Find your next tech and IT Job or contract role.

Job Description IT Security Manager Our Client is a large international organisation who are looking to recruit an IT Security Manager with at least 5 to 8 years proven expertise. Provide advice, support and guidance to all Company Corporate functions to assist them to maintain and improve their information security maturity. To work collaboratively with all areas of the Company Corporate and build networks and relationships to promote Information Security. • Act as subject matter expert on for IT Security, including legal and regulatory compliance • Advise Company Corporate functions on how to achieve the required controls and assist with solutions to support them. Eg Support in the development of standards and their application in line with Group security policies. • Participate in Company BUs Projects giving support, guidance, control validation and overall security assurance. This could also involve sitting on major project steering committees. • Support and encourage the ethos and methodology of security by design. • Aid GRC to build, implement and facilitate a mechanism to aid BUs to assess and measure their security compliance to policies. • Drive the development of BU/Divisional security roadmaps. Giving oversight of key non-conformities to feed into the CISO roadmap. • Coach, train and educate the Company IT and Functions to up skill and increase the security maturity in BUs. Be an active member of the Companys IS Security community, contributing to and leveraging the experience and lessons learned from other BUs • Produce, implement and standardise protocol and guidance material to support Business unit activities - examples - Asset register templates, third party due-diligence. • Facilitate and chair the security working group meetings • Engage and manage third party relationships to support the Company and its affiliates • Aid Procurement and the tendering process • Raising the security baseline controls and standardising where it makes sense to do so. • Understanding the different business requirements and aligning to their objectives Support Security operations to continuously improve information security awareness across the group, including phishing campaigns and associated reporting Experience • Experience in an information security risk leadership role within a large organisation. • Confident in presenting, discussing and championing ideas and concepts with senior stakeholders. • Experience of running information security risk governance processes and structures • Familiarity with relevant industry standards for information security (e.g. ISO27001, NIST CSF) • Experience of creating, implementing and assessing against information security policies and standards Creativity • Able to analyse complex, ambiguous problems and summarise clearly with a view to establishing practical solutions • Able to \"bridge the gap\" between technologists and business-people, bringing to life information security risks to the business, while maintaining a pragmatic outlook on likelihood and impact of the risk and cost/complexity of the mitigation. • Ensuring initiatives/programmes are anchored in best practice whilst still being highly practical/pragmatic. • Ability to defuse situations and resolve conflict to a win-win outcome • Influence others understand their views and agree ways of working that are acceptable to all parties. Business acumen to understand business risks and the information security implications • Able to identify when information security risks need to be escalated to achieve the right level of management visibility. • Able to prioritise security risks and controls, differentiating the essential from the \"nice to have\". • Able to judge how to communicate messages to people to maximise buy-in and/or understanding. • Able to analyse data with rigour & reach sound conclusions • Can assess when further data gathering, or analysis will bring diminishing returns. Can place appropriate weight on prevailing (sometimes conflicting) evidence. • Support and manage budget Responsibility • Responsibility of information security incident management • Responsibility for security assessments and assurance activities (e.g. penetration testing) and when to use them. • Oversee and management of security compliance management and reporting in relation to any relevant regulatory or legal requirements Operational responsibility of management of third parties Responsibility for managing change management around project and change leadership. Able to judge the political and other people aspects of a situation, and tailor messages and approach to bring people along. • Able to work with others, setting challenging but realistic targets for team members, and through coaching and appropriate guidance, securing a successful outcome. • A positive collegiate approach to developing relationships and networks at all levels across the Company and the gravitas to work persuasively with senior stakeholders. Is aware of different styles of stakeholders and can adjust own leadership style successfully to bridge any gaps. The Client and the role is based in Central London - and you will be required to be in the office at least 3 days week. The salary for this position will be £75K + £85K plus Benefits. Please do send your CV to us in Word format for this exciting new position along with your salary and availability.

