At a Glance
- Tasks: Lead the development of Cyber Exposure Management to reduce cyber risks across the organisation.
- Company: Join a highly regulated organisation working directly with the CISO.
- Benefits: Competitive salary, professional growth, and the chance to shape security strategies.
- Other info: Collaborative role in a dynamic environment with opportunities for significant influence.
- Why this job: Make a real impact by transforming how we manage cyber exposure in a fast-paced environment.
- Qualifications: Strong experience in exposure management and security engineering with a technical mindset.
The predicted salary is between 100000 - 150000 Β£ per year.
I am working directly with the CISO of a highly regulated organisation and am kicking off a search to hire a Director-level leader to build and run a new Cyber Exposure Management capability/function. This individual will report directly to the CISO.
This person will be responsible for reshaping how the organisation understands and reduces cyber exposure across cloud, infrastructure, applications, identity and external attack surface, moving from fragmented vulnerability activity to a single, engineering-led exposure reduction model.
As the attack landscape evolves at pace, driven by automation, AI-enabled adversaries and increasingly industrialised exploitation, this role is about ensuring the organisation can see, understand and reduce real-world exposure quicker than attackers are finding it. It is about shifting from reactive vulnerability management to continuous, intelligent, engineering-driven risk reduction.
You will define and lead how exposure is measured, prioritised and tracked across the enterprise, bringing together vulnerability, cloud, identity and attack surface data into a single, living view of risk. You also will drive remediation at scale with engineering and platform teams, ensuring exposure is actively reduced rather than simply recorded.
You will also translate complex technical exposure into clear, actionable risk for senior stakeholders, shaping prioritisation and investment decisions across the organisation and working closely with engineering, architecture, cloud, identity and security teams in a highly cross-functional environment.
To be considered for this position, you must have strong experience in exposure management, vulnerability management or security engineering, with deep technical understanding of cloud, infrastructure, identity and application security. You should have a proven track record of driving remediation and measurable risk reduction, experience building or transforming security capabilities in complex environments and the ability to influence across a large organisation with a strong engineering mindset/knowledge.
Director of Attack Surface Engineering in London employer: Iceberg
Join a forward-thinking organisation that prioritises innovation and security in a highly regulated environment. As a Director of Attack Surface Engineering, you will be part of a collaborative culture that values continuous learning and professional growth, with opportunities to shape the future of cyber exposure management. Enjoy competitive benefits and the chance to work alongside industry leaders, all while making a meaningful impact on the organisation's security posture.
