Cyber Security Manager

TL;DR

Cyber Security Manager: Establishing and operating a robust Information Security Management System (ISMS), embedding best practices across an evolving BusDevSecOps culture, and providing expert guidance on secure architecture, fraud prevention, and emerging governance frameworks. Focus on navigating a complex multi-supplier ecosystem, leading the security agenda, and advising stakeholders at all levels, including the C-suite.

Location: Based in Nottingham or Solihull, with industry-leading hybrid and family-friendly policies.

Company

hirify.global is a privately owned international energy company with 75,000 colleagues in 15 countries, focusing on energy networks, renewable energies, and customer solutions.

What you will do

• Own cyber security, IT risk, and controls for nBS, ensuring effective governance, risk management, and audit readiness.
• Lead threat and risk assessments to ISO 27005, producing consolidated risk reports and managing remediation plans.
• Develop, implement, and mature the ISMS aligned to ISO 27001, Smart Energy Code (SEC), and emerging standards including ISO 42001 (AI Management).
• Promote cyber risk awareness across nBS and act as a trusted adviser on strategies, controls, and architectural patterns.
• Drive compliance and certification across key regulations and standards, including PCI DSS, GDPR, and the Cyber Assurance Framework.
• Be the security cornerstone in product and DevSecOps transition, guiding secure architecture and integrating controls throughout the SDLC.
• Manage third-party security posture across the multi-supplier ecosystem, covering onboarding, contractual controls, auditing, and ongoing reviews.
• Own legislation and compliance engagement for PCI DSS, DPA/GDPR, SEC, REC, CRA/CAF, and related UK initiatives.

Requirements

• Proven track record of taking companies through audits and certifications (e.g., SEC/REC, Cyber Essentials, SOC 2 Type II, PCI DSS, ISO 27001).
• Strong understanding of the UK energy sector’s regulatory landscape, particularly Smart Energy Code (SEC) and Retail Energy Code (REC), with at least 5 years’ experience in Smart.
• Credibility and presence at senior level, with confidence to engage and influence the C-suite.
• Experience operating in a complex, multi-supplier environment.
• Hands-on ISMS expertise, establishing, operating, and maturing an ISMS aligned to ISO 27001.
• Strong technical acumen, including secure architecture design and practical security guidance within DevSecOps or Agile settings.
• Significant experience in IT risk management, conducting assessments (e.g., ISO 27005) and managing risks end-to-end.
• Demonstrated subject matter expertise in at least two of: ISO 27001, ISO 42001, Data Protection Act / GDPR, SOC 2 Type II.

Nice to have

• Certifications: CISSP, CISM, ISO 27001 Lead Auditor or Lead Implementer.
• Experience building ways of working in a DevSecOps environment (tooling, pipelines, IaC guardrails, policy-as-code).
• Understanding of legal frameworks relevant to data protection, cyber resilience, and operational compliance in energy markets.

Culture & Benefits

• Award-Winning Workplace, named a Sunday Times Best Place to Work 2025.
• Outstanding Benefits: 26 days of annual leave plus bank holidays, generous pension, life cover, bonus opportunities, and access to 20 flexible benefits.
• Flexible & Family-Friendly: Industry-leading hybrid and family-friendly policies with flexibility discussions.
• Inclusive & Diverse: Only energy company in the Inclusive Top 50 UK Employers, winners of Best Employer for Women and Human Company of the Year.
• Support at Every Stage of Life: Fertility Friendly and Menopause Friendly accredited.
• Accessible & Supportive: Disability Confident Employer, guaranteeing interviews for disabled applicants who meet minimum criteria.
• Invested in Your Growth: Inclusive talent networks and top-tier development programmes.