Cyber Security Programme Manager

£950 per day | Inside IR35 | 12-month contract
London (Hybrid)
Insurance sector - Insurance experience is essential

We're looking for a seasoned Cyber Security Programme Manager to lead and deliver complex, high-impact security programmes for a major insurance client. This role sits at the heart of enterprise cyber transformation, driving resilience, regulatory compliance, and risk reduction across a large, regulated environment.

You'll be accountable for shaping strategy into executable programmes, coordinating multiple workstreams, and ensuring cyber initiatives land on time, on budget, and with real business impact.

• Lead end-to-end delivery of large-scale cyber security programmes across multiple domains

• Own programme governance, planning, RAID, financials, and executive reporting

• Translate cyber risk into clear business outcomes for senior stakeholders

• Coordinate delivery across internal teams, third parties, and system integrators

• Ensure alignment with insurance regulatory requirements (eg FCA, PRA, GDPR, ISO)

• Drive delivery of security initiatives across Legacy and cloud environments

• Manage dependencies across IT, Security, Risk, Legal, and the wider business

• Embed security-by-design into enterprise change initiatives

• Proven experience as a Cyber Security Programme Manager in large, complex organisations

• Strong insurance sector experience - mandatory

• Track record delivering multi-million-pound cyber or technology transformation programmes

• Deep understanding of cyber risk, security controls, and regulatory drivers in financial services

• Comfortable operating at C-suite and Board level

• Excellent governance, communication, and stakeholder management skills

Security Domains

• Identity & Access Management (IAM, PAM)

• Cloud Security (AWS, Azure, GCP)

• Security Operations (SOC, SIEM, SOAR)

• Vulnerability Management & Threat Intelligence

• Data Security & Privacy

• Network & Infrastructure Security

• Endpoint & Mobile Security

• Third-Party/Supply Chain Risk

• Incident Response & Cyber Resilience

Tools & Technologies (typical exposure)

• IAM: SailPoint, Okta, Azure AD, CyberArk

• SIEM/SOC: Splunk, Sentinel, QRadar

• Cloud: AWS, Azure security tooling, CSPM solutions

• Endpoint: CrowdStrike, Defender, Carbon Black

• Vulnerability: Tenable, Qualys, Rapid7

• GRC: ServiceNow GRC, Archer

• DevSecOps & CI/CD security tooling

• Zero Trust architectures

Eames Consulting is acting as an Employment Business in relation to this vacancy.