'll also own the technical debt backlog - the housekeeping that keeps our infrastructure clean and our projects maintainable. Documentation standards, staging site hygiene, repository management, backup cleanup. Reporting and data. Build and maintain operational dashboards that give leadership clear visibility on infrastructure costs, team utilisation, hosting profitability, and technical health. Not vanity metrics - useful data that drives decisions. Client facing technical advisory. Where the opportunity arises, you'll support our Account Managers on client conversations that involve digital systems, process improvement, or operational efficiency. Particularly with manufacturing, engineering, and industrial clients, your operational and systems expertise adds genuine commercial value. How This Role Works We want to be transparent about how this fits into the team. Our Lead Developers retain all technical authority. They own code standards, architecture decisions, code review, technical mentoring, and tooling choices. They're the people who decide how things are built and whether the quality is right. You own the operational layer around them. People management, resource planning, processes, infrastructure, compliance, reporting. You decide what gets worked on and when. You make sure the team has what they need. You handle the management overhead so the technical leads don't have to. The relationship works when both sides trust each other. You don't need to evaluate code quality - you need to listen to the people who can, champion their recommendations, and translate technical needs into business decisions. The absolute must haves: Proven experience managing technical teams. - doesn't have to be web or agency. Manufacturing, engineering, IT operations backgrounds are equally valid. What matters is you've managed skilled people and done it well. Strong IT operations and infrastructure knowledge. - server management, hosting, networking fundamentals. You understand the systems side of technology. Compliance experience. - GDPR, Cyber Essentials, ISO, accessibility standards, or equivalent. You've worked within compliance frameworks and ideally led a business through certification. Project management discipline. - you can take something from business case to delivery without losing the thread. You plan, you track, you deliver. Data literacy. - comfortable building reports and dashboards, making sense of operational metrics, and using data to drive decisions rather than gut feel. Genuinely good with people. - you build trust, you handle difficult conversations, you develop people. You can earn the respect of a team who know more about their craft than you do. Process improvement mindset. - Lean, continuous improvement, operational efficiency. You spot waste and fix it without creating bureaucracy. Curious about technology. - you actively research, trial, and implement better ways of working. AI, automation, new tools - you're the person who makes innovation actually happen. Comfortable in a small business. - we're a team of 33. You'll roll your sleeves up. There's no one to delegate everything to. Nice to have (but honestly, we can teach you): Agency, SaaS, or digital environment experience - even tangentially. If you've worked adjacent to web development, that helps. Linux server familiarity - command line, SSH, server administration. CI/CD and deployment pipeline understanding - even conceptually. Knowing what a release process looks like matters. ERP, MES, or scheduling tool experience - production planning, resource management, capacity systems. These skills transfer directly. Budget and CAPEX management - experience managing technology budgets and making the financial case for investment. Client advisory experience - advising businesses on digital transformation, systems implementation, or operational improvement. Manufacturing, engineering, or industrial sector background - our core client base is in these sectors. If you speak their language, that's a genuine advantage. Experience & Qualifications 3+ years managing technical teams in any sector Degree or equivalent experience in a relevant field (IT, business, engineering, operations) Any formal management training or qualifications are a bonus, but real world experience matters more Full UK driving licence What You'll Achieve in Your First 90 Days Month 1 - Meet every member of the dev and support teams. Understand our tools, systems, and how work flows through the business. Build relationships with the team leads and the wider Management Team. Month 2 - Start delivering quick wins: documentation gaps, hosting cost optimisation, process improvements. Take over 1:1s with the dev team. Establish a regular security review cadence. Begin building the operational dashboards leadership needs. Month 3 - Present a 6 month roadmap covering infrastructure, compliance, R&D priorities, and process improvements. Have at least one visible win the team can point to and say "that made my life easier." Establish a working rhythm where the Lead Developers feel empowered and supported. Here's what's in it for you! A seat at the table: You'll be part of the Management Team with direct input into how the business operates and grows. This isn't a middle management role that gets told what to do - you'll shape the direction of the technical function. Real autonomy: We'll give you the scope to make this role your own. We've told you what we need - how you deliver it is up to you. . click apply for full job details
