Cyber Security Lead

About the role

Harrington Starr is expanding the security function of a global financial‑technology business. The Cyber Security Lead will provide both technical and strategic direction, strengthening the organisation’s security posture across on‑premise and cloud environments.

Key responsibilities

• Operate and maintain security and vulnerability management platforms, including SIEM and MDR solutions.
• Liaise with external Security Operations Centres and manage on‑call incident response.
• Document and remediate security incidents in line with governance processes.
• Monitor emerging threats, including AI‑based risks, and drive mitigation actions.
• Govern the use of third‑party software and AI technologies.
• Support patching for Linux, Windows and networked systems.
• Audit and remediate security controls such as firewall rules, O365 and MDM.
• Lead internal and external penetration testing programmes.
• Collaborate with development teams to embed secure software design.
• Assess environments against CIS benchmarks and internal standards.
• Maintain ISO 27001 certification, own the ISMS, and drive audits and remediation.
• Support DORA compliance, including ICT risk management and third‑party assessments.
• Deliver security awareness training and run phishing simulations.

Required profile

• 5+ years of hands‑on experience in a technical security role.
• Broad understanding of cloud security, network security, penetration testing and incident response.
• Proven stakeholder management with both technical and non‑technical audiences.
• Experience with regulatory frameworks such as ISO 27001, NIST and DORA (preferred).
• Relevant certifications (e.g., CISSP, OSCP, SANS) are highly desirable.

Required skills

• Security and vulnerability management platforms (SIEM, MDR)
• Incident management and documentation
• AI‑based risk monitoring
• Third‑party software governance
• Patch management for Linux, Windows and network devices
• Firewall rule auditing
• O365 and MDM security controls
• Penetration testing (internal and external)
• Secure software design
• CIS benchmark assessments
• ISO 27001 certification management
• DORA compliance and ICT risk management
• Phishing simulation and security awareness training
• Cloud security and network security