Cyber Security Manager

We’re looking for a dynamic hands-on Cyber Security Manager to lead, strengthen and mature our operational cyber security capability across a complex, multi-supplier environment.

This is a technical leadership role for someone who enjoys staying close to the detail while also leading people, improving processes and driving change. You’ll take ownership of day-to-day security operations, incident response, vulnerability management and identity security, while managing a specialist team and key security suppliers.

Working closely with colleagues across technology, data, infrastructure, information governance and audit, you’ll help ensure the organisation is secure by design, resilient in practice and prepared for assurance, audit and regulatory scrutiny.

Please note, this is a 12 month fixed term contract.

What you’ll be doing.

• Operate security controls to defined Minimum Security Baselines and policies; meet SLA/SLOs for patching, vulnerability Mean Time To Remediate, identity hygiene and change success.
• Lead technical incident response (contain–eradicate–recover) and support ISIM with incident governance and reporting.
• Lead the technical Disaster Recovery posture for cyber incidents (runbooks, rehearsal/exercises, recovery validation), aligning with ISIM’s BCP/DR requirements.
• Maintain security tooling (EPP/EDR, firewalls, email/web filtering, SIEM inputs, identity protections, posture/ASR rules) and ensure robust monitoring/alerting.
• Own technical enforcement of Identity & Access Management (e.g., conditional access, privileged access hygiene, risky-user reduction), maintain IAM hygiene KPIs, and implement ISIM’s policy requirements in identity platforms.
• Provide and manage the technical control evidence for CE+ and PCI DSS, and deliver remediation of audit/assessment findings to agreed SLAs (Information Security & Integrity Manager owns the programme and audit responses).
• Provide operational evidence (metrics, logs, runbooks) into CAB and Business Management Unit assurance packs.
• Provide and manage technical control evidence for CE+ and PCI DSS and deliver remediation of audit/assessment findings to agreed SLAs; operate and harden in-scope controls (e.g., endpoint, identity, network, logging) in line with ISIM policy.
• Commission and technically coordinate penetration testing; own remediation.
• Manage a security engineering team and suppliers; build skills, SOPs and reusable patterns.
• Contribute technical content to awareness and training led by ISIM.

What’s essential.

• Proficiency with reporting and visualisation tools (e.g., Power BI, Excel, dashboarding platforms).
• Experience working in or alongside portfolio-led environments with multiple concurrent projects or product teams.
• Aligning to ISO 27001 in complex, multi-supplier environments.
• Leading technical incident response and remediation.
• Hybrid cloud security in Microsoft 365 / Azure.
•  Operating security controls at scale (firewalls, endpoint, identity, email/web, vulnerability/patch).
• Establishing policies, MSBs, risk registers, DPIAs, and supplier security.
• Commissioning pen tests and driving remediation.
• Managing technical teams and suppliers
•  Experience working with operational, service, delivery or technology-related data.
• Experience producing dashboards, reports or analytics for senior stakeholders.
• Experience supporting continuous improvement or lessons-learned processes.

For a full list of duties and essential criteria, please refer to the job description attached.

Location.

This role is based at 16 Summer Lane, Birmingham, B19 3SD, with 2/3 days per week spent in the office. You’ll participate in an out-of-hours/on-call rota for critical incident response, coordinating with the SOC/MSSP to support 24×7 escalation and containment.

How to apply. 

Applying for a role with WMCA is straightforward. Follow these steps to get started.

1. Create your Careers Account. Register with your name, email address, and a password.
2. Build your Profile. Upload your CV to help populate your career and education details.
3. Write your Supporting Statement. Make sure to address each of the required essential criteria.
4. Submit your application. Do one final check and once complete, click submit.

Anonymised Applications.

Your uploaded CV won’t be visible after submission. Our process is anonymised, and only the information in your profile is used for shortlisting. Be thorough in each section. It’s your chance to showcase your skills and experience.

Using Artificial Intelligence (AI) 

We cannot stop anyone from using AI to help write application content. Used right, it can be a great tool. If you choose to use AI, then use it as a helper rather than relying on it wholly to write your application.

