Title:  Attack Surface & IT Liaison Manager

We are excited to offer a fantastic opportunity for a Permanent Attack Surface and IT Liaison Manager.  Remote and can be based either, London, Birmingham or Liverpool.

HOURS OF WORK:  Monday to Friday, 37.5 Hours per week

Join our vibrant, inclusive community in Group IT and be responsible for leading visibility and oversight of Amey’s attack surface and ensuring that IT systems and suppliers operate securely and as intended across both corporate and restricted environments. The role strategically coordinates with IT teams, business unit technology teams, and vendors to monitor controls, identify vulnerabilities, and drive remediation activities. It also leads business wide cyber incident response efforts and ensures that technologies and processes are aligned with security expectations and client requirements. The role provides expert-level oversight of security tooling, vulnerability management, and operational security controls across the estate. The role requires regular travel to support relationship management, project kick-offs, technical and process design workshops, cross-functional team meetings, and engagements with external suppliers.

What you will do:

Strategy & Governance

• Lead visibility of Amey’s digital footprint and exposure across networks, cloud, and endpoints in both corporate and restricted environments globally.
• Define and maintain metrics for attack surface management and control effectiveness.
• Drive the development of operational security standards and procedures.
• Shape governance of IT-managed and Business led technology services and platforms.

Risk, Resilience & Assurance

• Strategically coordinate vulnerability scanning, threat monitoring, and remediation activities globally.
• Identify and escalate risks related to misconfigurations, unpatched systems, or insecure services.
• Provide expert input into risk assessments, project reviews, and client assurance responses.
• Lead technical assurance activities in collaboration with the BISO and Risk & Compliance Manager.

Architecture, Operations & Incident Response

• Guide IT teams, business unit technology teams, and suppliers to ensure security controls are implemented and operating effectively.
• Monitor security service performance and escalate issues where technologies or processes deviate from expectations.
• Lead cyber incident response activities in coordination with IT, business unit technology teams, and SOC partners, leadership, legal and corporate communications teams.
• Own and oversight security incident investigations, containment, and post-incident reviews.

Engagement & Enablement

• Collaborate with IT operations, infrastructure, service management, and business unit technology teams globally to embed security into operations.
• Provide strategic input into change management, service reviews, and platform upgrades.
• Represent security in operational forums and supplier engagements.
• Promote awareness of operational security risks and responsibilities.

Culture, People & Capability

• Lead development of operational security capabilities across IT teams and Business unit technology teams.
• Drive training and awareness for IT and business unit technology staff on secure operations and incident response.
• Act as a strategic liaison between security, IT, and business unit technology teams to ensure alignment on technical controls and priorities.

What you will bring:

• Proven experience in operational security, vulnerability management, or IT security oversight roles.
• Familiarity with restricted environments and client contract requirements.

• Experience leading cross-functional coordination with IT operations and infrastructure teams across both corporate and secure environments.
• Demonstrable experience working with Internationally distributed organisations and outsourced service providers.

• Strong understanding of technical security controls and operational risk.
• Ability to interpret vulnerability data and prioritise remediation.
• Skilled in coordinating across teams and managing third-party relationships.
• Ability to report and present operational security status clearly to both executive leadership and operating teams.
• Certifications in security operations or infrastructure security (e.g. CompTIA Security+, GIAC, CISSP) desirable.
• Degree or equivalent experience in information security, IT operations, or infrastructure.
• Must undergo, hold, and maintain Security Check (SC) clearance due to the sensitivity of information handled.

We welcome applications from a diverse range of candidates.

Why join Amey?

At Amey, we work on long-term stable contracts so you can plan a long-term career with us. We have been awarded Platinum status by Investors in People which underscores our commitment to supporting our people across every part of our organisation, enabling them to shine. Whether you are starting your career, returning to the workplace or can bring your professional expertise and skills, there is a place for you here.

Our benefits are designed to help you thrive at work and in your home life. You will have the flexibility to choose benefits and development opportunities that are best for you.

• Remuneration - Enjoy a competitive annual salary with the potential for yearly reviews to ensure you’re rewarded for your contributions plus Bonus
• Career Growth: Shine in your career with advancement opportunities
• Training Opportunities: Unlock your potential with comprehensive training, including fully funded leadership programs tailored to your personal growth.
• Holidays - Enjoy at least 25 days of holiday plus bank holidays, and the opportunity to buy further days.
• Pension - Generous pension scheme, with extra contributions from Amey
• Flexible benefits – Customise your benefits with options such as insurance benefits, Cycle2Work scheme and access to discounted gym membership.
• Exclusive Discounts - Access our online portal filled with discounts from leading retailers, healthcare services, and more, helping you save on the things that matter.
• Give Back to community - Two Social Impact Days each year, for volunteering and fundraising opportunities
• Family friendly policies for new parents or if you provide care for a dependant
• Membership of our Affinity Networks who connect, support and inspire diverse communities within Amey

About Amey

We are a leading provider of full life-cycle engineering, operations, and decarbonisation solutions, for transport infrastructure and complex facilities.

Our purpose is to deliver sustainable infrastructure solutions that enhance life and protect our shared future.

Every day our teams across the UK and internationally do truly important work shaping some of the most complex environments that impact generations to come.

To find out more visit our website amey.co.uk/careers

Application Guidance and Diversity & Inclusion

At Amey we constantly evolve how we work to reflect the different needs and backgrounds of our employees. We welcome applications from all suitably qualified candidates, regardless of their race, gender, disability, religion/belief, sexual orientation, or age. We believe everyone deserves an opportunity to shine.

As a disability confident leader, we’re proud to guarantee applicants with a disability an interview if they meet the minimum requirements for the role.

Please contact our recruitment team at peopleservices@amey.co.uk to discuss any access needs, reasonable adjustments or additional support that you may require at any point during the recruitment process.

Apply today

***We may close this vacancy early if we receive sufficient applications. Please apply as soon as possible***

Inspiring Impact Together

#LI-JH1