Cyber Security Manager - Outside IR35

• Cyber Security Manager
• Outside IR35
• Digital Transformation

Outside IR35 - Hybrid (3 days on site in London, 2 days remote)

We urgently need a Cyber Security Manager for a a major national digital transformation programme to support a high profile online retail initiative as it moves through procurement and definition phases. This role will play a critical part in shaping a secure, resilient, and scalable digital retail platform used by millions of people.

Required Skills & Experience
- Strong technical expertise across application, infrastructure, cloud, and OS security, including modern web and API architectures.
- Deep understanding of current threats and controls, including OWASP Top Ten (Web & API)
- Experience with key standards and regulations: ISO 27001, PCI DSS, UK GDPR, and relevant government/industry frameworks.
- Strong grounding in core security principles: defence in depth, least privilege, zero trust, security by design.
- Hands on experience with threat modelling (eg, STRIDE) and risk management.
- Proven ability to assess and assure third party supplier security within procurement processes.
- Experience establishing security KPIs, governance, and assurance across delivery phases.
- Excellent stakeholder engagement skills, able to influence both technical and non technical audiences.
- Comfortable operating in a fast paced, complex, and ambiguous delivery environment.

Key Responsibilities
- Embed security by design across solution architecture, working closely with architects, technical leads, and security stakeholders.
- Define and refine security, resilience, and non functional requirements for procurement.
- Lead threat modelling and risk assessments across applications, integrations, data flows, and user journeys.
- Provide actionable recommendations to influence design decisions and acceptance criteria.
- Establish and maintain security governance, including KPIs, review gates, and assurance activities.
- Support incident readiness planning and alignment with wider organisational security objectives.
- Contribute to supplier evaluation through a structured security assessment framework.
- Maintain a comprehensive security risk log, including inherited risks from existing systems and new build components.

Please forward your CV for immediate consideration.