Cyber Security Manager

The role involves leading the development, delivery and continuous improvement of our cyber security strategy and operational controls. You will work across the organisation to protect information assets, manage risk, and ensure compliance with relevant regulatory and industry standards. This role combines technical leadership, stakeholder engagement and practical governance to reduce cyber risk while enabling secure, resilient service delivery.

It is an exciting time to join the newly formed Marketing, Digital and Technology Centre of Excellence at Energy Saving Trust. We are on an ambitious growth journey to accelerate the use of our services through customer‑centric digital transformation, adopting a product‑oriented approach, an increasingly Agile delivery model and leveraging data to enhance our digital products and services. Our approach is open and collaborative, inviting everyone to bring their unique perspectives to help tackle the climate emergency.

What you will do:

• Lead cyber security strategy and governance – Develop, maintain and drive the delivery of the cyber security strategy, policies and standards; chair or support security governance forums and provide clear, executive‑level reporting on risk and progress.
• Manage risk and compliance – Own the cyber risk register, lead risk assessments, and ensure appropriate mitigations are in place; oversee compliance with relevant standards and legislation (e.g., UK GDPR, NIS, ISO 27001 or equivalent frameworks).
• Operational security and incident management – Oversee detection, response and recovery arrangements; lead incident response activities when required, coordinate cross‑functional actions, conduct post‑incident reviews and embed lessons learned.
• Secure architecture and technical controls – Work with architects and engineers to influence secure design, deployment and hardening of systems and cloud services; promote and oversee implementation of technical controls such as identity and access management, endpoint protection, network security and encryption.
• Build capability and culture – Design and deliver security awareness, training and guidance for staff; support teams to adopt secure practices and foster a positive, risk‑aware culture across the organisation.
• Supplier and third‑party security – Assess and manage supplier security risk, define security requirements in contracts and lead assurance activities, including security questionnaires and audits.
• Continuous improvement – Monitor threat intelligence and industry developments; run vulnerability and assurance programmes, and lead projects to improve our security posture and resilience.

What you will bring:

• Proven experience in cyber security leadership or senior technical security roles with responsibility for strategy, governance and incident response.
• Practical knowledge of security frameworks and regulations (e.g., ISO 27001, NIST, UK GDPR, NIS) and experience delivering compliance programmes.
• Strong technical understanding of cloud security, network security, identity and access management, endpoint protection and secure application practices.
• Experience managing security incidents and leading cross‑functional response and remediation activities.
• Excellent communication skills with the ability to explain technical risk to non‑technical stakeholders and influence senior leaders.
• Strong planning and organisational skills, with experience managing multiple priorities and delivering change across an organisation.
• Relevant professional qualifications or certifications (e.g., CISSP, CISM, CISA) and/or demonstrable equivalent experience.

Benefits:

• Generous holiday – 25 days plus bank holidays and extra Christmas leave.
• True flexibility in how and where you work – Home‑based, regional office or field as required.
• Strong pension & life assurance.
• Enhanced family leave.
• Professional development support.
• Yearly wellbeing allowance.

Diversity and inclusion: We are committed to creating a diverse, inclusive and equitable workplace where everyone can be themselves and thrive. We strongly encourage applicants from a wide range of backgrounds to apply.

Reasonable adjustments: We want to ensure that our recruitment process is inclusive and accessible for everyone. If you need additional support or reasonable adjustments, please get in touch with recruitment.