Cyber Security Manager

Job summary

NS&I is one of the largest savings organisations in the UK with more than 24 million customers and over £240 billion invested. We are both a government department and an Executive Agency of the Chancellor of the Exchequer. Our origins can be traced back more than 150 years to 1861.

A small company with a big reach, we offer a range of benefits including flexible working, a 9-day fortnight scheme, a performance-related variable pay bonus, a generous pension scheme and great opportunities for development. We care for colleagues, respect one another, invest in our people and manage talent effectively.

We are currently working in a hybrid way with colleagues expected to work at their chosen office location for 40% of their working month.

The Cyber Security Manager position is a critical role within the NS&I Risk Directorate. The role supports the Senior Cyber Security Manager in providing assurance that our service providers are operating effective cyber security control environments. Cyber security is a scientific field, encompassing scientific principles and methodologies from multiple disciplines, including computer science, mathematics, engineering, and behavioural sciences.

The complexity of cyber security arises from the diverse and evolving nature of threats, technologies, regulations, and human factors involved. Addressing these complexities requires a holistic approach that combines technical expertise, strategic planning, organisational commitment, and continuous adaptation to emerging threats. The Cyber Security Manager is responsible for being the primary contact for NS&I’s service providers and providing NS&I with assurance that the service providers are managing the complexities and ensuring cyber security risks are mitigated to acceptable levels.

The Cyber Security Manager will be proficient in forging and sustaining trust-based relationships with Senior Management across NS&I and service providers/B2B clients that help to build a security focused culture between NS&I and providers and B2B customers.

Job description

See role profile for additional information

Person specification

Essential Experience

• Extensive experience of overseeing the performance of service providers and holding them to account for the delivery of critical cyber security services through governance forums.
• Demonstrable success in delivering written and oral presentations on cyber security and management risk to senior internal and external stakeholders.
• Substantial experience of assuring evidence against the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) and ISO27001.
• Proven experience of conducting cyber security risk assessments, developing cyber security risk mitigation plans linked to business objectives, and presenting to a senior management audience.
• Experience in developing cyber security performance metrics linked to business objectives to inform senior management of the performance of the cyber security control environment.
• Significant experience in responding to or managing security incidents/breaches, overseeing patching/vulnerabilities or hardening systems including detection, response, recovery, and post-incident analysis.
• Extensive experience of implementing security solutions surrounding cloud transformation, data management, data storage.
• Strong analytical skills, including the ability to review, challenge and utilise complex technical information to provide advice and guidance to senior management.

Essential Technical Skills

• Ability to analyse complex technical information in order to provide advice and guidance to senior management.
• Strong knowledge of IT architectures and methodologies, including cloud environments.
• Significant experience of understanding of security technologies, solutions, and systems such as:
  • Firewalls
  • Intruder Detection Systems (IDS) / Intruder Protection Systems (IPS)
  • Content Delivery Networks (CDN)
  • Advanced Endpoint Protection
  • Anti-Virus/Malware Solutions
  • Security Information and Event Management (SIEM)
  • Security Orchestration Automation and Response (SOAR)
  • Data Loss Prevention (DLP) tooling
  • Vulnerability Management Scanners
  • Public Key Infrastructure (PKI)
  • Symmetric and Asymmetric Cryptography
• Strong knowledge of cloud computing methodologies/concepts such as:
  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a service (SaaS)
  • Cloud Access Security Brokers (CASB)
  • Zero Trust Architecture Principles
  • Micro-segmentation

• Knowledge of key Identity and Access Management (IAM) concepts; lifecycle and governance, role-based access control (RBAC), attribute-based access control (ABAC), user provisioning including privileged access management (PAM), workflow and self-service management, password management, audit and compliance, single sign on)
• Strong understanding of security threats and threat modelling/response capabilities:
  • Threat modelling (OWASP Top 10, PASTA, STRIDE, MITRE)
  • Threat intelligence
  • Threat Hunting

Essential Qualifications

• Certified Information Security Manager (CISM) or Certified Information Systems Practitioner (CISSP)

Desirable knowledge, experience, and skills

• Experience in designing and assuring secure network architectures, application security, and enterprise security solutions.
• Experience in designing, managing, and optimising Security Operations Centre’s, including threat monitoring, detection, and response from an assurance perspective.
• Experience reviewing and overseeing penetration testing and vulnerability assessments and managing remediation processes from an assurance perspective.
• Experience in threat intelligence analysis and integrating threat intelligence into security operations and strategic planning.

Security clearance

Security Clearance (SC)

Qualifications

In order to be considered for this role you must confirm that you hold one of the following qualifications: Certified Information Security Manager (CISM) or Certified Information Systems Practitioner (CISSP).

If you do not hold one of these qualifications, we will not be able to progress your application to sift stage.

