Davies
Information Security Technical Lead

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Information Security Technical Lead
Application Deadline: 10 July 2026 Department: IT Employment Type: Permanent – Full Time Location: London, UK Reporting To: Hussain Anjum
About the Role
The Information Security Tech Lead is responsible for owning and driving the end-to-end information security programme across Asta & its client base. This technical leadership role involves taking authority over PAM, EDR, SIEM, DLP, identity governance, vulnerability management, and regulatory compliance.
The successful candidate will:
- Strengthen Asta’s security posture through hands-on security engineering, continuous monitoring, and operational resilience
- Lead decisions during security incidents, including prioritising alerts, coordinating containment actions, and recommending remediation strategies
- Foster collaboration across development teams, infrastructure teams, compliance, and clients
- Drive security automation, threat detection, incident response, and risk reduction across the enterprise platform stack
Key Responsibilities
Security Leadership & Team Management
- Lead a team of engineers, setting strategic direction, workload management, and capability growth
- Act as the primary security escalation point for the Infrastructure function
- Own the InfoSec roadmap and align it with Asta’s IT transformation programme
Infrastructure Security Engineering & Hardening
- Implement and maintain security controls across infrastructure & systems
- Apply best practices for:
- IAM (Identity & Access Management)
- PIM (Privileged Identity Management)
- PAM (Privileged Access Management)
- Network security
- Encryption, hardening tools (e.g. Ping Castle and Semperis Lightning)
- Collaborate on automated security scans, policy enforcement, and dependency checks in pipelines
Security Monitoring & Incident Response
- Monitor security alerts from multiple sources, including:
- SIEM platforms
- EDR (Endpoint Detection & Response)
- Firewalls
- IDS/IPS (Intrusion Detection & Prevention Systems)
- Triage, prioritise, and investigate incidents using:
- Log analysis
- Packet captures
- Forensic techniques
- Lead containment, eradication, and recovery efforts during incidents
- Maintain integrated alerting with SOAR/SIEM platforms
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Security Strategy & Programme Delivery
- Define and drive end-to-end security programmes covering:
- PAM, EDR, NDR (Network Detection & Response)
- SIEM
- Penetration testing
- DLP (Data Loss Prevention)
- Compliance requirements
- Translate regulatory obligations into actionable technical controls (e.g., FCA/PRA, Lloyd’s Principle 12, CBEST, ISO 27001, Cyber Essentials)
- Produce metrics and reports for executive leadership (e.g., security posture, incidents, cybersecurity maturity)
Client Security Services
- Provide security advisory and managed security services to 20+ clients, including:
- Carbon Underwriting
- Dale Underwriting Partners
- Beat Capital
- Conduct client security reviews, Secure Score assessments, Semperis/Entra evaluations, and PAM deployment planning
- Serve as the critical escalation point for client-facing incidents and assurance requests
Threat Intelligence & Detection
- Stay current with emerging threats, vulnerabilities, attack techniques, and security trends
- Apply threat intelligence to refine detection capabilities
- Contribute to proactive threat hunting and monitoring
Compliance & Documentation
- Support audits and certification for:
- ISO 27001
- NIST
- SOC2
- Lloyd’s Principle 12
- Maintain:
- Incident reports
- Foreign procedure manuals (runbooks)
- Standards and security documentation
- Coordinate Cyber Essentials certification and vendor compliance
Operational Resilience & Disaster Recovery (DR)
- Support business continuity planning, including scenario testing and disaster recovery exercises
- Analyze post-incident reviews for lessons learned
Phishing Campaign Management
- Design, implement, and manage simulated phishing campaigns to assess staff awareness of social engineering
- Analyze phishing results and identify training needs
- Track phishing resilience metrics and user security awareness trends
Requirements & Skills
Experience & Expertise
- 7+ years of hands-on experience in cybersecurity, with 3–4 years in a lead, management, or principal role
- Experience in:
- Security engineering
- SOC operations
- Incident response
- Regulated industries (e.g., financial services)
- Demonstrated capability to lead and develop a security team
- Confident communicator with the ability to:
- Translate complex security risks into business‐aligned strategies
- Present to C-suite and board-level executives


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Technical & Functional Knowledge
- Strong proficiency in cybersecurity principles, including:
- Attack vectors with Mitre framework expertise
- Defence strategies aligned with OWASP Top 10
- Hands-on experience with:
- Cloud security (Azure/AWS)
- IAM, secrets management, encryption
- Certificate management
- Microsoft 365 Security Suite, including:
- Microsoft Defender
- Azure AD Identity Protection
- **AD hardening tools (e.g., Ping Castle and Semperis Lightning)
- Experience with SIEM platforms such as:
- Splunk
- CrowdStrike (Falcon)
- Microsoft Sentinel
- LogRhythm
- Familiarity with tools such as:
- Varonis
- Tenable
- Pentera
- External and internal SOC processes
Job Benefits
Asta offers a market-leading benefits package designed to support growth, well-being, and work-life balance. Key benefits include:
Work-Life Balance
✔ 35-hour workweek, with options for hybrid and flexible working ✔ Generous holiday allowance increasing with tenure ✔ Enhanced family support policies
Health & Wellbeing
- Private medical insurance, including virtual GP access
- Regular annual health screenings, dental coverage and eye care
- Subsidised gym or sports club membership
- Mental health support programmes
Career & Financial Growth
✔ Competitive pension (up to 13% employer contribution) ✔ Income protection and life assurance ✔ Discretionary annual bonus scheme ✔ Salary sacrifice schemes for sports & lifestyle benefits
✔ Interest-free season ticket loan
Asta fosters a supportive, inclusive workplace where ambition is matched with opportunity—you’re encouraged to rise.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills