Role

The Money and Pensions Service (MaPS) is looking for a Cyber Security Lead to join the team supporting the Pensions Dashboard Programme (PDP). This is a pivotal leadership role overseeing the full security lifecycle — from architecture and policy development to operational resilience and incident response — across complex hybrid environments with a strong emphasis on cloud security (AWS and Azure). The role includes oversight of third-party security providers and suppliers to ensure outsourced services meet contractual, technical, and regulatory expectations while delivering value for public money. The Cyber Security Lead reports to the Head of Information Security and safeguards the integrity and resilience of the PDP within MaPS.

Responsibilities

• Working in close partnership with third-party security and service providers to ensure systems and networks are proactively monitored, security events detected and triaged, and incidents responded to based on severity and business impact.
• Leading the design, assurance, and continuous improvement of security systems and tooling, ensuring alignment with national cyber standards and best practices (e.g. NCSC, ISO 27001, NIST).
• Collaborating with architects, risk owners, and delivery teams to embed secure design principles and ensure the security operations centre (SOC) is equipped to handle emerging threats effectively.
• Lead security assurance activities including penetration tests, technical risk assessments, assurance reviews, and third-party security evaluations to ensure alignment with internal and external standards.
• Chairing PDP security governance and technical authority forums to ensure pension providers and schemes connect to the ecosystem in a secure and compliant manner.
• Representing security within change boards and design authorities and ensuring that security non-functional requirements (NFRs) are clearly defined, prioritised, and tracked within product and service delivery.
• Maintaining compliance with national cybersecurity standards, regulatory expectations, and internal frameworks by authoring, updating, and enforcing the PDP Code of Connection (CoCo) security requirements, ensuring all participants meet defined security criteria before connecting to the ecosystem.

Skills & Experience

• Knowledge of supporting the design or implementation of secure systems and applying patterns and principles to design and review system architectures.
• Experience of defining secure architecture principles and applying them to on-premises and cloud-based systems, particularly AWS and Azure.
• Knowledge of embedding security requirements throughout the solution lifecycle from design to deployment.
• Strong understanding of leading operational security functions, including SOC operations, threat intelligence, and vulnerability management.
• Experience managing the incident response lifecycle including triage, containment, investigation, remediation, and post-incident reviews.
• Ability to establish and improve incident response playbooks and escalation processes for cyber threats and regulatory reporting.
• Experience providing strategic cyber risk oversight and informing proportionate decisions with risk owners.
• Planning, scoping, and reviewing security assurance activities including penetration tests, IT health checks, and vulnerability assessments.
• Ability to interpret technical findings and prioritise remediation actions through to resolution.
• Experience maintaining a technical risk register and developing compensating controls where residual risks exceed tolerance.
• Experience supporting risk-based decisions with risk owners and providing feedback.
• Knowledge of chairing security authority and governance forums and contributing to cross-government cybersecurity initiatives.
• Experience influencing security decisions within digital transformation and change programmes, ensuring services are secure by design.
• Embedding security into agile and DevSecOps processes by feeding non-functional requirements (NFRs) into delivery backlogs.
• Ability to work with architecture, product, engineering, and delivery teams to shape secure digital services.
• Experience managing third-party and outsourced security providers to ensure alignment with contractual, regulatory, and technical expectations.
• Experience conducting supplier assurance, onboarding assessments, ongoing security reviews, audits, and compliance monitoring.
• Experience providing internal and external security consultancy on strategy, operations, risk, and compliance.
• Ability to respond to challenges and manage stakeholder expectations.
• Experience in research and innovation with advice on developments to security properties in technology and design.

Note: There will be frequent travel to London.