This role offers a competitive salary, hybrid working (London with 2 days in the office, Thursdays mandatory), 28 days holiday a year plus Bank Holidays and a fantastic pension scheme offering 6% in year one and 11% after this.

Salary £73,000 - £80,000 per annum

Location: London/Hybrid  (2 days in the office, Thursdays mandatory)

Please note: Although we acknowledge that the use of AI tools can be helpful, we want your application to represent you. Please ensure your CV and statement of suitability (if asked to send in this advert) reflect your own voice and experiences.

About the role

Are you a technical security expert who thrives at the intersection of strategy and hands-on execution? We are looking for a Cyber Security Manager to lead our operational technical security domain. You will be the go-to authority for infrastructure and cloud security, managing a focused team and partnering with the wider business to ensure our digital ecosystem remains resilient against emerging threats.

In this role, you won't just be monitoring dashboards; you will be shaping our security strategy, driving vulnerability management, and embedding a "security by design" culture across our product development life cycle.

This is a pivotal role where you will have direct influence over our security posture. You'll report directly to the Head of Information Security & Technology Risk, giving you a high-visibility platform to drive change.

Key responsibilities include: 

• Technical Leadership: Manage and mentor a small technical security team (currently 1 direct report), overseeing all technical aspects of security from Infrastructure to DevSecOps.
• Cloud & Infrastructure Custodian: Lead security initiatives across AWS, Google Workspace, Microsoft, and Salesforce. You will ensure our cloud environments and architecture meet the highest standards.
• Vulnerability Management: Serve as the primary point of contact for penetration testing, vulnerability and patch management. You'll coordinate with technical teams to ensure vulnerabilities are identified, negotiated, and remediated swiftly.
• Strategic Partnership: Work hand-in-hand with our Managed Service Provider (MSP) for 24/7 monitoring, incident response, and threat resolution.
• Risk & Evolution: Conduct cyber risk evaluations for all new technologies and service changes, ensuring security scales with our innovation.
• Tool Ownership: Act as the internal expert and administrator for our Varonis and Wiz security platforms.
• Product Security: Partner directly with a specific Product Area to provide expert advice during all stages of development.

About you:

• Expertise: Strong technical knowledge of AWS, Microsoft 365, Azure, and Salesforce (or a strong willingness to master the latter).
• Certifications: CISM, CISSP, or equivalent professional qualifications.
• Strategic Mindset: Proven experience in security strategy, incident management, and infrastructure security.
• Communication: The ability to translate complex technical risks into "plain English" for non-technical stakeholders. You are friendly, approachable, and a natural collaborator.
• Drive: You are a self-starter who can manage your own workload and lead a team with minimal supervision. We work hard and play hard. 

• Practical experience with PCI DSS compliance.
• Background in Data Protection/Management.

The interview process for this role involves:-

• 30-minute screening call with members of the Security Team via MS Teams.
• 60-90 minute Competency-based and scenario-based interview via MS Teams

Benefits

 We also have these benefits for you to consider: 

• 35 hour working week
• Generous 28 days holiday a year plus bank holidays and the option to buy additional holiday days
• Excellent pension scheme – when you pay in 3%, Which? pays in 6% (rising to 11% after one year of service) 
• Annual Award (depending on employee and company performance)
• Healthcare insurance & Private medical insurance and opportunity to participate in Vitality rewards programme (at 6 months)
• A discretionary death in service benefit provision equivalent to six times your annual salary
• Free access to Which? member content and free access to Which? money & legal helplines 
• Free wills for all Which? employees, plus, partners of employees can make their will at cost price.
• Discount site Pluxee which offers large %% off every day shopping and holidays
• Work from (almost) anywhere” for 4 weeks of the year policy
• A great work-life balance (all our roles are now hybrid), offering flexible working options e.g. part time or job shares where possible. If you wish to discuss any of these options, please contact the Resourcing team at recruitment@which.co.uk.

About Which?

Which? is the UK's consumer champion, here to make life simpler, fairer and safer for everyone. You can find out more about what we do, our people and culture as well as hints and tips on how to complete your application on our Careers site.

We're proud to be ranked 3rd in the ‘Top 25 Inclusive Employers' List 2024. We welcome applications from everyone, because we value diversity, and are committed to maintaining an inclusive culture where all can thrive and reach their full potential—because diverse perspectives help us better understand and positively impact consumers.

As a Disability Confident Leader, we ensure that everyone can apply and be part of our recruitment processes and so we'll make reasonable adjustments if you need them. For this or any other assistance you need with applying (i.e., would like to apply by phone or post), email recruitment@which.co.uk. Find out more about the Disability Confident Interview Scheme here.

Please note:

1. You must meet the essential criteria listed within the Role Profile, to have your application reviewed. 
2. We are unable to accept applications by email. Only candidates who apply by completing the online application via the careers site will be considered.
3. We reserve the right to withdraw this advert at any given time due to the number of applications received.