Job Description

Job Title: Cloud Security Posture & Vulnerability Manager

Contract Type: Permanent

Location: Edinburgh / Alderley

Working style: Hybrid 50% home/office based

Closing date: 6th March 2026

Intro

The Cloud Security Posture & Vulnerability Manager plays a pivotal role in ensuring Royal London’s cloud environments remain secure, resilient, and compliant. You will lead Royal London’s approach to cloud security configuration baselines, policy‑as‑code, continuous monitoring, vulnerability triage and prioritisation, and risk‑based remediation. Working closely with engineering, platform and architecture teams, you will embed cloud security controls into DevOps workflows, reduce configuration drift and privilege debt, and ensure alignment to industry frameworks (Mitre, NIST, CIS).

This hands-on role demands expertise in cloud security, strong collaboration, and the ability to operate in a data‑driven, multi‑cloud environment. You will influence the evolution of our cloud security programme, drive automation, support incident response, and ensure audit‑ready evidence across all cloud security domains.

About the role

· Own and drive the multi‑cloud CSPM strategy, including standards, guardrails, baselines and policy‑as‑code aligned to cyber security benchmarks.

· Manage cloud misconfiguration detection, automated reporting, and controls assurance across Azure and AWS.

· Establish and oversee the enterprise vulnerability lifecycle for cloud services, VMs, containers, and serverless workloads.

· Triage and prioritise vulnerabilities using CVSS or vendor scoring; coordinate remediation with engineering teams and ensure adherence to patching SLAs.

· Develop CIEM controls to reduce privilege debt, enforce least‑privilege principles, detect toxic combinations, and strengthen identity‑related risk posture.

· Provide cloud security consultancy, including architecture reviews, Terraform/IaC analysis, and threat modelling using structured frameworks (e.g. Mitre).

· Develop automation for drift detection, vulnerability scanning, remediation, and compliance evidence.

· Partner with engineering and platform teams to embed cloud security in CI/CD workflows.

· Support incident response, threat analysis and the evolution of cloud security governance, monitoring and reporting.

· Contribute to the development of cloud security policies, maturity roadmaps, and best‑practice guidance.

About you

· Proven experience in cloud security across Azure and AWS, including CSPM, CIEM, vulnerability management and secure software development practices.

· Certifications such as CCSP, Azure Security Engineer Associate, AWS Security Specialty, GIAC Cloud Security Automation or CISM are highly desirable.

· Experience of TenableOne, Wiz, Sentinel One or Similar CSPM tooling.

· Strong understanding of security frameworks and standards (Mitre, ISO 27001, NIST, CIS).

· Experience with CI/CD, Infrastructure‑as‑Code, container security and serverless architectures.

· Deep knowledge of cyber security and operational resilience trends, technologies and regulatory requirements, ideally within financial services.

· Excellent communication, influencing and leadership skills, with the ability to translate complex security concepts to technical and non‑technical stakeholders.

· Strong strategic thinking coupled with the ability to understand technical detail.

· Highly proactive mindset, strong stakeholder management, and proven ability to drive continuous improvement.

· Experience working cross‑functionally with engineering, architecture, suppliers and partners.

· Ability to perform under pressure, maintain professionalism, and support the organisation during high‑severity incidents.

About Royal London

We’re the UK’s largest mutual life, pensions and investment company, offering protection, long‑term savings and asset management products and services. Our People Promise to our colleagues is that we will all work somewhere inclusive, responsible, enjoyable and fulfilling. This is underpinned by our Spirit of Royal London values; Empowered, Trustworthy, Collaborate, Achieve. We've always been proud to reward employees by offering great workplace benefits such as 28 days annual leave in addition to bank holidays, an up to 14% employer matching pension scheme and private medical insurance.

Inclusion, diversity and belonging

We’re an Inclusive employer. We celebrate and value different backgrounds and cultures across Royal London.

Provider	Description	Enabled
Vimeo	Vimeo is a video hosting, sharing and services platform focused on the delivery of video. Opting out of Vimeo cookies will disable your ability to watch or interact with Vimeo videos. Cookie Policy Privacy Policy Terms and Conditions
YouTube	YouTube is a video-sharing service where users can create their own profile, upload videos, watch, like and comment on videos. Opting out of YouTube cookies will disable your ability to watch or interact with YouTube videos. Cookie Policy Privacy Policy Terms and Conditions

Provider	Description	Enabled
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions
Google Tag Manager	Google Tag Manager is a tag management system for conversion tracking, site analytics, remarketing and more. Privacy Policy Terms and Conditions
Google Analytics	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions

“It feels good to have a career with real purpose.”

Job Title: Cloud Security Posture & Vulnerability Manager

Intro

About the role

· Own and drive the multi‑cloud CSPM strategy, including standards, guardrails, baselines and policy‑as‑code aligned to cyber security benchmarks.

· Manage cloud misconfiguration detection, automated reporting, and controls assurance across Azure and AWS.

· Establish and oversee the enterprise vulnerability lifecycle for cloud services, VMs, containers, and serverless workloads.

· Triage and prioritise vulnerabilities using CVSS or vendor scoring; coordinate remediation with engineering teams and ensure adherence to patching SLAs.

· Develop CIEM controls to reduce privilege debt, enforce least‑privilege principles, detect toxic combinations, and strengthen identity‑related risk posture.

· Provide cloud security consultancy, including architecture reviews, Terraform/IaC analysis, and threat modelling using structured frameworks (e.g. Mitre).

· Develop automation for drift detection, vulnerability scanning, remediation, and compliance evidence.

· Partner with engineering and platform teams to embed cloud security in CI/CD workflows.

· Support incident response, threat analysis and the evolution of cloud security governance, monitoring and reporting.

· Contribute to the development of cloud security policies, maturity roadmaps, and best‑practice guidance.

About you

· Proven experience in cloud security across Azure and AWS, including CSPM, CIEM, vulnerability management and secure software development practices.

· Certifications such as CCSP, Azure Security Engineer Associate, AWS Security Specialty, GIAC Cloud Security Automation or CISM are highly desirable.

· Experience of TenableOne, Wiz, Sentinel One or Similar CSPM tooling.

· Strong understanding of security frameworks and standards (Mitre, ISO 27001, NIST, CIS).

· Experience with CI/CD, Infrastructure‑as‑Code, container security and serverless architectures.

· Deep knowledge of cyber security and operational resilience trends, technologies and regulatory requirements, ideally within financial services.

· Excellent communication, influencing and leadership skills, with the ability to translate complex security concepts to technical and non‑technical stakeholders.

· Strong strategic thinking coupled with the ability to understand technical detail.

· Highly proactive mindset, strong stakeholder management, and proven ability to drive continuous improvement.

· Experience working cross‑functionally with engineering, architecture, suppliers and partners.

· Ability to perform under pressure, maintain professionalism, and support the organisation during high‑severity incidents.

About Royal London

Inclusion, diversity and belonging

Our benefits | Inclusion, diversity and belonging | Our People Promise

Our benefits

Inclusion, diversity and belonging

Our People Promise