Cyber Security Manager - National Savings and Investments - G7 in Gateshead

The Cyber Security Manager position is a critical role within the NS&I Risk Directorate. The role supports the Senior Cyber Security Manager in providing assurance that our service providers are operating effective cyber security control environments. Cyber security is a scientific field, encompassing scientific principles and methodologies from multiple disciplines, including computer science, mathematics, engineering, and behavioural sciences. The complexity of cyber security arises from the diverse and evolving nature of threats, technologies, regulations, and human factors involved. Addressing these complexities requires a holistic approach that combines technical expertise, strategic planning, organisational commitment, and continuous adaptation to emerging threats.

The Cyber Security Manager is responsible for being the primary contact for NS&I's service providers and providing NS&I with assurance that the service providers are managing the complexities and ensuring cyber security risks are mitigated to acceptable levels.

Responsibilities

• Extensive experience of overseeing the performance of service providers and holding them to account for the delivery of critical cyber security services through governance forums.
• Demonstrable success in delivering written and oral presentations on cyber security and management risk to senior internal and external stakeholders.
• Substantial experience of assuring evidence against the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) and ISO27001.
• Proven experience of conducting cyber security risk assessments, developing cyber security risk mitigation plans linked to business objectives, and presenting to a senior management audience.
• Experience in developing cyber security performance metrics linked to business objectives to inform senior management of the performance of the cyber security control environment.
• Significant experience in responding to or managing security incidents/breaches, overseeing patching/vulnerabilities or hardening systems including detection, response, recovery, and post‑incident analysis.
• Extensive experience of implementing security solutions surrounding cloud transformation, data management, data storage.
• Strong analytical skills, including the ability to review, challenge and utilise complex technical information to provide advice and guidance to senior management.

Essential Technical Skills

• Ability to analyse complex technical information in order to provide advice and guidance to senior management.
• Strong knowledge of IT architectures and methodologies, including cloud environments.
• Significant experience with security technologies, solutions and systems such as:

• Firewalls
• Intruder Detection Systems (IDS) / Intruder Protection Systems (IPS)
• Content Delivery Networks (CDN)
• Advanced Endpoint Protection
• Anti‑Virus/Malware Solutions
• Security Information and Event Management (SIEM)
• Security Orchestration Automation and Response (SOAR)
• Data Loss Prevention (DLP) tooling
• Vulnerability Management Scanners
• Public Key Infrastructure (PKI)
• Symmetric and Asymmetric Cryptography

• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)
• Cloud Access Security Brokers (CASB)
• Zero Trust Architecture Principles
• Micro‑segmentation

• Threat modelling (OWASP Top 10, PASTA, STRIDE, MITRE)

Security clearance: Security Clearance (SC)

NS&I is one of the largest savings organisations in the UK with more than 24 million customers and over £240 billion invested. We are both a government department and an Executive Agency of the Chancellor of the Exchequer. Our origins can be traced back more than 150 years to 1861. A small company with a big reach, we offer a range of benefits including flexible working, a 9‑day fortnight scheme, a performance‑related variable pay bonus, a generous pension scheme and great opportunities for development. We care for colleagues, respect one another, invest in our people and manage talent effectively.