DTos Security Manager
Job Description
Job Title: DToS Security Manager
Location: UK, Remote
Contract Type: Contract – Inside IR35
Contract End Date: 31/03/2026
Programme: Digital Transformation of Screening (DToS)
Role Overview:
We are seeking a proactive and experienced Security Manager to act as the lead security focal point for the Digital Transformation of Screening (DToS) programme and its associated Digital Products and Solutions. This is a critical role ensuring that security is embedded by design, risks are appropriately managed, and programme delivery aligns with evolving governance, privacy, and certification standards.
Key Responsibilities:
- Operate as the primary security lead for the DToS programme and digital products under its scope.
- Produce and present monthly security governance reports, Security Risk Registers, and Security Cases to the Security Working Group (SWG).
- Assess security and privacy risks, and identify, implement, and oversee mitigation controls, including contributions to Data Protection Impact Assessments (DPIAs).
- Ensure adherence to and assurance of HMG Secure-by-Design principles throughout the project lifecycle.
- Provide security input into control design activities, including DevSecOps processes, threat modelling, and design workshops.
- Scope, coordinate, and track remediation of penetration testing (ITHC) requirements.
- Manage and report security incidents related to the programme, coordinating appropriate responses.
- Deliver regular security awareness training tailored to the programme team.
- Continuously review and assess emerging vulnerabilities and threats, and coordinate remediation following vulnerability scans.
- Support alignment to future certification frameworks such as GovAssure, NCSC CAF, and ISO27001 by developing relevant security documentation (e.g., ISMS, SMP, policies).
Required Skills & Experience:
- Strong knowledge of security and privacy frameworks including NIST, ISO27001, ISO27701, NCSC, and Cabinet Office best practices.
- Proven experience delivering security management services across the full lifecycle: risk assessments, incident response, pen test management, governance reporting, and control design.
- Experience working within the UK Public Sector, ideally with exposure to the NHS/NHSE and application of HMG Secure-by-Design principles.
- Hands-on experience working in Agile and DevOps environments, including the use of tools such as Jira and Confluence.
Desirable Qualifications (optional):
- Certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor, or equivalent.
- Familiarity with NHS or healthcare-specific data protection requirements.
If you are interested in applying, please send your updated CV along with your day rate expectations to gday@leap29.com