Security Manager

At Westcoast, we distribute renowned global IT brands to resellers, retailers and organisations across the UK and beyond. We are looking for a Cyber Security Manager to report to the Director of Cyber Security and drive security consultancy, risk activities, and continual improvement across external and internal stakeholders.

The role involves supporting a security transformation programme, delivering key initiatives and playing an essential part in shaping organisational change.

Experience in GRC, project consultancy, ISO27001, Cyber Essentials Plus and the ability to manage an Information Security Management System (ISMS) are key to success in this role.

Regular travel to Westcoast UK offices and successful completion of Westcoast security vetting are required.

• Lead security engagements to identify and remediate security risks and vulnerabilities, and maintain continuous security post‑deployment through audit and testing.
• Act as the subject‑matter expert on security controls, authorising changes as required.
• Maintain the Information Security Management System policies, procedures and ISMS documentation.
• Provide management reporting and metrics using security tooling and dashboards, working towards KPIs linked to the organisation’s Security Improvement Plan (SIP).
• Drive the delivery of parts of the SIP relating to security compliance and consultancy functions.
• Develop capabilities and embed continuous improvement aligned with the threat landscape.
• Conduct security assessment and management of Westcoast‑hosted and cloud infrastructure, networks, endpoints, applications and data against threat models.
• Develop testing and remediation plans with tracking and collaborate with system owners to implement identity best practice, including single sign‑on and federated services.
• Work with the Technical Design Board to develop security architecture and patterns.
• Steward information security risks with the Business Assurance team and report accordingly.
• Ensure cardated ‘crown jewel’ systems achieve required risk posture and cyber‑resiliency.
• Manage technical risks from Data Protection Impact Assessments and maintain risk registers.
• Maintain and audit ISMS policies and procedures.
• Operate a vendor risk management programme, including surveillance of critical suppliers.

• Minimum 3 years’ experience in a full‑time security role.
• A recognised security qualification such as CISSP, CISM, CCSP, CISA, ISO27001 Lead Implementor/Auditor, CEH, or equivalent.
• Knowledge of security frameworks – ISO27001, NIST, CIS Controls, PCI‑DSS, and HMG security standards (e.g. Cyber Essentials Plus, Cloud security principles).
• Experience managing security incidents and investigations, including APT threat actors.
• Experience working with enterprise‑level IT and network teams, systems and processes.
• Experience with security products such as firewalls, web filtering, anti‑virus, and specialised tools (Palo Alto, Tenable, Defender, Sentinel).
• Cloud computing experience across multiple vendors (O365, Azure, AWS, Google).
• Ability to prioritise risks and estimate technical resolution timeframes accurately.
• Strong organisational and supervisory skills, with a methodical approach to task execution.
• Continuous personal development mindset and increasing security knowledge.

• 25 days’ holiday and an employee referral bonus.
• Access to Westcoast Wellbeing services – mental health counselling, virtual GP, physiotherapy, life insurance and more.
• Gym facility (Theale only) available 24/7.
• Training and development opportunities, including funded apprenticeships and professional qualifications.
• Opportunities to grow within a Sunday Times Top 100 company.

Apply online – the quick application process takes 5–6 minutes. Due to high volumes, individual feedback may not be provided within 14 working days; applicants will be notified if the role moves forward.