Cyber Security Manager, Risk

Together, we are working to welcome millions more passengers, while ensuring aviation can continue to be a force for good by leading global efforts in sustainability. At Heathrow, you can be part of this by providing solutions that make every journey better for millions each year. That means ensuring we meet the changing needs of the passengers, colleagues and partners who use our airport to work, travel, trade, shop, eat, explore and connect. Our Solutions team covers project management, process improvement, business change, technology, cyber defence, masterplanning, infrastructure and procurement. It brings together people with the skills to deliver prestigious and often large‑scale projects, from transforming terminals to making big reductions in our carbon emissions.

• Lead day‑to‑day cyber risk management, ensuring risks are identified, assessed, and managed effectively across the business.
• Develop and enhance risk management policies and standards, aligning with industry best practice and Heathrow's enterprise risk framework.
• Work closely with assurance teams to oversee compliance of key systems and drive corrective actions where needed.
• Engage with regulators and authorities, including the Civil Aviation Authority, to support Heathrow compliance with NIS Regulations and other cyber resilience requirements.
• Champion a culture of proactive risk management, driving continuous improvement and alignment with Heathrow's strategic goals.

• Degree‑educated (or equivalent experience) with experience in cyber risk management, ideally across IT and OT environments.
• Holds or working towards relevant certifications such as CISSP, CISM, C‑RISC, CISA, or ISO 27001 Lead Auditor/Implementor.
• Strong knowledge of information security controls, standards and frameworks, including ISO 27001, NIST, and NCSC CAF.
• Solid understanding of the UK cyber regulatory landscape, particularly the NIS Regulations 2018; aviation sector experience (e.g. CAP1753) advantageous.
• Experienced in applying risk management frameworks (e.g. ISO 27005, NIST RMF) within complex operational environments.
• Proven leadership and stakeholder management skills, able to collaborate effectively with both technical SMEs and senior executives.

There's something so special about working at the world's most iconic airport. It’s sights, sounds, and a constant air of excitement. Heathrow is an amazing backdrop to a career filled with unique opportunities and fresh possibilities. Join us on that journey and we'll help you achieve your ambitions.

We offer competitive salaries and excellent benefits, performance‑based annual bonuses, share‑in‑success bonus plans, generous annual leave, market‑leading pensions, family‑friendly policies, private health insurance, wellbeing tools, learning and development opportunities, and more.

Our hybrid working approach offers the opportunity for colleagues in some roles to work from home for an average of two days a week, providing flexibility while ensuring we deliver for the operational needs of Heathrow. Working arrangements will be confirmed during recruitment. Applicants must be based in the UK and within a commutable distance to Heathrow.

Heathrow's Sustainable Travel Guide sets out easy and sustainable travel options for everyone.

As an equal opportunities employer, we encourage applications from all. Heathrow celebrates diversity and champions inclusivity with five diversity networks.

Mid‑Senior level

Full‑time

Information Technology

Computer and Network Security