Cyber Security Manager Marketing, Digital & Technology - IT · Flexible UK location in London

The role involves leading the development, delivery and continuous improvement of our cyber security strategy and operational controls. You will work across the organisation to protect information assets, manage risk, and ensure compliance with relevant regulatory and industry standards. This role combines technical leadership, stakeholder engagement and practical governance to reduce cyber risk while enabling secure, resilient service delivery.

It’s an exciting time to join the newly formed Marketing, Digital and Technology Centre of Excellence at Energy Saving Trust. We are on an ambitious growth journey to accelerate the use of our services through customer centric digital transformation. This includes a move to a product orientated approach, an increasingly Agile delivery model and harnessing data to enhance our digital products and services. Our approach is open and collaborative, where we want everyone to be able to bring their unique perspectives to help tackle the climate emergency.

What you will do:

• Lead cyber security strategy and governance: Develop, maintain and drive the delivery of the cyber security strategy, policies and standards. Chair or support security governance forums and provide clear, executive‑level reporting on risk and progress.
• Manage risk and compliance: Own the cyber risk register, lead risk assessments, and ensure appropriate mitigations are in place. Oversee compliance with relevant standards and legislation (for example, UK GDPR, NIS, and ISO 27001 or equivalent frameworks).
• Operational security and incident management: Oversee detection, response and recovery arrangements. Lead incident response activities when required, coordinate cross‑functional actions, conduct post‑incident reviews and ensure lessons learned are embedded.
• Secure architecture and technical controls: Work with architects and engineers to influence secure design, deployment and hardening of systems and cloud services. Promote and oversee implementation of technical controls such as identity and access management, endpoint protection, network security and encryption.
• Build capability and culture: Design and deliver security awareness, training and guidance for staff. Support teams to adopt secure practices and foster a positive, risk‑aware culture across the organisation.
• Supplier and third‑party security: Assess and manage supplier security risk, define security requirements in contracts and lead assurance activities, including security questionnaires and audits.
• Continuous improvement: Monitor threat intelligence and industry developments, run vulnerability and assurance programmes, and lead projects to improve our security posture and resilience.

What you will bring:

• Proven experience in cyber security leadership or senior technical security roles, with responsibility for strategy, governance and incident response.
• Practical knowledge of security frameworks and regulations (for example ISO 27001, NIST, UK GDPR, NIS) and experience delivering compliance programmes.
• Strong technical understanding of cloud security, network security, identity and access management, endpoint protection and secure application practices.
• Experience managing security incidents and leading cross‑functional response and remediation activities.
• Excellent communication skills with the ability to explain technical risk to non‑technical stakeholders and influence senior leaders.
• Strong planning and organisational skills, with experience managing multiple priorities and delivering change across an organisation.
• Relevant professional qualifications or certifications (for example CISSP, CISM, CISA) and/or demonstrable equivalent experience.

Benefits: Generous holiday (25 days +