Job Description Cyber Security Manager Our Client to be secured and protected from increased cyber threats and compliant to industry standards. This role covers information protection, including data loss protection and data classification, and threat protection, including security information and event management (SIEM), user and entity behaviour analytics (UEBA), point products like anti-virus (AV) and intrusion detection system/intrusion prevention system (IDS/IPS) and penetration testing. The Service Delivery team consists of approximately 20 staff who support and operate the Company's services and there is an opportunity in that team for a Cyber Security Manager to oversee and govern all security services. Reporting Lines This role reports to Head of Service Delivery Main Accountabilities • Technical leadership for all security solutions, including all the 3rd party managed services • Maintain the overall security of Companys network, systems, and data • Monitor security access and manage IDS/IPS configurations • Establishing and implementing security best-practice standards as well as departmental policies and procedures • Responsible for Security scanning and the efficient remediation of vulnerabilities • Responsible for analysing all security incidents to determine root cause • Determine, recommend, and implement upgrade security measures and controls • Delivery security responses for customer and client compliance requirements • Developing and managing security plans with vendors • Audit activities of administrators and conduct Security awareness training Requirements • Demonstrable skills and capability in Security leadership and 3rd party management experience • CISSP certification preferred. Compliance knowledge required in ISO27001, PCI and GDPR. Possibly a certified ethical hacker • Knowledge of Security technologies is essential, such as network appliances, firewall administration, AD, IAM, PAM, SIEM, UEBA, AV, IDS/IPS and MDM solutions • Understanding of common frameworks, such as ITIL or LEAN is preferred • Good exposure of user environment management, including desktops/laptops, profile management, access control methodologies • Must be very proactive in understanding and staying up to date with current security technologies and industry technology trends The job/Client is located at our head office in Paddington, London with hybrid working The Client holds a Licence to Sponsor (grade A) and will always consider sponsoring employees if needed We welcome applications from Ukrainian Refugees The salary for this position is circa £70K - £80K plus Benefits. Please do send your CV to us in Word format along with your salary.

Job Description Information Security Manager Role Description This is a full-time role as an Information Security Manager for Bank in Central London. The Information Security Manager will be responsible for day-to-day tasks related to information security management, including implementing and maintaining Information Security Management Systems (ISMS), ensuring cybersecurity and network security, and protecting sensitive information. This is a hybrid role, based in London with the flexibility for some remote work. Qualifications • Information Security Management, ISMS, and Cybersecurity skills • Network Security and Information Security knowledge • Experience in implementing and maintaining ISMS • Proficient in identifying and addressing information security vulnerabilities • Strong analytical and problem-solving skills • Excellent communication and interpersonal skills • Certifications such as CISSP, CISM, or equivalent are preferred • Bachelors degree in Information Security, Computer Science, or related field Information Security Manager role (permanent) reporting into Head of IT (CIO | CISO) Need an individual with a strong hands on network and security background Cisco networking Cisco firewalls (Firepower / Threat Detection) Palo Alto firewalls SIEM experience (Logarithm desirable) Web proxy (Forcepoint desirable) Governance skills Policy writing / reviewing Reporting KPI monitoring Certifications like CCNP / CISM would be desirable but strong experience is preferable. The Client is based in Central London and the position is hybrid - 3 days in the office every week. Salary circa £60K - £75K + Benefits. Please do send your CV to us in Word format along with your salary and notice period.

Job Description Cyber Security Manager Our Client to be secured and protected from increased cyber threats and compliant to industry standards. This role covers information protection, including data loss protection and data classification, and threat protection, including security information and event management (SIEM), user and entity behaviour analytics (UEBA), point products like anti-virus (AV) and intrusion detection system/intrusion prevention system (IDS/IPS) and penetration testing. The Service Delivery team consists of approximately 20 staff who support and operate the Company's services and there is an opportunity in that team for a Cyber Security Manager to oversee and govern all security services. Reporting Lines This role reports to Head of Service Delivery Main Accountabilities • Technical leadership for all security solutions, including all the 3rd party managed services • Maintain the overall security of Companys network, systems, and data • Monitor security access and manage IDS/IPS configurations • Establishing and implementing security best-practice standards as well as departmental policies and procedures • Responsible for Security scanning and the efficient remediation of vulnerabilities • Responsible for analysing all security incidents to determine root cause • Determine, recommend, and implement upgrade security measures and controls • Delivery security responses for customer and client compliance requirements • Developing and managing security plans with vendors • Audit activities of administrators and conduct Security awareness training Requirements • Demonstrable skills and capability in Security leadership and 3rd party management experience • CISSP certification preferred. Compliance knowledge required in ISO27001, PCI and GDPR. Possibly a certified ethical hacker • Knowledge of Security technologies is essential, such as network appliances, firewall administration, AD, IAM, PAM, SIEM, UEBA, AV, IDS/IPS and MDM solutions • Understanding of common frameworks, such as ITIL or LEAN is preferred • Good exposure of user environment management, including desktops/laptops, profile management, access control methodologies • Must be very proactive in understanding and staying up to date with current security technologies and industry technology trends The job/Client is located at our head office in Paddington, London with hybrid working The Client holds a Licence to Sponsor (grade A) and will always consider sponsoring employees if needed We welcome applications from Ukrainian Refugees The salary for this position is circa £70K - £80K plus Benefits. Please do send your CV to us in Word format along with your salary.

Job Description Cyber Security Manager Our Client to be secured and protected from increased cyber threats and compliant to industry standards. This role covers information protection, including data loss protection and data classification, and threat protection, including security information and event management (SIEM), user and entity behaviour analytics (UEBA), point products like anti-virus (AV) and intrusion detection system/intrusion prevention system (IDS/IPS) and penetration testing. The Service Delivery team consists of approximately 20 staff who support and operate the Company's services and there is an opportunity in that team for a Cyber Security Manager to oversee and govern all security services. Reporting Lines This role reports to Head of Service Delivery Main Accountabilities • Technical leadership for all security solutions, including all the 3rd party managed services • Maintain the overall security of Companys network, systems, and data • Monitor security access and manage IDS/IPS configurations • Establishing and implementing security best-practice standards as well as departmental policies and procedures • Responsible for Security scanning and the efficient remediation of vulnerabilities • Responsible for analysing all security incidents to determine root cause • Determine, recommend, and implement upgrade security measures and controls • Delivery security responses for customer and client compliance requirements • Developing and managing security plans with vendors • Audit activities of administrators and conduct Security awareness training Requirements • Demonstrable skills and capability in Security leadership and 3rd party management experience • CISSP certification preferred. Compliance knowledge required in ISO27001, PCI and GDPR. Possibly a certified ethical hacker • Knowledge of Security technologies is essential, such as network appliances, firewall administration, AD, IAM, PAM, SIEM, UEBA, AV, IDS/IPS and MDM solutions • Understanding of common frameworks, such as ITIL or LEAN is preferred • Good exposure of user environment management, including desktops/laptops, profile management, access control methodologies • Must be very proactive in understanding and staying up to date with current security technologies and industry technology trends The job/Client is located at our head office in Paddington, London with hybrid working The Client holds a Licence to Sponsor (grade A) and will always consider sponsoring employees if needed We welcome applications from Ukrainian Refugees The salary for this position is circa £70K - £80K plus Benefits. Please do send your CV to us in Word format along with your salary.

Job Description Information Security Manager Role Description This is a full-time role as an Information Security Manager for Bank in Central London. The Information Security Manager will be responsible for day-to-day tasks related to information security management, including implementing and maintaining Information Security Management Systems (ISMS), ensuring cybersecurity and network security, and protecting sensitive information. This is a hybrid role, based in London with the flexibility for some remote work. Qualifications • Information Security Management, ISMS, and Cybersecurity skills • Network Security and Information Security knowledge • Experience in implementing and maintaining ISMS • Proficient in identifying and addressing information security vulnerabilities • Strong analytical and problem-solving skills • Excellent communication and interpersonal skills • Certifications such as CISSP, CISM, or equivalent are preferred • Bachelors degree in Information Security, Computer Science, or related field Information Security Manager role (permanent) reporting into Head of IT (CIO | CISO) Need an individual with a strong hands on network and security background Cisco networking Cisco firewalls (Firepower / Threat Detection) Palo Alto firewalls SIEM experience (Logarithm desirable) Web proxy (Forcepoint desirable) Governance skills Policy writing / reviewing Reporting KPI monitoring Certifications like CCNP / CISM would be desirable but strong experience is preferable. The Client is based in Central London and the position is hybrid - 3 days in the office every week. Salary circa £60K - £75K + Benefits. Please do send your CV to us in Word format along with your salary and notice period.

Job Description IT Security Manager Our Client is a large international organisation who are looking to recruit an IT Security Manager with at least 5 to 8 years proven expertise. Provide advice, support and guidance to all Company Corporate functions to assist them to maintain and improve their information security maturity. To work collaboratively with all areas of the Company Corporate and build networks and relationships to promote Information Security. • Act as subject matter expert on for IT Security, including legal and regulatory compliance • Advise Company Corporate functions on how to achieve the required controls and assist with solutions to support them. Eg Support in the development of standards and their application in line with Group security policies. • Participate in Company BUs Projects giving support, guidance, control validation and overall security assurance. This could also involve sitting on major project steering committees. • Support and encourage the ethos and methodology of security by design. • Aid GRC to build, implement and facilitate a mechanism to aid BUs to assess and measure their security compliance to policies. • Drive the development of BU/Divisional security roadmaps. Giving oversight of key non-conformities to feed into the CISO roadmap. • Coach, train and educate the Company IT and Functions to up skill and increase the security maturity in BUs. Be an active member of the Companys IS Security community, contributing to and leveraging the experience and lessons learned from other BUs • Produce, implement and standardise protocol and guidance material to support Business unit activities - examples - Asset register templates, third party due-diligence. • Facilitate and chair the security working group meetings • Engage and manage third party relationships to support the Company and its affiliates • Aid Procurement and the tendering process • Raising the security baseline controls and standardising where it makes sense to do so. • Understanding the different business requirements and aligning to their objectives Support Security operations to continuously improve information security awareness across the group, including phishing campaigns and associated reporting Experience • Experience in an information security risk leadership role within a large organisation. • Confident in presenting, discussing and championing ideas and concepts with senior stakeholders. • Experience of running information security risk governance processes and structures • Familiarity with relevant industry standards for information security (e.g. ISO27001, NIST CSF) • Experience of creating, implementing and assessing against information security policies and standards Creativity • Able to analyse complex, ambiguous problems and summarise clearly with a view to establishing practical solutions • Able to \"bridge the gap\" between technologists and business-people, bringing to life information security risks to the business, while maintaining a pragmatic outlook on likelihood and impact of the risk and cost/complexity of the mitigation. • Ensuring initiatives/programmes are anchored in best practice whilst still being highly practical/pragmatic. • Ability to defuse situations and resolve conflict to a win-win outcome • Influence others understand their views and agree ways of working that are acceptable to all parties. Business acumen to understand business risks and the information security implications • Able to identify when information security risks need to be escalated to achieve the right level of management visibility. • Able to prioritise security risks and controls, differentiating the essential from the \"nice to have\". • Able to judge how to communicate messages to people to maximise buy-in and/or understanding. • Able to analyse data with rigour & reach sound conclusions • Can assess when further data gathering, or analysis will bring diminishing returns. Can place appropriate weight on prevailing (sometimes conflicting) evidence. • Support and manage budget Responsibility • Responsibility of information security incident management • Responsibility for security assessments and assurance activities (e.g. penetration testing) and when to use them. • Oversee and management of security compliance management and reporting in relation to any relevant regulatory or legal requirements Operational responsibility of management of third parties Responsibility for managing change management around project and change leadership. Able to judge the political and other people aspects of a situation, and tailor messages and approach to bring people along. • Able to work with others, setting challenging but realistic targets for team members, and through coaching and appropriate guidance, securing a successful outcome. • A positive collegiate approach to developing relationships and networks at all levels across the Company and the gravitas to work persuasively with senior stakeholders. Is aware of different styles of stakeholders and can adjust own leadership style successfully to bridge any gaps. The Client and the role is based in Central London - and you will be required to be in the office at least 3 days week. The salary for this position will be £75K + £85K plus Benefits. Please do send your CV to us in Word format for this exciting new position along with your salary and availability.

