Cyber Security Manager

The role

As Cyber Security Manager, you will lead the development, delivery and continuous improvement of our cyber security strategy and operational controls. You will work across the organisation to protect information assets, manage risk, and ensure compliance with relevant regulatory and industry standards. This role combines technical leadership, stakeholder engagement and practical governance to reduce cyber risk while enabling secure, resilient service delivery.

The team

It’s an exciting time to join the newly formed Marketing, Digital and Technology Centre of Excellence at Energy Saving Trust. We are on an ambitious growth journey to accelerate the use of our services through customer centric digital transformation. This includes a move to a product orientated approach, an increasingly Agile delivery model and harnessing data to enhance our digital products and services.

Our approach is open and collaborative, where we want everyone to be able to bring their unique perspectives to help tackle the climate emergency.

What you will do

• Lead cyber security strategy and governance
  Develop, maintain and drive the delivery of the cyber security strategy, policies and standards. Chair or support security governance forums and provide clear, executive‑level reporting on risk and progress.

• Manage risk and compliance
  Own the cyber risk register, lead risk assessments, and ensure appropriate mitigations are in place. Oversee compliance with relevant standards and legislation (for example, UK GDPR, NIS, and ISO 27001 or equivalent frameworks).

• Operational security and incident management
  Oversee detection, response and recovery arrangements. Lead incident response activities when required, coordinate cross‑functional actions, conduct post‑incident reviews and ensure lessons learned are embedded.

• Secure architecture and technical controls
  Work with architects and engineers to influence secure design, deployment and hardening of systems and cloud services. Promote and oversee implementation of technical controls such as identity and access management, endpoint protection, network security and encryption.

• Build capability and culture
  Design and deliver security awareness, training and guidance for staff. Support teams to adopt secure practices and foster a positive, risk‑aware culture across the organisation.

• Supplier and third‑party security
  Assess and manage supplier security risk, define security requirements in contracts and lead assurance activities, including security questionnaires and audits.

• Continuous improvement
  Monitor threat intelligence and industry developments, run vulnerability and assurance programmes, and lead projects to improve our security posture and resilience.

What you will bring

• Proven experience in cyber security leadership or senior technical security roles, with responsibility for strategy, governance and incident response.

• Practical knowledge of security frameworks and regulations (for example ISO 27001, NIST, UK GDPR, NIS) and experience delivering compliance programmes.

• Strong technical understanding of cloud security, network security, identity and access management, endpoint protection and secure application practices.

• Experience managing security incidents and leading cross‑functional response and remediation activities.

• Excellent communication skills with the ability to explain technical risk to non‑technical stakeholders and influence senior leaders.

• Strong planning and organisational skills, with experience managing multiple priorities and delivering change across an organisation.

• Relevant professional qualifications or certifications (for example CISSP, CISM, CISA) and/or demonstrable equivalent experience.

For more information, please see the job description

Please submit an anonymised CV and cover letter, removing your name, address, email address, and any other identifying details. Applications submitted without a cover letter may be rejected.

Who we are

We are a purpose‑driven organisation committed to delivering public value through our work. Joining us means contributing to meaningful outcomes while developing your career in a collaborative and supportive environment.

Work where you thrive

We support flexible working and hybrid arrangements. Our people work from home, from regional offices and in the field as required. We provide an inclusive environment with a range of employee benefits including generous holiday, pension and professional development support.

We’ll support you with:

• Generous holiday (25 days + bank holidays + extra Christmas leave)

• True flexibility in how and where you work

• Strong pension & life assurance

• Enhanced family leave

• Professional development support

• Yearly wellbeing allowance

Reasonable adjustments: We want to ensure that our recruitment process is inclusive and accessible for everyone. If you need additional support or reasonable adjustments, please get in touch with recruitment.

Diversity and inclusion
We are committed to creating a diverse, inclusive and equitable workplace where everyone can be themselves and thrive. We strongly encourage applicants from a wide range of backgrounds to apply.

To avoid disappointment, you are advised to submit your application as soon as possible as we reserve the right to close the vacancy early if a high volume of applications are received.

Please note, we are unable to provide visa sponsorship for this post. To apply for this role, you must be able to demonstrate your eligibility to work in the UK.