Operational Security Manager
On site
London, United Kingdom
Full Time
28-02-2025
Job Specifications
Darlington, Leeds, London, Manchester, Wolverhampton
Job Summary
Here at the Ministry of Housing, Communities & Local Government (MHCLG), we work on things that make a real difference to people’s lives.
Whether it's through the homes we live in, the work of our local councils, or the communities we’re all part of, our work is at the top of the political agenda. We have ambitious and far-reaching outcomes to achieve this year and, if you’re thinking of joining us, there’s never been a more exciting time.
We have over 3,500 staff who are based in 20 offices across the UK and this Cyber Security role sits in the heart of the Technology team within our Digital Directorate.
Our aim is to provide high quality Digital services for our staff, typically using evergreen cloud services. Delivering this responsibility comes with a high demand for adoption of new technologies, systems and applications that require security review and scrutiny to ensure the department operates in a safe and secure environment that is overseen by centralised security products such as a SIEM, vulnerability scanners and security validation tools.
Security has never been more important in delivering services for our staff and citizens and the Department is committed to meeting the objectives set out in the Government Cyber Security Strategy. Now is an extremely exciting time to join our Cyber team as we use a modern tech stack, specialist external suppliers and a growing number of internal staff to mature our capabilities and deliver Departmental objectives.
We particularly welcome candidates from an ethnic minority background and other underrepresented groups to apply, as we work to continually improve our ability to represent the places and communities we support through our work.
Find out more about what it's like to work in a digital, data and technology role at MHCLG including our culture, ways of working, career progression and staff benefits. You can also read the MHCLG Digital blog to learn about the work we're doing.
Job Description
As an Operational Security Manager, you'll:
provide cyber security advice and guidance to the Department, acting as the Champion and face of the team across numerous forums to enhance and maintain the positive perception and visibility of the Cyber Security Team
lead on the development and maintenance of Security Policies and associated documentation
lead on supporting all internal and external stakeholders in the alignment to the Policies and associated documentation
provide Cyber Security input to governance forums as required, including Change Advisory Boards and Technical Design Authorities
conduct periodic checks of various technologies and processes across stakeholders in an internal/external audit capacity, subsequently supporting those stakeholders in the development and implementation of remediation plans
lead on the development and maintenance of the Departments cyber security oversight of, and support to, its ALBs
lead on the conduct of GovAssure and wider Department alignment to the NCSC CAF
input to the Cyber Security KPIs and Metrics across all areas of responsibility
work with the Head of Security Awareness to design and implement cyber security awareness campaigns
act as the overarching lead, join up and work with other elements of the team to support them in service adoption and improvement across all areas including Secure by Design, Supplier Security, Vulnerability Management and Security Operations Centre (SOC). This may on occasion include directly supporting across these teams where required
collaborate with, and mentoring of, peers and stakeholders where appropriate
As An Operational Security Manager, You'll
provide cyber security advice and guidance to the Department, acting as the Champion and face of the team across numerous forums to enhance and maintain the positive perception and visibility of the Cyber Security Team
lead on the development and maintenance of Security Policies and associated documentation
lead on supporting all internal and external stakeholders in the alignment to the Policies and associated documentation
provide Cyber Security input to governance forums as required, including Change Advisory Boards and Technical Design Authorities
conduct periodic checks of various technologies and processes across stakeholders in an internal/external audit capacity, subsequently supporting those stakeholders in the development and implementation of remediation plans
lead on the development and maintenance of the Departments cyber security oversight of, and support to, its ALBs
lead on the conduct of GovAssure and wider Department alignment to the NCSC CAF
input to the Cyber Security KPIs and Metrics across all areas of responsibility
work with the Head of Security Awareness to design and implement cyber security awareness campaigns
act as the overarching lead, join up and work with other elements of the team to support them in service adoption and improvement across all areas including Secure by Design, Supplier Security, Vulnerability Management and Security Operations Centre (SOC). This may on occasion include directly supporting across these teams where required
collaborate with, and mentoring of, peers and stakeholders where appropriate
Person specification
We will use the essential criteria below to evaluate you during the recruitment process. Make sure your CV details how you meet the criteria.