Behaviours

We'll assess you against these behaviours during the selection process:

• Changing and Improving
• Communicating and Influencing
• Managing a Quality Service
• Delivering at Pace

Benefits

Alongside your salary of £54,000, National Savings and Investments contributes £15,643 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Some benefits of working at NS&I include:

• Learning and development tailored to your role
• An environment with flexible hybrid working options
• 9-day fortnight scheme
• A culture encouraging inclusion and diversity
• A Civil Service pension with an average employer contribution of 28.97%
• Generous annual leave – starting at 25 days, increasing to 30 days
• Performance-related variable pay bonus
• Enhanced maternity, paternity, adoption and shared parental leave

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.

To apply, please click the link on this advert and follow the steps to complete the application form.

In your application you will be asked to provide the following

• Confirmation you hold one of the following essential qualifications - Certified Information Security Manager (CISM) or Certified Information Systems Practitioner (CISSP)
• An outline of your career history and qualifications with your key responsibilities and achievements.

We will assess applications on your career history and confirmation of essential qualification.

You will only qualify for the full sift and be considered for interview if you hold the essential qualification for this role.

If shortlisted, you will be invited to a one-hour panel interview, held at our Durham & London offices. Applicants should be prepared to travel to any of these locations if required. If you are unable to travel for a genuine reason, please let us know. We will consider whether the interviews can be carried out via video call.

As part of this interview you will be asked to make a 10 minute presentation aimed at demonstrating your Essential Experience.

Interviews will take place on W/C 16th February & W/C 23rd February 2026.

Following the first interview, it may be necessary to move to a 2nd stage of interviews, in order to establish a merit order, in the event that we have a strong field of candidates. If this is necessary, we will notify successful candidates from the 1st stage of interviews that a 2nd interview will be held. Once the 2nd interview dates have been determined, we will give a weeks' notice to candidates.

Note we are unable to accept CVs.

Right to Work

As part of our recruitment process NS&I will ask about your right to work status. Candidates must have the right to work in the UK and meet eligibility requirements to work within the UK Civil Service.

If applying for a role on a fixed-term contract, you must hold a valid visa that covers the full duration of the contract, or at a minimum, the majority of the term.

Please note we are currently unable to offer visa sponsorship, as a result candidates requiring sponsorship are not eligible to apply.

Security and Credit Checks

This role is subject to Baseline Personnel Security Standard and financial credit checks, and a Security Check.

Security Check

To undertake the full duties of this role, you must be able to achieve Security Check (SC) clearance in addition to Baseline Personnel Security Standard (BPSS) checks. You will not be able to start in post until SC clearance has been confirmed without any caveats.

You will not be able to start in post until SC Clearance has been fully granted without any caveats. For further information about the vetting process, please search UKSV on GOV.UK.

• Please note: As part of SC Clearance, you must meet the Minimum Residency Criteria (MRC) - lived continuously in the UK for the past five years, without any single period of absence exceeding six months. Unfortunately, we’re unable to make exceptions to this requirement.

Reserve List

A reserve list may be held for a period of 12 months from which further appointments can be made.

Working for NS&I

Any move to NS&I from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.

For NS&I employees: If you are applying for a role at the same NS&I band as you are currently and the advertised salary of the role is higher, if you are successful, any salary increase will be at the discretion of NS&I and will be reviewed as part of the next annual pay review, in accordance with the NS&I employee handbook.

For Existing Civil Servants: If you are transferring from another government department at the same grade, your current salary will generally be matched within reasonable parameters and subject to NS&I pay ranges. If you are transferring on promotion, you will be offered the starting salary at the bottom of the pay scale. If you are transferring on promotion and your existing salary is within the advertised range, you will be offered a maximum of a 10% uplift on your existing salary (up to the advertised maximum).

For External Candidates: If you are not currently employed within the civil service, you will be offered the starting salary at the bottom of the advertised pay range.

Regular Travel

This role may requiretravel to other sites, please be aware if you travel to a second location on average 4 days a month, you may be liable for P11D taxation. If you have any queries concerning this please contact the NS&I HR Team.

Further information

Please visit our website http://nsandi-corporate.com/about-nsi for further details about NS&I.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : jobs@nsandi.com
• Email : jobs@nsandi.com

Recruitment team

• Email : jobs@nsandi.com

Further information

The law requires for selection for appointment to the Civil Service is on merit on the basis for fair and open competition as outlined in the Civil Service recruitment principles. If you feel your application has not been treated in accordance with the recruitment principles and you wish to make a complaint, you should contact jobs@nsandi.com in the first instance. If you are not satisfied with the response you receive, you can contact the Civil Service Commission info@csc.gov.uk

Attachments

Role Profile -CSM Jan 26 Opens in new window (pdf, 1279kB)Benefits Leaflet - V2 updated 22-11-23 Opens in new window (pdf, 424kB)Pension candidate-pack V1 Opens in new window (pdf, 166kB)