Cyber Security Manager in Halifax

Are you seeking a hands‑on role where you will be responsible for security posture management, security operations and supplier oversight, risk and control governance, and compliance and assurance, while driving continuous improvement in security maturity, data protection capability, and the organisation's overall security strategy. We are seeking an experienced individual with several years' experience, ideally in a similar role, to provide cyber and information security leadership across our established and mature technology estate, spanning a complex cloud environment including, but not limited to, Azure and AWS.

Responsibilities

• Assess the current security posture
• Set priorities based on risk
• Drive change across technical and procedural controls
• Influence internal teams and suppliers
• Provide assurance to leadership
• Act as the primary point of contact for cyber security across the A‑SAFE Group, providing leadership and support to both UK operations and global subsidiaries.
• Collaborate with infrastructure teams to ensure effective backup, recovery and business continuity processes.
• Ensure all core business software and applications are secured through the various mediums such as Single Sign‑On.
• Improve our efficiencies by utilising automation and AI‑led security initiatives.
• Work closely with digital teams to embed security into systems and delivery processes, ensuring a joined‑up approach to security posture across platforms rather than operating in silos.
• Manage the Microsoft security estate, including Conditional Access, Privileged Identity Management, Identity Protection and Defender for Cloud.
• Conduct and manage third‑party and supplier security risk assessments, ensuring risks are identified, mitigated and monitored appropriately.
• Enhance and maintain cloud security capabilities across Azure and AWS, ensuring best‑practice configurations and aligned controls.
• Provide out‑of‑hours support for critical security incidents or escalations, acting as an escalation point when required.
• Regular scanning of all public‑facing assets for exposed credentials and misconfigurations.
• Owning and maintaining a complete inventory of public‑facing assets.
• Responsible for defining, implementing and governing data sensitivity labelling policies across the organisation.
• Extensive knowledge of regulatory compliance frameworks and Microsoft Purview.
• Own and manage a dedicated cyber security budget, ensuring our investment is aligned with risk and compliance.
• Experience with security tooling and SIEM/SOC platforms, vulnerability scanning and monitoring solutions.
• Solid understanding of security frameworks and standards (e.g. Cyber Essentials, ISO 27001) and how to apply them practically within a business.
• Ability to design and implement security controls across complex, multi‑platform environments.
• Excellent stakeholder management and communication skills, with the ability to translate technical risk into business impact.
• Vendor and supplier management capability, including working with managed service providers, SOC teams and external auditors.
• Strong organisational and planning skills, with the ability to manage competing priorities across operational and strategic objectives.
• Hands‑on experience managing security operations, including incident response, threat detection and remediation activities.
• Focused on reducing real business risk, not just theoretical or tool‑driven outcomes.
• Take ownership of security outcomes and drive continuous improvement across the estate.
• Able to influence both technical and non‑technical stakeholders at all levels.
• Able to respond effectively to incidents, escalations and changing priorities.
• Understands the balance between security, cost, operational impact and business objectives.

Qualifications

• Demonstrates strong, hands‑on expertise across a mature Azure and AWS estate, with a deep understanding of cloud architecture, security and operational best practice.
• Strong technical expertise across cyber security domains, including cloud (Azure/AWS), endpoint security, identity and access management and network security.

Benefits

• Subsidised on‑site gym, available for all colleagues.
• Flexible start and finish times to fit around you and your lifestyle.
• Enhanced maternity, paternity and NICU pay.
• 25 days holiday plus bank holidays with the option to buy more.
• Cycle‑to‑work scheme, Specsavers vouchers, long‑service rewards and EAP.