As An Operational Security Manager, You’ll Have
significant experience in an Information Security/Assurance related role(s)
knowledge of relevant laws, regulations, and industry/HMG standards including GDPR, NCSC CAF, Cyber Essentials and ISO27001, with a strong understanding of information security principles, concepts, and best practices
experience with risk assessment methodologies and tools
familiarity with security principles and technologies for cloud hosted services such as AWS, Azure and SaaS
strong knowledge of typical threats and attack vectors with appropriate remediation methods
excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders
developed problem solving skills including addressing complex technical security and process challenges that ensure delivery at pace to an appropriate risk appetite
professional certifications, such as CISSP, CISM, CRISC or equivalent experience
experience leading deep dives into adherence against processes, policies and procedures that are mandated for suppliers, services and teams to use in delivery of Digital services
Behaviours
We'll assess you against these behaviours during the selection process:
Making Effective Decisions
Managing a Quality Service
Communicating and Influencing
Alongside your salary of £59,586, Ministry of Housing, Communities and Local Government contributes £17,262 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out wh...
About the Company
We are the Ministry of Housing, Communities & Local Government. Know more
Related Jobs
- Company Name
- Westfield Specialty (International)
- Job Title
- Information Security Lead Architect
- Job Description
- Job Responsibilities JOB DESCRIPTION Lead the development and implementation of the information security and data protection architecture strategy and roadmap, ensuring alignment with business objectives, regulatory requirements, and industry best practices Provide technical leadership and guidance to the information security team, overseeing the design, implementation, and integration of security solutions across the organization Collaborate with business units, IT teams, executive leadership and vendors to communicate security risks and strategies, assess security requirements, evaluate solution options, and architect secure systems and applications that meet business needs while maintaining a strong security posture Lead the evaluation, recommendation and implementation of new security technologies and tools Define and enforce information security standards and frameworks, ensuring consistent security practices across all technology domains and projects Collaborate with enterprise architects, business and IT stakeholders to integrate security controls and requirements into overall IT architecture frameworks, ensuring the security-by-design principle is followed throughout the development and implementation lifecycle Develop comprehensive security architecture processes and artifact templates, and actively influence their adoption and use across the organization to ensure consistency, efficiency, and alignment with security standards Conduct security architecture reviews and risk assessments, identifying potential vulnerabilities, weaknesses, and gaps in existing systems and proposing effective solutions to mitigate risks Serves as a mentor and role model to security architects and other security team members Foster a collaborative and inclusive environment that encourages continuous learning and skill development Guide team members in best practices, emerging technologies, and evolving threats Represents the organization externally, participating in security forums and conferences to stay updated on the latest trends, share knowledge, and contribute to industry thought leadership Responsibilities Behavioral Competencies: Global Perspective Action Oriented Drives Results Collaborates Communicates Effectively Customer Focus Decision Quality Nimble Learning Develops Talent Directs Work Ensures Accountability Manages Complexity Technical Skills Network Security Incident Response Security Monitoring Vulnerability Management Threat Intelligence Identity and Access Management Data Protection AI Security Encryption Techniques Security Assessments Security Engineering API Security Architecture Modelling Cloud Security Enterprise Security Architecture IT Operations and Infrastructure Services Secure Software Development Agile Methodologies Network Architecture Project Management Work Requirements*: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Ability to work effectively in an office, hybrid, or remote work environment for 40+ hours per week (including sitting, standing, and working on a computer for extended periods of time). Ability to communicate effectively in a collaborative work environment utilizing various technologies such as: telephone, computer, web, voice, teleconferencing, e-mail, etc. Ability to publicly speak. Ability to travel as required The information under these attributes is to be provided by Westfield Qualifications Licenses and Certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Information Systems Security Architecture Professional (ISSAP) or other relevant certifications 10+ years of experience in Information Security or a related field. Bachelor's degree in computer science, Information Technology, or a related field and/or commensurate experience. Master's degree in related field is preferred. #wspi Equal Opportunity Employer Westfield celebrates diversity and is committed to inclusion. All qualified applicants receive consideration for employment without regard to race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, or status as a protected veteran.
- Company Name
- Darkshield
- Job Title
- Cybersecurity Engineer
- Job Description
- About Darkshield Darkshield is an expert cybersecurity agency based in York, UK. We help organisations navigate an increasingly complex digital landscape by providing expert services in penetration testing, vulnerability assessment, managed security, and more. Our mission is to protect businesses by delivering tailored, cutting-edge cybersecurity solutions that keep them resilient and ahead of cyber threats. The Role We are looking for a skilled and motivated Cybersecurity Engineer to join our team. You will play a key role in designing, implementing, and maintaining security solutions that protect our clients from evolving threats. This role requires a strong technical background in cybersecurity, problem-solving skills, and the ability to work collaboratively with clients and internal teams. Key Responsibilities Design, implement, and maintain security solutions to protect networks, applications, and data. Conduct security assessments, penetration testing, and vulnerability management. Monitor and respond to security incidents, ensuring swift mitigation and resolution. Develop and enforce security policies, procedures, and best practices. Perform security audits and risk assessments to identify potential vulnerabilities. Work closely with clients to provide expert advice and tailored security solutions. Keep up to date with emerging cyber threats, attack techniques, and security technologies. Automate security processes and develop scripts/tools to enhance security operations. Assist with compliance efforts, ensuring alignment with industry standards and regulations. Requirements Proven experience in cybersecurity engineering or a related field. Strong understanding of network security, cryptography, and security frameworks. Experience with penetration testing, vulnerability management, and incident response. Familiarity with security tools such as SIEMs, IDS/IPS, firewalls, and endpoint security solutions. Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for security automation. Knowledge of cloud security (AWS, Azure, or Google Cloud) is a plus. Strong problem-solving and analytical skills. Certifications such as CISSP, OSCP, CEH, or equivalent are desirable but not mandatory. Excellent communication skills and the ability to work both independently and in a team environment. Why Join Darkshield? Work with a passionate team dedicated to cybersecurity excellence. Opportunity to work on a variety of challenging projects across different industries. Support for professional development, including training and certification assistance. Flexible working arrangements, including remote options. A culture that values innovation, collaboration, and continuous learning. If you're a cybersecurity professional looking for an exciting and impactful role, we’d love to hear from you. Apply today and join Darkshield in our mission to secure the digital world.
- Company Name
- Ørsted
- Job Title
- Information Security SCADA Specialist - Critical Infrastructure
- Job Description
- Join us in this role where you’ll be leading UKW hub national critical infrastructure with cyber secure generation. You will be leading in all areas of Information Security Management system across the region, initiating improvements of the system, and reporting from the system. This also includes ensuring that the implemented ISMS controls fulfil organisational and country-specific legal requirements where ISMS is implemented. Welcome to UK West Engineering You’ll be part of UKW Engineering team where you, together with your colleagues, will ensure secure, reliable generation from our European assets. You will ensure the best possible handling and improvement of cybersecurity and ensure compliance towards applicable country-specific legal requirements where ISMS is implemented. You’ll secure the lowest possible operating costs and consistently deliver high-quality results at the right time. You’ll play an important role in: maintaining and improving the cybersecurity risk register, including conducting risk identification, developing improvement roadmap and conducting follow-up workshops with relevant parties owning regional technical cyber security risks in close collaboration with Quality & Risk team. Developing, securing budget and implementing risk treatment plans defining effective business continuity plans for SCADA IT/OT systems, maintaining them and implementing them in emergency scenarios, leading event recovery sessions in relation to area of expertise facilitating and supporting regional hub initiatives on continuous improvement of ISMS, including instructions, controls, reports, training, or other work related to ISMS ensuring development and roll-out of training to all involved functions as well as supporting relevant teams in the implementation of ISMS requirements establishing, conducting, and following up on regional audits (internal & external) and management reviews in accordance with requirements in ISMS. To succeed in the role, you: [HFJ1] hold a degree in Information Security, Cybersecurity, Computer Science, or a related field are proficient in cyber security in IT/OT environments, preferably with in-depth knowledge on ISO27001/27019 and IEC62443. National requirements such as NIS-CAF would be advantageous possess relevant cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) bring prior experience working independently in the energy sector, particularly in a regulated environment such as utilities, renewable energy, or oil and gas are proficient in risk assessment methodologies, security controls, and incident response management demonstrate ability to work effectively with external vendors and internal stakeholders to achieve security objectives. Maybe you’ve read the above and can see you have some transferable skills, even though they don’t quite match all the points. If you think you can bring something to the team, we still encourage you to apply. Shape the future with us Send your application to us as soon as possible. We’ll be conducting interviews on a continuous basis and reserve the right to take down the advert when we’ve found the right candidate. As an applicant or employee, you may request reasonable work and position accommodation or adjustments via accommodation@orsted.com. Please note that for your application to be taken into consideration, you must submit your application via our online career pages and answer the screening questions relevant for your country. We don't take applications or inquiries from external recruiters or agencies into account for this position.
- Company Name
- Lloyds Banking Group
- Job Title
- Cloud Security Engineer (VM Compliance)
- Job Description
- JOB TITLE: Cloud Security Engineer (VM Compliance) SALARY: From £70,929 depending on location LOCATION(S): UK (Edinburgh, Manchester, Leeds, Bristol, London) HOURS: Full-time (35 Hours Per Week) WORKING PATTERN: Our work style is hybrid, which involves spending at least two days per week currently, or 40% of our time, at one our strategic hubs About this opportunity You'll sit within Chief Security Office (CSO), part of a team of Security-focused engineers. We are driving a roadmap that will modernise our approach to securing cloud hosted workloads in the Group (Continuous Compliance, Contextual Reporting, Cloud Native). Our primary services are the curation of guardrails (policy as code) to secure Operating Systems (OS) for Virtual Machine (VM)-based workloads hosted on Private and Public Cloud Platforms. Our goal is to enable the bank's adoption of Private & Public Cloud to go safely, faster. The CSO is a vital part of delivering the Group's vision of putting customers at the heart of everything we do, helping Britain prosper and protecting the Group and customers from security threats. We're responsible for influencing then implementing Lloyds Banking Group's security strategy and providing a variety of critical Enterprise Security Services which not only operate key controls that keep the Group safe but also enable the digital transformation agenda of the wider organisation. Experienced Security focused DevOps engineers are needed to develop guardrails (policy as code) to detect, report and where possible enforce (auto-remediate) safe and secure configurations at the Operating System (OS) level to align with our principles and standards, as well as Industry best practices (CIS Benchmarks). The role will involve curating Operating Systems for secure LBG consumption with guardrails and supporting these throughout the full lifecycle (definition, development, release, maintenance); building and maturing the OS Continuous Compliance framework; maturing of operational and curation processes through simplification and automation. It is crucial that the applicant has outstanding written, drawing, and verbal communication skills, as one would expect from an architect or consultant. These skills are vital to effectively communicate information that will later be completed by our proficient engineering teams. This is a hands-on engineering role, and will require deep knowledge in Operating Systems, DevOps tooling and experience working in Infrastructure as Code (IaC) environments. Why Lloyds Banking Group Like the modern Britain we serve, we're evolving. Investing billions in our people, data, and tech to transform the way we meet the ever-changing needs of our 26 million customers. We're growing with purpose. Join us on our journey. What you'll need We need a Solution Engineer who understands the challenges of modern architecture. You'll build a compelling strategic vision and will understand a wide array of technology implications including people and process, bringing this to your comprehensive view of design. You'll ideally have previous career experience in software or infrastructure engineering and will be well placed to define and sell your vision for Engineers, Architects, and Product Owners alike. You must be a keen and comfortable communicator who is happy working with a wide range of technical and non-technical colleagues. You would be able to produce high quality documentation tailored to the audience which would include senior colleagues. As a role that can require demanding delivery timeframes, you'll be self-organised and proactively prioritise your time. You'll: Identify OS level configurations that require security oversight and control Define a backlog of OS guardrails to detect bad configurations, enforce good configurations Develop, test, release and support guardrails through their full lifecycle Provision and configure testing environments and supporting resources Apply automation first mind-set to all activities completed Coach and upskill peers and junior team members Create, maintain and enhance terraform modules Analyse compliance health and security posture of workloads and platforms Input into development of compliance reports and enable value release to end customers Lead triage and resolution of engineering impediments Work closely with the PO to build roadmap items and shape the backlog Lead on recommendations to harden and improve security posture Research and upskill in to trending compliance capabilities, identify ways to incorporate into the team's roadmap In addition, we're in search of someone who holds the following experiences: Strong experience in Operating Systems (RHEL / WIN Server), IaC Experience in Cloud Compliance - guardrails and policies Experience in VM Management tooling (Azure ARC) Understanding of API-based architectures About working for us Our focus is to ensure we're inclusive every day, building an organisation that reflects modern society and celebrates diversity in all its forms. We want our people to feel that they belong and can be their best, regardless of background, identity, or culture. We were one of the first major organisations to set goals on diversity in senior roles, create a menopause health package, and a dedicated Working with Cancer initiative. And it's why we especially welcome applications from under-represented groups. We're disability confident. So, if you'd like reasonable adjustments to be made to our recruitment processes, just let us know. We also offer a wide-ranging benefits package, which includes: A generous pension contribution of up to 15% An annual performance-related bonus Share schemes including free shares. Benefits you can adapt to your lifestyle, such as discounted shopping. Generous holiday allowance, with bank holidays on top A range of wellbeing initiatives and generous parental leave policies Want to do amazing work, that's interesting and makes a difference to millions of people? Join our journey.