Senior IT & Security ManagerJob detailsBusiness OperationsSydenhamFull-timeSharks have spent 400 million years perfecting low-drag travel. We're putting that to work on aircraft and we need someone to keep the systems behind it secure. Your Mission MAKO's mission is to improve the efficiency of the global aviation fleet, saving billions in fuel and megatonnes of CO2 every year. We need a Senior IT & Security Manager to own and operate MAKO's Information Security Management System (ISMS), ensuring alignment with regulatory and certification obligations, while developing and strengthening MAKO's overall IT and security posture. You will report to the COO. What You Will Do Develop and execute a multi-year IT and security roadmap that scales with MAKO's growth and supports the secure handling of sensitive and regulated data Own and operate MAKO's Information Security Management System (ISMS), aligned with recognised information security and aviation standards Maintain the security plans, risk registers and supporting documentation that underpin MAKO's customer, regulatory and supply-chain security obligations Implement, uplift and maintain technical security controls aligned with recognised cyber security baselines, while supporting the evolution of MAKO's security infrastructure as operations grow Act as the primary owner of certification, compliance, and audit workstreams, preparing for and supporting audits, assessments and regulator engagements Own MAKO's IT environment, including strategy, governance and day-to-day management of hardware, software, identity and access management, device lifecycle management, end-user support, documentation, and related systems and services What Success Looks Like First Month: You understand MAKO's IT and security environment, have built strong working relationships across the team, and have begun shaping a multi-year IT and security plan First Six Months: You are confidently operating MAKO's ISMS and security controls, have delivered meaningful improvements in line with your roadmap, and are effectively managing our certification and compliance workstreams First Year: You own a mature, well-documented security program and have materially strengthened MAKO's IT and security posture. You have deep knowledge of MAKO's environment and communicate technical information effectively to the executive team, customers and regulators as the internal owner of our certification program About You Tertiary qualifications in information technology, cybersecurity or a related field; or equivalent practical experience Relevant industry certifications are well regarded, such as CISSP, CISM, or ISO/IEC 27001 Lead Implementer / Lead Auditor (preferred, not essential) 5+ years in IT and/or information security, ideally including a role with broad ownership spanning IT operations, security and compliance Experience implementing or operating against recognised security frameworks (e.g. ISO/IEC 27001, ASD Essential 8) Experience producing documentation to the standard expected by external assessors, including policies, standards, procedures, SSPs, POA&Ms, risk registers and audit evidence Experience developing and executing a multi-year IT and security strategy Comfortable coordinating specialist consultants, auditors, and external assessors to deliver outcomes across a broad range of technical and compliance domains Enthusiasm for the pace and breadth of a startup environment Why You Should Join MAKO Impact: Aviation is one of the hardest to abate industries, and its share of global emissions is only growing. Join our mission to improve the efficiency of the global fleet and save millions of tonnes of CO2 every year. Technology: Our technology leverages the drag-reducing properties of shark skin to make aircraft more efficient. You'll be exposed to expertise and developments in materials, photolithography, fluid dynamics, and scale manufacturing. Team: Our team focuses on achieving our mission. We live our values of lift over drag, active transparency, and changing the boundary conditions, and we welcome new team members who want to do the same. Corporate Jet: We have (most of) a corporate jet. It won't fly, but it sure does look cool.This is a rare chance to shape the entire IT and security function of a fast-moving startup at the frontier of materials science and aviation, with real ownership and real impact from day one. Bring your expertise, your curiosity, and your appetite for breadth, and help us change the boundary conditions. Apply today.
14/06/2026
Full time
Senior IT & Security ManagerJob detailsBusiness OperationsSydenhamFull-timeSharks have spent 400 million years perfecting low-drag travel. We're putting that to work on aircraft and we need someone to keep the systems behind it secure. Your Mission MAKO's mission is to improve the efficiency of the global aviation fleet, saving billions in fuel and megatonnes of CO2 every year. We need a Senior IT & Security Manager to own and operate MAKO's Information Security Management System (ISMS), ensuring alignment with regulatory and certification obligations, while developing and strengthening MAKO's overall IT and security posture. You will report to the COO. What You Will Do Develop and execute a multi-year IT and security roadmap that scales with MAKO's growth and supports the secure handling of sensitive and regulated data Own and operate MAKO's Information Security Management System (ISMS), aligned with recognised information security and aviation standards Maintain the security plans, risk registers and supporting documentation that underpin MAKO's customer, regulatory and supply-chain security obligations Implement, uplift and maintain technical security controls aligned with recognised cyber security baselines, while supporting the evolution of MAKO's security infrastructure as operations grow Act as the primary owner of certification, compliance, and audit workstreams, preparing for and supporting audits, assessments and regulator engagements Own MAKO's IT environment, including strategy, governance and day-to-day management of hardware, software, identity and access management, device lifecycle management, end-user support, documentation, and related systems and services What Success Looks Like First Month: You understand MAKO's IT and security environment, have built strong working relationships across the team, and have begun shaping a multi-year IT and security plan First Six Months: You are confidently operating MAKO's ISMS and security controls, have delivered meaningful improvements in line with your roadmap, and are effectively managing our certification and compliance workstreams First Year: You own a mature, well-documented security program and have materially strengthened MAKO's IT and security posture. You have deep knowledge of MAKO's environment and communicate technical information effectively to the executive team, customers and regulators as the internal owner of our certification program About You Tertiary qualifications in information technology, cybersecurity or a related field; or equivalent practical experience Relevant industry certifications are well regarded, such as CISSP, CISM, or ISO/IEC 27001 Lead Implementer / Lead Auditor (preferred, not essential) 5+ years in IT and/or information security, ideally including a role with broad ownership spanning IT operations, security and compliance Experience implementing or operating against recognised security frameworks (e.g. ISO/IEC 27001, ASD Essential 8) Experience producing documentation to the standard expected by external assessors, including policies, standards, procedures, SSPs, POA&Ms, risk registers and audit evidence Experience developing and executing a multi-year IT and security strategy Comfortable coordinating specialist consultants, auditors, and external assessors to deliver outcomes across a broad range of technical and compliance domains Enthusiasm for the pace and breadth of a startup environment Why You Should Join MAKO Impact: Aviation is one of the hardest to abate industries, and its share of global emissions is only growing. Join our mission to improve the efficiency of the global fleet and save millions of tonnes of CO2 every year. Technology: Our technology leverages the drag-reducing properties of shark skin to make aircraft more efficient. You'll be exposed to expertise and developments in materials, photolithography, fluid dynamics, and scale manufacturing. Team: Our team focuses on achieving our mission. We live our values of lift over drag, active transparency, and changing the boundary conditions, and we welcome new team members who want to do the same. Corporate Jet: We have (most of) a corporate jet. It won't fly, but it sure does look cool.This is a rare chance to shape the entire IT and security function of a fast-moving startup at the frontier of materials science and aviation, with real ownership and real impact from day one. Bring your expertise, your curiosity, and your appetite for breadth, and help us change the boundary conditions. Apply today.
Alexander Mann Solutions - Contingency
City, Derby
AMS is a global workforce solutions partner committed to creating inclusive, dynamic, and future-ready workplaces. We help organisations adapt, grow, and thrive in an ever-evolving world by building, shaping, and optimising diverse talent strategies. Our Contingent Workforce Solution (CWS) is one way we support our clients. Acting as an extension of their recruitment teams, we connect them with skilled interim and temporary professionals, fostering workplaces where everyone can contribute and succeed. On behalf of our globally respected client who develop cutting-edge technologies that deliver clean, safe and competitive solutions to meet the planet's vital power needs we are looking for a Security Auditor & Risk Assessor for a 12 month contract based in Derby . Please note this role is hybrid position in which you would be required to work onsite 3 days per week and work from home 2 days per week Purpose of the role: You will lead and perform independent security audits and risk assessments to identify vulnerabilities, control weaknesses, and policy non-compliance across IT systems, applications, and third-party environments, whilst evaluating risk exposure and partner with stakeholders