Cyber Security Programme Manager

Cyber Security Programme Manager - Contract

Location: London (Hybrid - 3 days onsite at Bishopsgate HQ)

Contract Length: 6 months (with potential extension up to 36 months)

IR35 Status: Outside IR35

Start Date: ASAP

Day Rate: Competitive

We are seeking an experienced and strategic Cyber Security Programme Manager to lead a major enterprise-wide cyber security uplift programme for a leading organisation in the construction industry. This transformation initiative spans 24-36 months and aims to significantly enhance the organisation's security posture across both cloud (Microsoft Azure) and on-premise environments, aligned to the NIST Cybersecurity Framework (CSF) and CIS Controls.

• Lead the end-to-end delivery of a multi-stream cyber security uplift programme
• Manage the RFP process and selection of third-party vendors and consultancies
• Oversee the external delivery partner, ensuring accountability for risks, issues, and deadlines
• Deliver initiatives across people, process, technology, and governance
• Manage smaller internal cyber security projects outside the partner's scope
• Maintain programme governance, risk management, and resource planning
• Collaborate with senior stakeholders, IT teams, and external suppliers
• Drive change management and embed new security disciplines across the organisation
• Monitor progress against KPIs, including NIST CSF and CIS maturity improvements
• Ensure compliance with internal policies, data protection laws, and industry standards
• Manage programme budgets and ensure value delivery

Cloud Security (Microsoft Azure):

• Microsoft Sentinel
• Microsoft Defender (Cloud, Endpoint, Office 365)
• Microsoft Entra ID (Azure AD)
• Microsoft Purview
• Microsoft Intune
• Azure Security Centre

Information Security (On-Premise):

• Firewalls (e.g. Palo Alto, Fortinet)
• Intrusion Detection/Prevention Systems (IDS/IPS)
• Endpoint Protection Platforms (EPP)
• SIEM tools (on-prem or hybrid)
• Identity & Access Management (IAM)
• Patch management and vulnerability scanning
• Data Loss Prevention (DLP)

• Proven experience delivering large-scale cyber and information security programmes
• Strong hands-on background in cyber security and technical delivery
• Deep understanding of Microsoft Azure security architecture and tooling
• Experience managing third-party vendors and consultancies
• Familiarity with NIST CSF, CIS Controls, and ISO 27001
• Excellent stakeholder engagement and communication skills
• Relevant certifications (e.g. SC-100, CISSP, CISM, ISO 27001 Lead Implementer)