Applications that rely too heavily on AI may be rejected during shortlisting. For help on how to write a supporting statement, please visit the FAQs section of our careers site.

Reasonable adjustments.

If you have an accessibility need, disability, or condition that means you might require changes to the application or recruitment process, please get in touch with our Recruitment Team (careers@wmca.org.uk).

Salary and benefits.

We advertise salary ranges, with new appointments typically starting at the lowest salary point. In exceptional cases, the salary point may be adjusted to secure the best candidate. This approach allows for potential year-on-year salary increases, offering progression and appropriate rewards to employees. Requests for salaries above the maximum advertised range will not be considered.

We offer a comprehensive benefits package that includes:

• Local Government Pension Scheme (one of the most generous pension schemes in the UK).
• Shared Cost Additional Voluntary Contribution scheme where you can build an additional pot of money alongside your pension with contributions exempt from Income Tax and National Insurance contributions (NICs). 
• 28 days paid annual leave (with an option to purchase more) + Statutory days. 
• EV car benefit scheme
• Healthcare plans.
• Discounted gym membership, will writing, and mortgage advice.
• An option to buy a bicycle, including e-bikes and adapted pedal cycles, at a discounted rate.
• 3 days of paid leave each year to volunteer.
• Interest-free financing through SmartTech to buy the latest technology
• Discounted shopping with over 2,000 big-name retailers, and more. You can now also obtain a Costco membership through the WMCA.   
• Boundless unlocks unlimited entry to top-rated UK attractions and loads of extra benefits and discounts.
• Eye Care Scheme, offering a free eye test and a financial contribution towards your glasses. 

For more information, please visit the benefits page on our career site.

Why join WMCA?

WMCA is laser-focused on improving the West Midlands, bringing economic growth, jobs, homes, and better journeys to the region. We target local needs where it matters most, ensuring everyone has a job that pays well and has access to safe and affordable places they can call home.

We put people and place at the heart of everything we do, working hand in hand with our partners to direct funding where it's needed most. What you do, really matters. Your expertise will help make a big difference, improving people's lives, every day.

Our Values and Behaviours. 

Fostering an environment where people feel valued, included, supported, and proud to contribute to our region is important to us at the WMCA. Our behaviours are more than statements; they guide how we work, make decisions, and treat one another - they set the standards we hold ourselves to and the experience we want others to have.

• Collaborative - We work as one organisation, building trust, connection and shared purpose across teams, partners and customers to create the biggest impact for our region.
• Driven - Focussed on impact - leading with clarity, care and courage to deliver meaningful results for the West Midlands. 
• Inclusive - Every voice matters - we create belonging, fairness and psychological safety so everyone can thrive. 
• Innovative - We think future and act smarter - embracing curiosity, creativity and continuous improvement to shape the future. 

Creating an inclusive workplace.

WMCA holds diversity accreditations, such as the RACE Code Quality Mark, Armed Forces Covenant (Gold status) and has been recognised as one of the Inclusive Top 50 Employers and The Times Top 50 Employers for Women. We’re a Disability Confident Employer with ‘Leader’ status, committed to interviewing applicants with disabilities who meet all the essential role criteria.

We are also proud to be a Ban the Box employer, which means we do not ask about criminal convictions at the initial application stage, and will only ask after an offer is made as part of our onboarding checks, which helps us remove barriers for people with past convictions and supporting fair opportunities for all.

We recognise that certain groups, such as women and people of colour, may be less likely to apply for roles if they feel they do not meet all the requirements. However, we encourage individuals who are passionate about the role and want to make a difference to still apply. We value potential and encourage applicants to highlight their skills, including transferable ones, even if they don't fit the traditional "perfect candidate" mould.

We gladly consider part-time, flexible, and job share arrangements, so please don't let these factors deter you from applying

Right to Work in the UK

Proof of Right to Work in the UK will be required for all applicants in accordance with UK Home Office requirements, before any employment offer can be confirmed.

Non-UK applicants (excluding Ireland) would be required to hold a relevant Visa from the UK Visas and Immigration (UKVI).