to develop and implement remediation plans that strengthen the organisation's overall security posture. What you'll do: Reporting into the Security team, you will: Support the VP Digital Risk & Compliance in defining and delivering a risk based audit and assessment programme across IT systems, business units, supply chain partners, and third-party providers. Conduct comprehensive security audits and risk assessments, evaluating control effectiveness, identifying gaps, and assessing risk exposure. Produce clear, timely audit and risk assessment reports, including risk ratings and prioritised recommendations. Develop and agree risk treatment and remediation plans with system and business owners to mitigate identified risks. Analyse audit and assessment outputs to identify systemic risks and trends, driving improvements in policy, processes, controls, and technology. Present findings, risk insights, and recommendations to senior stakeholders in a clear and compelling manner. Support the development and enhancement of Information Security policies, standards, and procedures aligned to recognised frameworks (e.g., ISO 27000) The skills you'll need: Strong understanding of information security principles, risk management, and audit methodologies. Knowledge of enterprise IT systems, applications, security practices, security controls and architectures. Familiarity with recognised cyber security frameworks and standards (e.g., ISO 27000, NIST, NIS2, CIS), including their application in audit and risk assessment contexts. Desirable but not essential, familiarity with EASA Part-IS regulation and associated requirements. Ability to assess and articulate risk clearly, with experience in risk-based decision-making approaches. Excellent communication and stakeholder engagement skills, with the ability to influence outcomes. Broad IT security knowledge supported by relevant certifications or experience. Awareness of cloud technologies and risk considerations in enterprise environments. Proactive mindset with willingness to learn and contribute to wider compliance domains such as Product Safety, Data Privacy, and Export Control. Desirable Qualifications Degree or MSc in Information Security (or equivalent) CISSP, CISM, CRISC, or equivalent. ISO 27001 Lead Implementer / Lead Auditor. Experience with Microsoft Azure or other cloud platforms. Next steps We will only accept workers operating via an Umbrella or PAYE engagement model. If you are interested in applying for this position and meet the criteria outlined above, please click the link to apply and we will contact you with an update in due course. AMS, a Recruitment Process Outsourcing Company, may in the delivery of some of its services be deemed to operate as an Employment Agency or an Employment Business
12/06/2026
Contractor
AMS is a global workforce solutions partner committed to creating inclusive, dynamic, and future-ready workplaces. We help organisations adapt, grow, and thrive in an ever-evolving world by building, shaping, and optimising diverse talent strategies. Our Contingent Workforce Solution (CWS) is one way we support our clients. Acting as an extension of their recruitment teams, we connect them with skilled interim and temporary professionals, fostering workplaces where everyone can contribute and succeed. On behalf of our globally respected client who develop cutting-edge technologies that deliver clean, safe and competitive solutions to meet the planet's vital power needs we are looking for a Security Auditor & Risk Assessor for a 12 month contract based in Derby . Please note this role is hybrid position in which you would be required to work onsite 3 days per week and work from home 2 days per week Purpose of the role: You will lead and perform independent security audits and risk assessments to identify vulnerabilities, control weaknesses, and policy non-compliance across IT systems, applications, and third-party environments, whilst evaluating risk exposure and partner with stakeholders to develop and implement remediation plans that strengthen the organisation's overall security posture. What you'll do: Reporting into the Security team, you will: Support the VP Digital Risk & Compliance in defining and delivering a risk based audit and assessment programme across IT systems, business units, supply chain partners, and third-party providers. Conduct comprehensive security audits and risk assessments, evaluating control effectiveness, identifying gaps, and assessing risk exposure. Produce clear, timely audit and risk assessment reports, including risk ratings and prioritised recommendations. Develop and agree risk treatment and remediation plans with system and business owners to mitigate identified risks. Analyse audit and assessment outputs to identify systemic risks and trends, driving improvements in policy, processes, controls, and technology. Present findings, risk insights, and recommendations to senior stakeholders in a clear and compelling manner. Support the development and enhancement of Information Security policies, standards, and procedures aligned to recognised frameworks (e.g., ISO 27000) The skills you'll need: Strong understanding of information security principles, risk management, and audit methodologies. Knowledge of enterprise IT systems, applications, security practices, security controls and architectures. Familiarity with recognised cyber security frameworks and standards (e.g., ISO 27000, NIST, NIS2, CIS), including their application in audit and risk assessment contexts. Desirable but not essential, familiarity with EASA Part-IS regulation and associated requirements. Ability to assess and articulate risk clearly, with experience in risk-based decision-making approaches. Excellent communication and stakeholder engagement