Group Cyber Security Specialist

Department: IT & Change

Employment Type: Permanent - Full Time

Location: Manchester, UK

The Group Information Security Team (GIST) is a centralised, highly visible, and responsive function enabling Arrow Global Group and its 20+ Group companies across investment, capital management, real estate, and hospitality sectors to operate securely.

The Group Cyber Security Specialist plays a critical hands‑on role in delivering and maintaining core security controls while supporting both BAU/SOC activities and project delivery across the organisation. This position works closely with Group and Business Unit (BU) technology teams, providing expert security guidance, ensuring strong control operation, and strengthening our overall cyber resilience.

• Act as the Group cyber security SME for projects across multiple business units, providing early engagement, risk identification, and secure‑by‑design guidance.
• Review and challenge solution designs to ensure security controls are embedded from the outset and aligned with Group policies and architectural standards.
• Validate that new systems, applications, integrations, and third‑party suppliers meet Group security and assurance requirements.
• Partner with the Group Cyber Architect to ensure implementations align with strategic roadmaps, security patterns, and target architectures.
• Monitor, triage, and respond to SOC/MSSP alerts, supporting threat analysis, incident investigations, and remediation planning.
• Analyse operational security events to identify recurring issues and proactively drive control improvements and SOC maturity.
• Own and enhance security runbooks, detection rules, and BAU processes to strengthen response capability and reduce false positives.
• Manage the end‑to‑end vulnerability management lifecycle, including scanning, prioritisation, reporting, and stakeholder engagement.
• Identify systemic vulnerability trends, provide technical remediation guidance, and drive SLA‑based remediation with BU IT teams.
• Coordinate and manage third‑party penetration testing activities, from scoping through to remediation and closure of findings.
• Support Group assurance, compliance, and audit activities, contributing to continuous improvement against internal and external standards.
• Proactively monitor emerging threats and regulatory expectations, recommending improvements to tooling, automation, and Group security controls to uplift cyber maturity.

Proven experience in a technical cyber security, SOC, or security engineering role within complex environments.

Strong hands‑on experience with core security tooling, including EDR, SIEM, Secure Email, Secure Web, CASB, and vulnerability management platforms.

Solid understanding of incident response lifecycle, threat investigation techniques, and operational security processes.

Proven experience supporting multi‑business‑unit, federated, or decentralised IT environments.

Working knowledge of cloud security principles across Azure and AWS environments.

Ability to manage multiple priorities across BAU operations, security incidents, and project delivery.

Strong analytical capability with excellent written and verbal communication and documentation skills.

Experience driving security remediation and working effectively with IT teams and managed service providers.

Familiarity with security frameworks and regulatory expectations (e.g. ISO 27001, NIST CSF, FCA or equivalent).

Exposure to regulated industries such as financial services, private credit, or real estate is advantageous.

Relevant security certifications (e.g. Security+, SSCP, CySA+) with intent to pursue advanced certifications (CISSP, CISM, GIAC, or Microsoft SC‑series).

Confident stakeholder engagement skills, including the ability to influence, present risk, and communicate effectively with technical and non‑technical audiences across geographies.