Cyber à Grande-Bretagne

The role: Are you a strategic cybersecurity leader ready to make a meaningful impact on the future of digital financial services? Do you have deep experience in safeguarding complex architectures and managing cyber risks across cloud and hybrid environments? The Money and Pensions Service (MaPS), supporting the delivery of the Pensions Dashboard Programme (PDP), is looking for a Cyber Security Lead to join our team. This is a critical leadership role, overseeing the full security lifecycle — from architecture and policy development to operational resilience and incident response — across complex hybrid environments with a strong emphasis on cloud security (AWS and Azure). Your leadership will be central to ensuring that digital financial infrastructure remains secure, compliant, and future-resilient, working at the intersection of innovation, regulation, and public trust. The role also involves oversight of third-party security providers and suppliers, ensuring that outsourced services meet contractual, technical, and regulatory expectations while delivering value for public money. The Cyber Security Lead will report directly to the Head of Information Security and will play a pivotal role in safeguarding the integrity and resilience of the PDP within MaPS.

• Working in close partnership with third-party security and service providers to ensure systems and networks are proactively monitored, security events are accurately detected and triaged, and incidents are responded to based on their severity and business impact.
• Leading the design, assurance, and continuous improvement of security systems and tooling, ensuring alignment with national cyber standards and best practices (e.g. NCSC, ISO 27001, NIST).
• Collaborating with architects, risk owners, and delivery teams to embed secure design principles and ensure the security operations centre (SOC) is equipped to handle emerging threats effectively.
• Lead security assurance activities including penetration tests, technical risk assessments, assurance reviews, and third-party security evaluations to ensure alignment with internal and external standards.
• Chairing PDP security governance and technical authority forums to ensure pension providers and schemes connect to the ecosystem in a secure and compliant manner.
• Representing security within change boards and design authorities and ensuring that security non-functional requirements (NFRs) are clearly defined, prioritised, and tracked within product and service delivery.
• Maintaining compliance with national cybersecurity standards, regulatory expectations, and internal frameworks by authoring, updating, and enforcing the PDP Code of Connection (CoCo) security requirements, ensuring all participants meet defined security criteria before connecting to the ecosystem.

• Knowledge of supporting the design or implementation of secure systems, you can support the design and review of system architectures through the application of patterns and principles.
• Experience of defining secure architecture principles and applying them to the design and review of on-premises and cloud-based systems, particularly within AWS and Azure environments.
• Knowledge of embedding security requirements throughout the solution lifecycle, from initial design through development, testing, and into operational deployment.
• Demonstrate a strong understanding of leading operational security functions, including SOC operations, threat intelligence, and vulnerability management.
• Experience of managing the incident response lifecycle, including triage, containment, investigation, remediation, and conducting post-incident reviews.
• Ability to establish and improve incident response playbooks and escalation processes to ensure readiness for cyber threats and regulatory reporting.
• Experience of providing strategic cyber risk oversight, working with risk owners to advise on exposure and inform proportionate, evidence-based decisions.
• Demonstrate capability in planning, scoping, and reviewing security assurance activities, including penetration tests, IT health checks, and vulnerability assessments.
• Ability to interpret technical findings and ensure remediation actions are appropriately prioritised and managed through to resolution.
• Experience of maintaining a technical risk register and developing appropriate compensating controls where residual risks exceed tolerance thresholds.
• Experience of supporting and informing risk-based decisions working with risk owners to advise and give feedback.
• Knowledge of chairing security authority and governance forums and contributing to broader cross-government cybersecurity initiatives.
• Experience of influencing security decisions within digital transformation and change programmes, ensuring services are secure by design.
• Understanding of how to embed security into agile and DevSecOps processes by feeding non-functional requirements (NFRs) into delivery backlogs.
• Ability to work collaboratively with architecture, product, engineering, and delivery teams to shape secure digital services.
• Experience of managing third-party and outsourced security providers to ensure alignment with contractual, regulatory, and technical expectations.
• Demonstrate ability to conduct supplier assurance, including onboarding assessments, ongoing security reviews, audits, and compliance monitoring.
• Experience of providing both internal and external security consultancy on a wide range of issues, offering expert advice across strategy, operations, risk, and compliance.
• Ability to respond to challenges and manage stakeholder expectations.
• Experience of research and innovation with the ability to advise on developments to security properties in technology and design.