Physical and Digital Security Lead in Portsmouth

Salary: £80,000 DOE

Full Time Permanent

Who we are

SubSea Craft is a fast growing, privately-funded, UK-based innovative maritime technology company specialising in next-generation, high-performance watercraft and systems. We operate at the intersection of advanced engineering, cutting-edge design, and user-centric innovation, delivering safe, effective, and enabling solutions for both commercial and defence applications.

What we offer

• Pension Contribution – Pension scheme with the option to contribute via salary sacrifice.
• Annual Bonus Scheme – Eligibility to participate in the company’s annual discretionary bonus scheme, linked to individual and company performance.
• Life Assurance and Critical Illness Cover – Comprehensive protection including Life Assurance (4x salary) and Critical Illness Coverage.
• Annual Leave – 25 days of annual leave plus bank holidays.
• Christmas Leave – A Christmas shutdown is typically observed.
• Wellbeing Day – An additional Wellbeing Day each year to focus on personal health and wellbeing.
• Family Leave – Enhanced maternity and paternity pay.
• Private Healthcare – Access to comprehensive private healthcare coverage to support physical and mental wellbeing.
• Professional Development – Commitment to ongoing learning and career growth, supported by training programmes and access to LinkedIn Learning.
• Flexible Working – Opportunities for flexible working arrangements to promote work–life balance.
• Inclusive Culture – A professional environment that values diversity, innovation, and collaboration.

Role Summary

The Physical and Digital Security Manager is responsible for developing, implementing and continuously improving the organisation’s protective, physical, information and cyber security arrangements, ensuring security risks are effectively managed in support of business objectives, contractual obligations and regulatory requirements. The role provides leadership across physical security, information security governance, cyber resilience and personnel security, including oversight of the Information Security Management System (ISMS), management of security risks and incidents, and assurance that appropriate controls are in place to protect people, assets, information and operations. The role acts as the company’s subject matter lead for security matters, working cross-functionally with internal stakeholders, external partners and relevant authorities to support a robust and proportionate security posture across the organisation.

Responsibilities

• Security Strategy and Governance – develop and implement the organisation’s security strategy, policies and procedures aligned to business objectives, risk appetite and legal, regulatory and contractual obligations.
• Risk Management – lead identification, assessment and treatment of risks across physical, personnel, information and cyber security domains.
• Physical and Protective Security – maintain and continuously improve the integrity of physical security arrangements across company facilities, assets and operations.
• Information Security Management – implement, manage and continuously improve the organisation’s Information Security Management System (ISMS), ensuring security policies and procedures are maintained, communicated and embedded.
• Cyber Security – conduct vulnerability, threat and risk assessments, ensuring appropriate mitigation measures are implemented to address identified cyber threats and weaknesses.
• Technology Security Oversight – oversee the security of the technological estate, including security assurance and oversight of internal IT team, outsourced IT and managed service providers.
• Personnel Security and Vetting – manage personnel security vetting activities, including sponsorship, submissions, renewals and liaison with United Kingdom Security Vetting where required.
• Third-Party and Supply Chain Security – evaluate and assure suppliers and third parties against security requirements and contractual obligations.
• Incident Response and Resilience – lead and coordinate response to security incidents, including containment, investigation, recovery and lessons learned.
• Project and Change Support – provide security subject matter expertise into company projects and change initiatives, ensuring security risks are considered throughout the project lifecycle.
• Training and Security Culture – promote and support security awareness and training across the organisation to strengthen security culture and compliance.
• Compliance and Assurance – ensure appropriate policies, controls and processes support compliance with applicable legal, regulatory and contractual security requirements.
• Performance Reporting – develop and monitor security performance metrics and KPIs, providing assurance and reporting to senior leadership and the board.
• Data Protection – support compliance with data protection obligations, including response to data incidents and data subject requests.

Qualifications and Experience – Required

• Proven experience (5+ years) in security management spanning digital, cyber, information and/or protective security environments.
• Experience managing security risks across both physical and digital security domains.
• Strong understanding of information security principles, threats, vulnerabilities and mitigating controls.
• Experience implementing or operating security frameworks such as ISO/IEC 27001, NIST and relevant regulatory frameworks including GDPR.
• Knowledge of National Cyber Security Centre guidance, including the 14 Cloud Security Principles.
• Experience overseeing incident response, security assurance and third‑party security management.
• Experience overseeing or coordinating penetration testing, vulnerability assessments and remediation activities, including interpretation of findings and management of corrective actions.
• Experience delivering security reporting and assurance to senior stakeholders.
• Strong project management capability, including management of multiple initiatives simultaneously.
• Excellent communication, interpersonal and written skills.
• Ability to work effectively across functions and influence stakeholders at all levels.
• Eligible to obtain and maintain Security Check (SC) Clearance.

Qualifications and Experience – Desirable

• Current SC clearance (or higher).
• Experience administering personnel vetting applications through United Kingdom Security Vetting.
• Experience operating within defence, national security, critical infrastructure or similarly regulated environments.
• Understanding of protective security guidance from National Protective Security Authority and National Cyber Security Centre.
• Eligibility for Developed Vetting where required to support specific programmes.
• Bachelor’s degree in Information Security, Computer Science, Engineering Management or related discipline.
• Professional certifications such as: ISC2 CISSP, ISACA CISM, ISO27001 Lead Auditor / Implementer, NIST Foundation or Practitioner, CCSP, Chartered Security Professional (CSyP).

Note

Due to the nature of work undertaken at SubSea Craft, the selected candidate must be capable of meeting the security requirements of the position, which would include as a minimum existing right to live and work in the UK, Baseline Personnel Security Standard (BPSS), with UK National security clearance required for certain roles.

Values

Our people are our greatest asset, we continually strive to provide an excellent working environment to enable our team to do their best work. We have an agile professional workforce: we are founded on the belief that our people are valued and our business is trusted, inclusive and commercially adept.

What we expect from you

• Teamwork, mutual respect and collaboration
• Initiative and independent working
• Honesty and integrity
• Business and commercial awareness
• Agility, adaptability and continuous development
• Commitment to Inclusion

We are committed to building an inclusive, diverse workplace where everyone can thrive. If you require any support or adjustments to interact with us, please let us know.