Hybrid Cyber Security Manager, Threat Management bei Heathrow Airport Limited
Heathrow Airport Limited · London, Vereinigtes Königreich · Hybrid
- Professional
- Optionales Büro in London
At Heathrow, the safety and security of our passengers and operations is our top priority. We’re looking for a Cyber Security Manager – Threat Management to help lead our threat defence capabilities, protect our digital and operational environments, and contribute to the UK’s critical national infrastructure.
This is a unique opportunity to play a key leadership role in our Cyber Security function, supporting the development and delivery of our cyber strategy while managing a team of high-performing Cyber Security Analysts.
Responsibilities
- Lead and develop a team of Cyber Security Analysts to detect, defend, and respond to cyber threats across IT and OT environments.
- Own and improve cyber security controls, tools, and monitoring capabilities aligned with frameworks such as ISO 27001, NIST, and Cyber Assessment Framework (CAF).
- Report on cyber threats, risks, vulnerabilities, and controls to both internal stakeholders and external auditors, regulators, and assurance bodies (e.g. CAA ASSURE, PCI-DSS, GDPR).
- Support the creation and maintenance of security roadmaps, policies, and frameworks that underpin Heathrow’s cyber security strategy and compliance obligations.
- Collaborate with teams across Technology, Data Protection, Corporate Risk, Security Intelligence, and Operations to drive cyber maturity.
- Lead cyber transformation initiatives and ensure compliance with regulatory, legislative, and contractual requirements.
Qualifications
- Proven experience in Cyber Security management within complex, regulated environments.
- Strong knowledge of threat management tools and practices, with hands-on experience applying frameworks such as ISO 27001, NIST SP-800.
- Expertise in risk management, vulnerability management, and security governance.
- Familiarity with compliance regimes such as PCI-DSS, GDPR, and sector-specific oversight like the CAA Cyber Oversight (CAP 1753) or NIS Directive.
- Skilled in translating technical threats and controls into business-relevant insights for senior stakeholders.
- Certifications such as CISM, CISSP, CRISC, GSEC, or equivalent are highly desirable.
- Desirable: Experience in Critical National Infrastructure, Operational Technology (OT) Security, and Microsoft security tools (e.g., Sentinel, Defender).
