Senior Cyber Threat & Vulnerability Governance Manager

Design, develop, and maintain a comprehensive internal and external threat framework covering cyber, physical, supplier, and emerging threats

• Manage a repeatable methodology for identifying, assessing, prioritising, and tracking threats across the organisation
• Integrate intelligence from internal telemetry, SOC outputs, CTI, red/purple teaming, suppliers, and industry sources into the threat framework
• Ensure the framework aligns with relevant standards (e.g., MITRE ATT&CK ATLAS, NIST 800-53/800-30, ISO 27005)
• Drive continuous improvement by refining threat models based on real incidents, trend analysis, and threat landscape shifts
• Design and define and implement governance processes for vulnerability management across all hardware, software, cloud, and operational technology assets
• Analyze scan results, prioritize vulnerabilities based on threat context and business impact, and track remediation progress
• Design and develop clear accountability models (RACI) across Security, IT Operations, Engineering, and Product teams
• Own and lead governance forums to monitor vulnerability status, risk posture, and remediation performance
• Maintain a scalable, intelligence led triage process to assess new vulnerabilities (CVEs, zero days, vendor advisories, threat intel alerts). Introduce prioritisation logic based on factors such as: exploitability, asset criticality, exposure (internal vs external), compensating controls and business impact
• Lead identification and assessment of risks associated with frontier AI technologies (e.g. large language models, autonomous agents, multimodal systems), ensuring emerging threat scenarios such as prompt injection, model exploitation, data leakage, and AI-enabled cyber attacks are proactively understood and documented.

Do you have experience in SIEM?, A minimum of 8 years of experience in cybersecurity, threat analysis, or intelligence operations

• Strong understanding of regulatory compliance (e.g. FCA/PRA rules)
• Strong understanding of threat actor behaviors, MITRE ATT&CK & D3FEND frameworks, and threat intelligence platforms
• Knowledge of Windows, Linux, Active Directory, and cloud environments (Azure, AWS)
• Strong knowledge of vulnerability scanning tools, threat analysis methodologies, and remediation processes
• Knowledge of AI-specific attack vectors and experience with secure AI lifecycle practices.
• Recognised industry qualification e.g. CISSP, CISMP, CCSP, CISM
• Experience with OSINT tools, and reporting for both technical and executive audiences is highly desirable.
• Excellent analytical and problem-solving skills.
• Strong stakeholder management skills and the ability to work within cross-functional teams and influence remediation priorities
• Proven experience in proactive threat hunting within SIEM platforms and enterprise environments, leveraging advanced analytics and detection methodologies to identify and mitigate potential security threats before they escalate

We will make sure that you are well-rewarded by providing you with a competitive salary, discretionary annual bonus, and a wide range of benefits, including generous holiday allowance, attractive pension scheme, healthcare, life assurance, and a number of colleague discounts!

• We will give you the training to ensure you succeed in your role and plenty of internal opportunities to progress your career (around 40% of our recruitment comes from internal promotions!