Job Description Role Description This is a full-time hybrid role for an Information Security Manager with 2nd and 3rd Line IT support experience. The role involves day-to-day tasks associated with planning, implementing, and maintaining an Information Security Management System (ISMS), including managing cybersecurity risks, implementing network security measures, and ensuring compliance with industry standards. The Information Security Manager will also provide IT support to the company and will be based in the London office, with flexibility for some remote work. Your past experience must include 2nd and 3rd line infrastructure support where you are able to advise and direct the technical team. Qualifications • Experience in Information Security Management and creating and implementing an ISMS • Experience in Cybersecurity and Network Security • Expertise in Information security best practices and standards • Excellent problem-solving skills and attention to detail • Strong communication and collaboration skills • Bachelors or Masters degree in Computer Science, Information Technology, or related field • Certifications such as CISSP, CISM, CCNA, or equivalent are a plus • Experience in IT support or Systems Administration is desirable The position is 3 days in the office per week in Central London. Salary will be negotiable - but like to be in the range £65K - £80K. Do send your CV to us in Word format along with your salary and notice period.

Job Description Role Description This is a full-time hybrid role for an Information Security Manager with 2nd and 3rd Line IT support experience. The role involves day-to-day tasks associated with planning, implementing, and maintaining an Information Security Management System (ISMS), including managing cybersecurity risks, implementing network security measures, and ensuring compliance with industry standards. The Information Security Manager will also provide IT support to the company and will be based in the London office, with flexibility for some remote work. Your past experience must include 2nd and 3rd line infrastructure support where you are able to advise and direct the technical team. Qualifications • Experience in Information Security Management and creating and implementing an ISMS • Experience in Cybersecurity and Network Security • Expertise in Information security best practices and standards • Excellent problem-solving skills and attention to detail • Strong communication and collaboration skills • Bachelors or Masters degree in Computer Science, Information Technology, or related field • Certifications such as CISSP, CISM, CCNA, or equivalent are a plus • Experience in IT support or Systems Administration is desirable The position is 3 days in the office per week in Central London. Salary will be negotiable - but like to be in the range £65K - £80K. Do send your CV to us in Word format along with your salary and notice period.

Location Bristol, Newcastle-upon-Tyne, Telford About the job Job summary Discover a career in your hands at HMRC. Whether you're seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it's really like to work at HMRC. Visit our to watch the full series and come and discover your potential. Within HMRC's Chief Digital & Information Group (CDIO), specifically in the Enterprise Cloud Services (ECS) team we are redefining and growing a team of outstanding people to improve its HMRC Cloud Centre of Excellence offering. We are already a diverse team of 80+ individuals, creating a dynamic and inclusive working environment whose skills cover Architecture, Development, Service Design, Operation and Governance. We are looking for someone who will be responsible for the security aspects for supporting the development and operations of HMRC's Cloud Environment. This is a key role that will undertake and feed into governance and compliance activities of HMRC Cloud Services and delivery activities within the ECS Security and other processes. You will work directly with the Security Lead and the Security Architect, Cyber Security Technical Services (CSTS) team, and across the ECS capability functions to ensure that security is built into and maintained within HMRC cloud services, including the identification, and management of our risks. Travel to Telford is expected as part of this role, and 60% of your working time will need to be office based. Job description As the Cyber Security Risk Manager within HMRC's Enterprise Cloud Services (ECS), you'll be a central figure in driving security excellence. Acting as the first point of contact for all internal ECS security queries, advice, and guidance, you'll also lead vulnerability assessments across ECS products, ensuring risks are identified, communicated, and addressed effectively. You'll play a hands-on role in shaping ECS security policies, supporting penetration testing, and guiding teams on secure service delivery. With a deep understanding of security and risk management, you'll use evidence, data, and experience to make well-informed decisions that protect HMRC's cloud infrastructure. Key Responsibilities: • Serve as the primary contact for ECS security advice, guidance, and support. • Lead the review, assessment, and reporting of vulnerabilities in ECS products. • Support penetration testing activities and advise on ECS service request risks. • Develop and maintain ECS-specific security policies and procedures. • Monitor compliance with governance controls and produce Risk Treatment Plans. • Report and manage security incidents in line with HMRC and ECS procedures. • Support internal and external audits Person specification We're looking for a motivated self-starter who thrives both independently and as part of a small team. You'll have a strong technical background in security and be able to mentor others, translating complex security concepts into clear guidance for a range of stakeholders. Essential Criteria: You must meet the following requirements to be considered: • Experience working with cloud technologies, particularly AWS and Azure. • Proven background in security governance, compliance, and audit practices. • Familiarity with ISO 27001, Risk Management, and GDPR frameworks. • Proficient in vulnerability scanning tools such as, but not limited to: Microsoft Defender for Cloud. Tenable.sc. AWS Security Hub. • Strong stakeholder management skills, with experience working across diverse teams. Desirable Criteria: • Knowledge of technical, procedural, physical, and personnel-based security controls. • Experience in security monitoring, testing, and incident response. • Familiarity with risk assessment methodologies and security management systems. Desirable Qualifications (or willingness to work towards): • AWS: Cloud Practitioner, Security Specialty. • Azure: Fundamentals, Security Engineer. • Security Frameworks: EU/UK GDPR, ISO 27001, ISO 27005 Risk Manager. • Certifications: CISMP (Certificate in Information Security Management Principles). Desirable criteria will only be assessed in the event of a tied score. Additional Security Information Must already hold or be eligible to obtain Security Check (SC) clearance. Behaviours We'll assess you against these behaviours during the selection process: Changing and Improving Communicating and Influencing Making Effective Decisions

