Cyber Security Lead at IBCA, Glasgow/Remote, 6 Months, £Contract Rate

As a Cyber Security Lead, your main responsibilities will be:

• Act as the primary security design authority for the compensation services architecture.
• Collaborate with Solution Architects and Developers to implement Secure by Design principles at the code and infrastructure level, ensuring robust identity management (e.g., MFA, RBAC), data encryption at rest and in transit, and secure API integrations across the digital service.
• Lead the integration of security into the Software Development Lifecycle (SDLC) by implementing and overseeing DevSecOps practices. This includes managing automated security testing tools—such as Static and Dynamic Application Security Testing (SAST/DAST) and Software Composition Analysis (SCA)—to identify and remediate code vulnerabilities and insecure dependencies in real-time.
• Identify, assess, and mitigate security risks related to the compensation process, including handling of sensitive claimant data, ensuring compliance with data protection laws (e.g., GDPR), and managing digital security threats.
• Ensure that all security practices, policies, and systems are fully compliant with relevant regulations, including the Data Protection Act, GDPR, and UK government security standards such as CAF and Secure by Design.
• Develop, review, maintain and advise on comprehensive cyber security policies and practices (including governance), related to the compensation scheme in alignment with UK government standards and best practices.

Essential:

• Strong understanding of secure development frameworks (such as the OWASP Top 10 or SANS Top 25) and the ability to apply them within a cloud-native environment.
• Practical experience in implementing and managing automated security tools within a CI/CD pipeline.
• Proven experience of conducting security assurance activities, including providing security assurance for suppliers, ensuring compliance with relevant security regulations and standards and implementing comprehensive security policies and procedures to align with UK government standards and best practice.
• Ability to support the development and delivery of security awareness training programs and experience of promoting a security first culture in the workplace.