SURREY IT LIMITED
IT Security Manager

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Must be able to obtain SC Clearance
Responsible For
We are seeking an experienced, hands-on IT Security Manager to lead a small in-house team responsible for strengthening and maintaining the organisation’s cyber security posture across all IT systems, services and infrastructure. You will manage the implementation of security controls, ensure compliance with industry and governance standards and best practice, oversee risk management activities, and support the secure operation of cloud, network and application environments.
This role is well suited to a seasoned IT Security Engineer with strong practical experience who is ready to progress into a managerial position.
Key Purpose of Job
To act as a trusted advisor to IT leadership and technical teams, providing strategic direction, technical expertise and operational oversight to protect the organisation’s data, systems and users. The role combines technical leadership with day-to-day operational management, covering all aspects of IT security. It also requires driving continuous improvement through regular risk assessments and proactive mitigation activities.
Key Tasks
- Lead, mentor, and support a small cybersecurity and infrastructure security team, fostering a collaborative and high-performing environment.
- Assist with the creation, management, and tracking of the IT security budget, ensuring effective prioritisation of security investments and resources.
- Provide practical technical leadership and remain hands-on in operational security activities where required.
- Develop team capability through coaching, knowledge sharing, training, and process improvement initiatives.
- Develop, maintain, and execute the organisation’s IT security strategy, policies, and standards.
- Help establish and mature team procedures, standards, documentation, and operational best practices.
- Act as a senior escalation point for complex security and infrastructure security issues.
- Ensure alignment with frameworks such as ISO 27001, NIST, CIS Controls, and relevant regulatory requirements (e.g., GDPR), as well as shareholder directives.
- Advise senior stakeholders on cyber threats, emerging risks, and security investment priorities.
- Oversee day-to-day security operations including monitoring, threat response, vulnerability management, and incident handling.
- Ensure the organisation’s SIEM, EDR, firewalls and other security tools are well-configured and maintained.
- Work closely with infrastructure, engineering, and operational teams to embed security best practices into technical solutions and processes.
- Manage relationships with managed security service providers and other security vendors.
- Ensure secure configuration and monitoring of cloud platforms (Azure, AWS) and hybrid infrastructure.
- Review and approve changes to networks, systems and architecture from a security perspective.
- Promote secure development practices across software engineering teams.
- Oversee vulnerability remediation and work closely with developers to resolve identified risks.
- Conduct regular risk assessments and ensure appropriate risk treatment plans are in place.
- Maintain relationships and good working practices with the wider Protective Security team.
- Manage relationships with business teams to understand their workflows and identify areas where security can be embedded. Create and implement security protocols and guidelines tailored to their business processes.
- Ensure all projects identify and address security requirements and follow Secure by Design principles.
- Oversee cyber security audits, compliance initiatives and certification efforts.
- Maintain security documentation, registers and evidence repositories for audit readiness.
- Lead the response to cyber incidents and coordinate with technical teams to contain and remediate threats.
- Ensure good threat intelligence sources for the latest security threats and mitigation strategies.
- Maintain and continuously improve incident response playbooks, disaster recovery plans and continuity strategies.
- Deliver lessons-learned reviews and drive improvements to prevent recurrence.
- Deliver security awareness training and foster a strong security culture across the organisation.
- Provide security guidance to IT teams, project managers and senior leadership team.
- Communicate technical risks in clear, business-friendly language.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Qualifications


Get help with your application
Your very own career expert that helps elevate your application to the next level.
PERSON SPECIFICATION (essential requirements)
- Degree in Computing or equivalent.
- CISSP, CISM, CCSP, CRISC, CEH, or similar (desirable).
- Cloud security certifications such as AZ-500 or AWS Security Specialty (desirable).
Experience
- Proven experience in an IT security leadership or management role.
- Strong background in cyber security operations, cloud security and enterprise IT systems.
- Hands-on experience with security tools such as SIEM (Splunk), EDR, vulnerability scanners and cloud security platforms.
- Experience with ISO 27001 compliance
- Experience in Risk Management
Knowledge & Skills
- Cloud security (Azure/AWS).
- Identity & access management, MFA, RBAC, PAM.
- Network and endpoint security.
- Threat detection, incident response and vulnerability management.
- Secure development and DevSecOps principles.
- Knowledge of Splunk ES would be an advantage
- Strong communication and stakeholder management abilities.
- Ability to work collaboratively with both technical and non-technical teams.
- Analytical thinking and a pragmatic approach to balancing risk with business needs.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills