Cyber Security Manager Marketing, Digital & Technology - IT · Flexible UK location

The role involves leading the development, delivery and continuous improvement of our cyber security strategy and operational controls. You will work across the organisation to protect information assets, manage risk, and ensure compliance with relevant regulatory and industry standards. This role combines technical leadership, stakeholder engagement and practical governance to reduce cyber risk while enabling secure, resilient service delivery.

The team is part of the newly formed Marketing, Digital and Technology Centre of Excellence at Energy Saving Trust, which is on an ambitious growth journey to accelerate the use of our services through customer centric digital transformation.

What you will do:

• Lead cyber security strategy and governance: Develop, maintain and drive the delivery of the cyber security strategy, policies and standards. Chair or support security governance forums and provide clear, executive-level reporting on risk and progress.
• Manage risk and compliance: Own the cyber risk register, lead risk assessments, and ensure appropriate mitigations are in place. Oversee compliance with relevant standards and legislation (for example, UK GDPR, NIS, and ISO 27001 or equivalent frameworks).
• Operational security and incident management: Oversee detection, response and recovery arrangements. Lead incident response activities when required, coordinate cross-functional actions, conduct post-incident reviews and ensure lessons learned are embedded.
• Secure architecture and technical controls: Work with architects and engineers to influence secure design, deployment and hardening of systems and cloud services. Promote and oversee implementation of technical controls such as identity and access management, endpoint protection, network security and encryption.
• Build capability and culture: Design and deliver security awareness, training and guidance for staff. Support teams to adopt secure practices and foster a positive, risk-aware culture across the organisation.
• Supplier and third-party security: Assess and manage supplier security risk, define security requirements in contracts and lead assurance activities, including security questionnaires and audits.
• Continuous improvement: Monitor threat intelligence and industry developments, run vulnerability and assurance programmes, and lead projects to improve our security posture and resilience.

What you will bring:

• Proven experience in cyber security leadership or senior technical security roles, with responsibility for strategy, governance and incident response.
• Practical knowledge of security frameworks and regulations (for example ISO 27001, NIST, UK GDPR, NIS) and experience delivering compliance programmes.
• Strong technical understanding of cloud security, network security, identity and access management, endpoint protection and secure application practices.
• Experience managing security incidents and leading cross-functional response and remediation activities.
• Excellent communication skills with the ability to explain technical risk to non-technical stakeholders and influence senior leaders.
• Strong planning and organisational skills, with experience managing multiple priorities and delivering change across an organisation.
• Relevant professional qualifications or certifications (for example CISSP, CISM, CISA) and/or demonstrable equivalent experience.

Benefits:

• Generous holiday (25 days + bank holidays + extra Christmas leave)
• True flexibility in how and where you work
• Strong pension & life assurance
• Enhanced family leave
• Professional development support
• Yearly wellbeing allowance

Reasonable adjustments: We want to ensure that our recruitment process is inclusive and accessible for everyone. If you need additional support or reasonable adjustments, please get in touch with recruitment.

Diversity and inclusion: We are committed to creating a diverse, inclusive and equitable workplace where everyone can be themselves and thrive. We strongly encourage applicants from a wide range of backgrounds to apply.

To avoid disappointment, you are advised to submit your application as soon as possible as we reserve the right to close the vacancy early if a high volume of applications are received. Please note, we are unable to provide visa sponsorship for this post. To apply for this role, you must be able to demonstrate your eligibility to work in the UK.