Job Description Information Security Architect / Manager Our Client is an International company with offices in Central London. They are looking to bring on-board an Information Security Architect / Manager with at least 5 to 8 years proven expertise within Information Security. The function of the position will be as follows: • Assess the current environment against industry standards and trends. • Implement robust security and control measures, in line with the global IT team • Streamline current processes and execute changes for a secured and optimised technology and data landscape. • Subject matter expert in application and network security, with operational experience of managing security operations, SIEM solutions, incident, and response management. • Collaborate to develop the Infosec strategy and associated operating model. • Conduct an in-depth security risk assessment across the technology stack and provide end-to-end mitigation steps for resilience. • Working closely with key stakeholders to ensure compliance with security policies, and promotion of strong information security culture. • Provide weekly governance, risk and compliance reports utilising key risk and key performance indicators and metrics. Skills/Competencies Required: • Experience developing information security policy, process and procedure design and implementation. • Excellent troubleshooting, problem solving, and root-cause analytical (RCA) skills. • Good working knowledge of Cisco Meraki and associated technologies. • Practical knowledge of Continual Service Improvement (CSI) methodologies. • Vulnerability management and assessment. • Intrusion detection and prevention analysis / frameworks. • Solid exposure to cloud based applications security and provisioning. • Experience in writing policy, process, and standard playbooks. • Experience in SOC and SIEM platforms • Excellent communications skills in framing and messaging issues of highly technical nature, into meaningful and relevant information for a varied audience. • Excellent analytical skills, with an ability to manage multiple projects under tight guidelines. • Experience with common Information security frameworks such as ISO, ITIL, and COBIT. • Information security professional qualifications (CISMP, CISSM, SSCP, CAP..etc) ** Occasional travel to other sites may be required. This is 6 month contract assignment based in Central London. Rate will be circa £500 per day. Please do send your CV to us in Word format along with your daily rate and availability.

I have a requirement to support a university in their search for a Security Operations Manager. You will need to have experience managing and working with Managed Service Security Providers. Higher Education experience is deseribale but not essential. You will need to demonstrate Security Operations experience, working with SOC, SIEM, Sentinel, DFE etc. Ideally having security credentials that are backed up with certifications. Role: Security Operations Manager Rate: £5-600 per day Length: Initial 3 months IR35: Outside Location: Hybrid (South of England) Start date: 16.06.2025 Please contact for further information. Please click here to find out more about our Key Information Documents. Please note that the documents provided contain generic information. If we are successful in finding you an assignment, you will receive a Key Information Document which will be specific to the vendor set-up you have chosen and your placement. To find out more about Real, please visit XX XX XX XX XX Real Staffing, a trading division of SThree Partnership LLP is acting as an Employment Business in relation to this vacancy | Registered office | 8 Bishopsgate, London, EC2N 4BQ, United Kingdom | Partnership Number | OC387148 England and Wales

