Overview
IT Security Manager – Sheffield, United Kingdom. Role responsible for establishing, implementing, and managing the security landscape across the organisation's global IT environment, ensuring protection of infrastructure, cloud platforms, workplace technologies, and enterprise systems while enabling secure, efficient operations.
Purpose of the role
The IT Security Manager ensures compliance with internal policies, audit requirements, and external regulatory standards, embedding security best practices across all technology domains. The role oversees day-to-day security operations, identifies and mitigates cyber risks, and leads incident response to ensure rapid and effective threat resolution. It drives security awareness across the organisation and is accountable for key security technologies and capabilities including firewalls, endpoint protection, vulnerability management, SIEM operations, email and proxy security, and related monitoring tools. Works closely with internal teams and external partners to maintain a robust security posture and support long-term resilience of the business.
Key Tasks & Responsibilities
- Own and govern the organisation's security controls across global systems, networks, endpoints and cloud services, ensuring a robust and resilient security posture.
- Lead all IT security operations, including real-time monitoring, threat detection, vulnerability management, and remediation activities to safeguard Leviat's global technology landscape.
- Build, lead, and develop a high-performing IT Security team, providing strategic direction across cloud, data-centre and infrastructure environments to ensure alignment with business priorities.
- Oversee and enhance network and network-security capabilities, including firewalls, SD-WAN, LAN, and associated technologies, ensuring secure, scalable, high-performance connectivity.
- Manage the full lifecycle of key security tools and services, including vulnerability management platforms, EDR, proxy services, SIEM operations, email security, cloud-security tooling and security incident workflows.
- Design, implement, and continuously improve security protocols, standards, and procedures, ensuring consistent adoption across all technology domains.
- Partner with SOC teams and Managed Security Service Providers (MSSPs) to manage security operations, escalate critical issues, and ensure high-quality service delivery from external suppliers.
- Embed security architecture and risk assessments into all major IT programmes, projects, and technology decisions to ensure secure-by-design outcomes.
- Lead and champion organisation-wide security awareness and onboarding programmes, ensuring employees understand their responsibilities and contribute to a strong security culture.
Key stakeholders
Internal:
- Business key users
- Infrastructure Manager
- Application Manager
- Project Managers
- Infrastructure & Operations Teams
- Internal Auditors
External:
- Software vendors (various)
- Software & professional service providers
- User Groups
- External Auditors
Key Competencies
- Drive for Results – consistently focused on delivering successful outcomes and high standards of performance.
- Resilient – remains effective under pressure, overcoming challenges and obstacles with determination and composure.
- Detail-Oriented – demonstrates accuracy, structure and clarity in thinking, planning and execution.
- Flexible – able to adapt quickly to changing situations, priorities and diverse stakeholder needs.
- Supportive Leader – collaborates effectively, shares knowledge and empowers colleagues to succeed.
- Proactive – acts with urgency, takes initiative and moves work forward without unnecessary delay.
Key functional competencies and relevant experience
- 7-10+ years' experience in IT security or infrastructure security roles, with a proven track record of leading security teams and delivering large-scale security programmes.
- Demonstrated expertise in enterprise security architecture and operations, including SIEM, EDR, email security, cloud-security technologies and associated tooling.
- Strong hands-on knowledge of Azure Security and Microsoft 365 Security technologies, including Defender, Entra ID and Intune, with experience securing modern cloud-first environments.
- Experienced in managing incident response, from detection and assessment through to coordinated resolution and post-incident review.
- Solid background in networking and network-security principles, including firewalls, routing, threat prevention and secure connectivity.
- Proven experience delivering security solutions across geographically dispersed business units, ideally within a global or multi-region organisation.
- Demonstrated ability to manage external partners, including offshore/nearshore providers, MSSPs and specialist technology vendors.
- Strong understanding of leading security frameworks and standards, such as NIST-CSF and ISO 27001, and how to apply them in a business-focused environment.
- A confident people leader, capable of mentoring, developing and upskilling IT staff and building a culture of security awareness and accountability.
- Excellent communication skills, with the ability to translate complex security concepts to both technical and non-technical stakeholders.
- Relevant industry certifications such as CISSP, CISM or CCSP are highly desirable.
What's in it for you?
- Competitive salary plus bonus
- 25 days annual leave plus statutory bank holidays (plus the option to buy 5 more)
- Westfield health cash plan and 24/7 GP service
- Flexible working
- Free Optical vouchers
- Company pension scheme
- Life assurance
- Discounted products and services via Westfield Rewards
- Access to Employee Assistance Programmes
- Idea scheme including reward vouchers
- Cycle to work scheme plus a bicycle storage area
- Free parking plus EV Charging Points
- And so much more!
#J-18808-Ljbffr