Job Title: DToS Security Manager

Location: UK, Remote
Contract Type: Contract – Inside IR35        
Contract End Date: 31/03/2026
Programme: Digital Transformation of Screening (DToS)

Role Overview:

We are seeking a proactive and experienced Security Manager to act as the lead security focal point for the Digital Transformation of Screening (DToS) programme and its associated Digital Products and Solutions. This is a critical role ensuring that security is embedded by design, risks are appropriately managed, and programme delivery aligns with evolving governance, privacy, and certification standards.

Key Responsibilities:

• Operate as the primary security lead for the DToS programme and digital products under its scope.
• Produce and present monthly security governance reports, Security Risk Registers, and Security Cases to the Security Working Group (SWG).
• Assess security and privacy risks, and identify, implement, and oversee mitigation controls, including contributions to Data Protection Impact Assessments (DPIAs).
• Ensure adherence to and assurance of HMG Secure-by-Design principles throughout the project lifecycle.
• Provide security input into control design activities, including DevSecOps processes, threat modelling, and design workshops.
• Scope, coordinate, and track remediation of penetration testing (ITHC) requirements.
• Manage and report security incidents related to the programme, coordinating appropriate responses.
• Deliver regular security awareness training tailored to the programme team.
• Continuously review and assess emerging vulnerabilities and threats, and coordinate remediation following vulnerability scans.
• Support alignment to future certification frameworks such as GovAssure, NCSC CAF, and ISO27001 by developing relevant security documentation (e.g., ISMS, SMP, policies).

Required Skills & Experience:

• Strong knowledge of security and privacy frameworks including NIST, ISO27001, ISO27701, NCSC, and Cabinet Office best practices.
• Proven experience delivering security management services across the full lifecycle: risk assessments, incident response, pen test management, governance reporting, and control design.
• Experience working within the UK Public Sector, ideally with exposure to the NHS/NHSE and application of HMG Secure-by-Design principles.
• Hands-on experience working in Agile and DevOps environments, including the use of tools such as Jira and Confluence.

Desirable Qualifications (optional):

• Certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor, or equivalent.
• Familiarity with NHS or healthcare-specific data protection requirements.

If you are interested in applying, please send your updated CV along with your day rate expectations to gday@leap29.com