DTos Security Manager

Europe, Europe
28-05-2025
Job Type
Permanent
Emp Type
Full Time
Industry
IT
Functional Expertise
Any
Salary Type
Annual
Salary
Negotiable

Job Description

Job Title: DToS Security Manager

Location: UK, Remote
Contract Type: Contract – Inside IR35        
Contract End Date: 31/03/2026
Programme: Digital Transformation of Screening (DToS)

 

Role Overview:

We are seeking a proactive and experienced Security Manager to act as the lead security focal point for the Digital Transformation of Screening (DToS) programme and its associated Digital Products and Solutions. This is a critical role ensuring that security is embedded by design, risks are appropriately managed, and programme delivery aligns with evolving governance, privacy, and certification standards.

 

Key Responsibilities:

  • Operate as the primary security lead for the DToS programme and digital products under its scope.
  • Produce and present monthly security governance reports, Security Risk Registers, and Security Cases to the Security Working Group (SWG).
  • Assess security and privacy risks, and identify, implement, and oversee mitigation controls, including contributions to Data Protection Impact Assessments (DPIAs).
  • Ensure adherence to and assurance of HMG Secure-by-Design principles throughout the project lifecycle.
  • Provide security input into control design activities, including DevSecOps processes, threat modelling, and design workshops.
  • Scope, coordinate, and track remediation of penetration testing (ITHC) requirements.
  • Manage and report security incidents related to the programme, coordinating appropriate responses.
  • Deliver regular security awareness training tailored to the programme team.
  • Continuously review and assess emerging vulnerabilities and threats, and coordinate remediation following vulnerability scans.
  • Support alignment to future certification frameworks such as GovAssure, NCSC CAF, and ISO27001 by developing relevant security documentation (e.g., ISMS, SMP, policies).

 

Required Skills & Experience:

  • Strong knowledge of security and privacy frameworks including NIST, ISO27001, ISO27701, NCSC, and Cabinet Office best practices.
  • Proven experience delivering security management services across the full lifecycle: risk assessments, incident response, pen test management, governance reporting, and control design.
  • Experience working within the UK Public Sector, ideally with exposure to the NHS/NHSE and application of HMG Secure-by-Design principles.
  • Hands-on experience working in Agile and DevOps environments, including the use of tools such as Jira and Confluence.

 

Desirable Qualifications (optional):

  • Certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor, or equivalent.
  • Familiarity with NHS or healthcare-specific data protection requirements.

 

If you are interested in applying, please send your updated CV along with your day rate expectations to gday@leap29.com

 

Consultant

Georgina Day