skills, with the ability to influence outcomes. Broad IT security knowledge supported by relevant certifications or experience. Awareness of cloud technologies and risk considerations in enterprise environments. Proactive mindset with willingness to learn and contribute to wider compliance domains such as Product Safety, Data Privacy, and Export Control. Desirable Qualifications Degree or MSc in Information Security (or equivalent) CISSP, CISM, CRISC, or equivalent. ISO 27001 Lead Implementer / Lead Auditor. Experience with Microsoft Azure or other cloud platforms. Next steps We will only accept workers operating via an Umbrella or PAYE engagement model. If you are interested in applying for this position and meet the criteria outlined above, please click the link to apply and we will contact you with an update in due course. AMS, a Recruitment Process Outsourcing Company, may in the delivery of some of its services be deemed to operate as an Employment Agency or an Employment Business
Job Description Purpose of the role: To provide a primary liaison service between the business, technology, and security functions. In order to ensure the confidentiality, integrity and availability of information, and support the mitigation of security risk. Accountabilities Collaboration with stakeholders to understand their security requirements in business processes and IT projects, to enhance overall risk management. Execution of risk assessments to identify and prioritise potential cybersecurity threats that could impact the banks operations and data and guide the implementation of mitigation strategies and communicate findings to relevant senior stakeholders. Collaboration with business units to develop and implement security policies and procedures for the banks operations aligned to the risk management framework. Management of the implementation, testing and monitoring of security controls across the banks IT systems to ensure the effectiveness of controls and mitigation of risk. Execution of training content and sessions to educate employees, enhance cybersecurity awareness and provide guidance on safe online practices. Management of complex cybersecurity incidents by collaborating with IT teams and response experts to effectively resolve cases through analysis, expertise support and project supervision. Identification of emerging cybersecurity trends, threats, and new technologies to address potential risks by advocating the adoption of new security solutions. Director Expectations To manage a business function, providing significant input to function wide strategic initiatives. Contribute to and influence policy and procedures for the function and plan, manage and consult on multiple complex and critical strategic projects, which may be business wide. They manage the direction of a large team or sub-function, leading other people managers and embedding a performance culture aligned to the values of the business. Or for an individual contributor, they lead organisation wide projects and act as deep technical expert and thought leader, identifying new ways of working and collaborating cross functionally. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions. Provide expert advice to senior functional management and committees to influence decisions made outside of own function, offering significant input to function wide strategic initiatives. Manage, coordinate and enable resourcing, budgeting and policy creation for a significant sub-function. Escalates breaches of policies / procedure appropriately. Foster and guide compliance, ensure regulations are observed that relevant processes in place to facilitate adherence. Focus on the external environment, regulators, or advocacy groups to both monitor and influence on behalf of Barclays, when appropriate. Demonstrate extensive knowledge of how the function integrates with the business division / Group to achieve the overall business objectives. Maintain broad and comprehensive knowledge of industry theories and practices within own discipline alongside up-to-date relevant sector / functional knowledge, and insight into external market developments / initiatives. Use interpretative thinking and advanced analytical skills to solve problems and design solutions in often complex/ sensitive situations. Exercise management authority to make significant decisions and certain strategic decisions or recommendations within own area. Negotiate with and influence stakeholders at a senior level both internally and externally. Act as principal contact point for key clients and counterparts in other functions/ businesses divisions. Mandated as a spokesperson for the function and business division. All Senior Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L - Listen and be authentic, E - Energise and inspire, A - Align across the enterprise, D - Develop others. All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship - our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset - to Empower, Challenge and Drive - the operating manual for how we behave. Head of GRC - Key Responsibilities Own the security policy framework, ensuring policies are current, proportionate, and aligned to PCI DSS, FCA expectations, UK GDPR, and DORA requirements. Maintain and operate the security risk register, ensuring risks are assessed consistently using a defined methodology, owned explicitly, and reported accurately to the CISO and Executive Leadership Team (ETL). Manage the relationship with external auditors, the Qualified Security Assessor (QSA), and 2nd/3rd Line of Defence (LoD) on all security and technology risk matters. Own the third party security assurance process, ensuring all vendors, partners, and card scheme integrations are risk assessed with a tiered approach proportionate to data access