The ONS operates a flexible hybrid working model across the UK, with colleagues linked to one of our contractual locations working between office and remote throughout the week. The locations for this role are Newport, Titchfield (Fareham), London and Manchester. All colleagues are required to work from their contractually allocated site for at least 40% of their working time. Due to current capacity constraints there is currently an exception for colleagues based at the Manchester office with office attendance being 20% this is expected to move to 40% attendance in 2025-2026. The induction process for the role will be conducted in person. About the job Job summary The Office for National Statistics (ONS) has a long history of working with personal, economic and commercial information. Security and the management of information used for corporate and statistical activities is critical to business operations and the trust that citizens place in us. ONS has a strong commitment to protecting this information. The last few years has seen an extensive overhaul of security and information management to meet the challenges of corporate and statistics transformation in technology, methods and practice, the Digital Economy Act and organisational risk appetite. The capability is evolving and expanding to address changes in threat and business direction. Security and Information Management Directorate (SaIM) operates five key services across ONS: security risk advice and management; knowledge and information management (KIM); physical security and business continuity; security compliance and audit; security operations including our Security Operations Centre. Job description The Cyber Security Risk Manager - Lead role forms part of the Advisory Security team within the Security and Information Management Division at the Office for National Statistics (ONS). The role reports to the Cyber Security Risk Manager - Principal. The primary focus of the role is to provide the Organisation with security advice and best practice to develop ‘Secure by Design' protections for organisational assets and embed the ONS Security Framework - principles; policies; processes; threat model; security risk management into the ONS. This includes security advice, guidance and risk management activities to support large cross-disciplinary programmes of work, such as the Integrated Data Service (IDS), as well as engagement with specialised business units in their delivery objectives. Key outcomes from the role are the identification of security risk within the business context, the identification of appropriate mitigation approaches for business selection and the management of these options through to implementation within the live service. The security advice provided will be informed by threat, vulnerability and risk analysis for business and third parties. Effective communication of security concepts and providing appropriate guidance to stakeholders at different levels is key for the role. The focus, outcomes and responsibilities are aligned to the Government Security Profession framework of the Cyber Security Risk Manager - lead. Key Responsibilities Support and influence the development of business-focused security solutions for large programmes of work, digital products and business operations that cover data collection, storage and processing, deployed both internally and externally; Identify security threat and risk to the Organisations digital products and business operations being developed through Agile methodologies and Supplier processes; Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation; Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures; Lead the analysis and derivation of business-supporting security needs for large programmes of work, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation; Consult with and influence the Organisations security stakeholders to ensure that the solutions deployed are secure and fit for purpose; Liaise effectively with the Organisations business, technology and security colleagues to build their security capability and ensure various business needs are supported by appropriate, proportional security solutions. Provide general security architecture, guidance and advice to the stakeholders, ensuring that security policies and security controls remain appropriate and adaptable to the changing threat environment, business requirements and ONS policies; Provide tailored advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise; Provide expert security advice that highlights Cyber Security related risks, so risk or service owners can make well-informed and audit-able decisions. HMG Vetting at Security Clearance (SC) and if appropriate Developed Vetting (DV) level will be required once in role. Person specification Essential Criteria: Expert knowledge of application, infrastructure and networking security controls and systems covering physical, procedural and technical (ICT) areas, particularly in relation to data management. Experienced in providing detailed security advice and technical security solutions in a UK Government Department, with an ability to effectively communicate complex security requirements and solutions to a wide range of stakeholders. Good knowledge of UK Government Security Policy Framework, Information Assurance Standards, e.g. ISO 27001, DPA and ability to communicate security requirements and outcomes at all levels. Holding or working towards relevant professional qualifications and memberships e.g. Senior Practitioner level within the CESG Certified Professional scheme (CCP), British Computer Society (BCS). Track record in working as part of a multi-divisional team covering a multi-discipline environment, ideally in supporting large programmes of work. Behaviours We'll assess you against these behaviours during the selection process: Seeing the Big Picture Communicating and Influencing Leadership Technical skills We'll assess you against these technical skills during the selection process: Applied Security Capability - Practitioner Information Risk Assessment and Risk Management - Practitioner Protective Security - Practitioner Threat Understanding - Practitioner