and criticality. Chair the monthly Cyber and Tech Risk and Controls Forum, presenting risk posture, compliance status, and material findings to the CISO, CIO and ELT. Design and maintain the control framework, mapping controls to PCI DSS, FCA, UK GDPR, and DORA requirements, and ensuring control effectiveness is tested on a continuous cycle. Produce KRI dashboards and risk reporting for CISO, CIO, and ELT consumption, ensuring risk is communicated in business terms. Lead regulatory and audit engagement on security matters, coordinating regulatory review and audit interactions and proactively managing stakeholder relationships. Own the risk assessment calendar, ensuring both cyclical and event driven assessments are executed on schedule with appropriate rigour. Manage the risk acceptance process, ensuring risk acceptance decisions are documented, time bound, approved at the appropriate authority level, and reviewed before expiry. Manage and develop the GRC team, building capability across risk assessment, compliance, and third party assurance disciplines. Key Deliverables Security risk register, reviewed and updated monthly with full audit trail in the GRC platform. PCI DSS compliance roadmap and continuously maintained evidence repository. Monthly Cyber and Tech risk and compliance report for CISO and ELT. Quarterly KRI dashboard and risk trend analysis for Risk Committee reporting. Annual third party security assurance plan with tiered assessment calendar and completion tracking. Control framework mapping document (controls mapped to PCI DSS4.0 / FCA / UK GDPR / DORA requirements). Risk assessment calendar (cyclical and event driven) with capacity planning. Risk acceptance authority matrix and active acceptance register. Required Skills and Experience CISM, CRISC, or CISSP certification. Experience with DORA (Digital Operational Resilience Act) compliance requirements and implementation. ISO27001 Lead Auditor or Lead Implementer certification. PCI QSA or Internal Security Assessor (ISA) qualification. Previous experience in FinTech, Digital Banking, Payment Acquiring organisation. Experience with Visa GACS and Mastercard SDP acquirer compliance programmes. Significant experience of progressive experience in information security governance, risk, and compliance, with at least 5 years leading a GRC team in a regulated environment. Strong understanding of UK GDPR and the role of security controls in meeting data protection obligations, including breach notification requirements and data protection impact assessments. Experience designing and operating security control frameworks mapped to multiple regulatory requirements simultaneously (e.g., a single framework serving PCI DSS, FCA, and GDPR). Understanding of cloud native architectures and their implications for compliance and risk management. Proven ability to translate technical security risks into business language for executive audiences. Experience managing internal and external audit relationships, regulatory examinations, and QSA assessments. Understanding of risk quantification methodologies and experience producing risk reporting that supports investment decisions. Proven people management experience, developing analysts and building team capability in a growing organisation. Experience with GRC tooling and platforms (e.g., Drata, Vanta, ServiceNow GRC, OneTrust, or equivalent).
06/06/2026
Full time
Job Description Purpose of the role: To provide a primary liaison service between the business, technology, and security functions. In order to ensure the confidentiality, integrity and availability of information, and support the mitigation of security risk. Accountabilities Collaboration with stakeholders to understand their security requirements in business processes and IT projects, to enhance overall risk management. Execution of risk assessments to identify and prioritise potential cybersecurity threats that could impact the banks operations and data and guide the implementation of mitigation strategies and communicate findings to relevant senior stakeholders. Collaboration with business units to develop and implement security policies and procedures for the banks operations aligned to the risk management framework. Management of the implementation, testing and monitoring of security controls across the banks IT systems to ensure the effectiveness of controls and mitigation of risk. Execution of training content and sessions to educate employees, enhance cybersecurity awareness and provide guidance on safe online practices. Management of complex cybersecurity incidents by collaborating with IT teams and response experts to effectively resolve cases through analysis, expertise support and project supervision. Identification of emerging cybersecurity trends, threats, and new technologies to address potential risks by advocating the adoption of new security solutions. Director Expectations To manage a business function, providing significant input to function wide strategic initiatives. Contribute to and influence policy and procedures for the function and plan, manage and consult on multiple complex and critical strategic projects, which may be business wide. They manage the direction of a large team or sub-function, leading other people managers and embedding a performance culture aligned to the values of the business. Or for an individual contributor, they lead organisation wide projects and act as deep technical expert and thought leader, identifying new ways of working and collaborating cross functionally. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions. Provide expert advice to senior functional management and committees to influence decisions made outside of own function, offering significant input to function wide strategic initiatives. Manage, coordinate and enable resourcing, budgeting and policy creation for a significant sub-function. Escalates breaches of policies / procedure appropriately. Foster and guide compliance, ensure regulations are observed that relevant processes in place to facilitate adherence. Focus on the external environment, regulators, or advocacy groups to both monitor and influence on behalf of Barclays, when appropriate. Demonstrate extensive knowledge of how the function integrates with the business division / Group to achieve the overall business objectives. Maintain broad and comprehensive knowledge of industry theories and practices within own discipline alongside up-to-date relevant sector / functional knowledge, and insight into external market developments / initiatives. Use interpretative thinking and advanced analytical skills to solve problems and design solutions in often complex/ sensitive situations. Exercise management authority to make significant decisions and certain strategic decisions or recommendations within own area. Negotiate with and influence stakeholders at a senior level both internally and externally. Act as principal contact point for key clients and counterparts in other functions/ businesses divisions. Mandated as a spokesperson for the function and business division. All Senior Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L - Listen and be authentic, E - Energise and inspire, A - Align across the enterprise, D - Develop others. All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship - our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset - to Empower, Challenge and Drive - the operating manual for how we behave. Head of GRC - Key Responsibilities Own the security policy framework, ensuring policies are current, proportionate, and aligned to PCI DSS, FCA expectations, UK GDPR, and DORA requirements. Maintain and operate the security risk register, ensuring risks are assessed consistently using a defined methodology, owned explicitly, and reported accurately to the CISO and Executive Leadership Team (ETL). Manage the relationship with external auditors, the Qualified Security Assessor (QSA), and 2nd/3rd Line of Defence (LoD) on all security and technology risk matters. Own the third party security assurance process, ensuring all vendors, partners, and card scheme integrations are risk assessed with a tiered approach proportionate to data access and criticality. Chair the monthly Cyber and Tech Risk and Controls Forum, presenting risk posture, compliance status, and material findings to the CISO, CIO and ELT. Design and maintain the control framework, mapping controls to PCI DSS, FCA, UK GDPR, and DORA requirements, and ensuring control effectiveness is tested on a continuous cycle. Produce KRI dashboards and risk reporting for CISO, CIO, and ELT consumption, ensuring risk is communicated in business terms. Lead regulatory and audit engagement on security matters, coordinating regulatory review and audit interactions and proactively managing stakeholder relationships. Own the risk assessment calendar, ensuring both cyclical and event driven assessments are executed on schedule with appropriate rigour. Manage the risk acceptance process, ensuring risk acceptance decisions are documented, time bound, approved at the appropriate authority level, and reviewed before expiry. Manage and develop the GRC team, building capability across risk assessment, compliance, and third party assurance disciplines. Key Deliverables Security risk register, reviewed and updated monthly with full audit trail in the GRC platform. PCI DSS compliance roadmap and continuously maintained evidence repository. Monthly Cyber and Tech risk and compliance report for CISO and ELT. Quarterly KRI dashboard and risk trend analysis for Risk Committee reporting. Annual third party security assurance plan with tiered assessment calendar and completion tracking. Control framework mapping document (controls mapped to PCI DSS4.0 / FCA / UK GDPR / DORA requirements). Risk assessment calendar (cyclical and event driven) with capacity planning. Risk acceptance authority matrix and active acceptance register. Required Skills and Experience CISM, CRISC, or CISSP certification. Experience with DORA (Digital Operational Resilience Act) compliance requirements and implementation. ISO27001 Lead Auditor or Lead Implementer certification. PCI QSA or Internal Security Assessor (ISA) qualification. Previous experience in FinTech, Digital Banking, Payment Acquiring organisation. Experience with Visa GACS and Mastercard SDP acquirer compliance programmes. Significant experience of progressive experience in information security governance, risk, and compliance, with at least 5 years leading a GRC team in a regulated environment. Strong understanding of UK GDPR and the role of security controls in meeting data protection obligations, including breach notification requirements and data protection impact assessments. Experience designing and operating security control frameworks mapped to multiple regulatory requirements simultaneously (e.g., a single framework serving PCI DSS, FCA, and GDPR). Understanding of cloud native architectures and their implications for compliance and risk management. Proven ability to translate technical security risks into business language for executive audiences. Experience managing internal and external audit relationships, regulatory examinations, and QSA assessments. Understanding of risk quantification methodologies and experience producing risk reporting that supports investment decisions. Proven people management experience, developing analysts and building team capability in a growing organisation. Experience with GRC tooling and platforms (e.g., Drata, Vanta, ServiceNow GRC, OneTrust, or equivalent).
