Description

Security Lead

Location - London or Winchester with hybrid working as per departmental requirements (currently a MINIMUM of 40% (2 days per week)

LCP is an award-winning actuarial and analytics consultancy providing market-leading capabilities and advice across pensions and financial services, energy, health, and analytics.

We have an exciting opportunity to join LCP as a Security Lead and plays a significant role helping to shape the and direction for technical security across the firm LCP. This role combines people leadership, security governance, and senior technical oversight, ensuring that security controls, operations, and incident response are effective, proportionate, and aligned to business priorities. While the role draws on solid technical foundations, the main focus is on supportive leadership, clear assurance, and collaborative decision‑making rather than day‑to‑day engineering delivery.

What will you be doing?

The Security Lead acts as a trusted advisor to stakeholders, leads the technical security and operations capability, and ensures LCP remains resilient against evolving threats across physical infrastructure, cloud platforms, and third-party services. Your responsibilities will include:

• Security Leadership & Strategy
  • Support the Head of Infrastructure to drive the technical security strategy, and take accountability for its execution and ongoing effectiveness.
  • Ensuring alignment with business objectives, risk appetite, and regulatory requirements
  • Translate security risk into clear, actionable priorities for both technical and non-technical stakeholders
  • Provide authoritative security input into architectural decisions, major change initiatives, and transformation programmes
  • Act as the senior escalation point for complex or high-impact security risks and incidents
• People Management & Capability Development
  • Line manage and develop security engineers and analysts, setting clear objectives, expectations, and development plans
  • Build a high-performing, inclusive security team culture focused on continuous improvement and learning
  • Coach and mentor team members, balancing technical depth with professional growth
  • Ensure appropriate resourcing, skills coverage, and succession planning within the security function
• Security Operations & Assurance
  • Accountable for the effective operation of security controls across on-premise infrastructure, cloud environments, and SaaS platforms
  • Oversee threat detection, monitoring, and response activities, including management of the outsourced Security Operations Centre (SOC)
  • Ensure security incidents are managed effectively, with clear ownership, timely response, and post-incident learning
  • Define and track meaningful security metrics and reporting to demonstrate control effectiveness and risk posture
• Governance, Policy & Risk Management
  • Lead the development and continuous improvement of security policies, standards, and technical baselines
  • Ensure security controls are auditable, measurable, and aligned with internal governance and external compliance expectations
  • Partner closely with Information Security, Risk, Legal, and Compliance teams, providing technical security leadership and assurance while supporting second-line oversight and policy ownership
  • Define, track, and report meaningful security metrics that demonstrate control effectiveness, risk posture, and continuous improvement to senior stakeholders
• Technology & Continuous Improvement
  • Provide oversight of security tooling selection, lifecycle management, and cost optimisation
  • Champion automation and secure-by-design principles to reduce manual effort and improve consistency
  • Stay informed of emerging threats, technologies, and industry best practices, ensuring LCP adapts appropriately
  • Encourage security awareness and secure practices across engineering and technology teams
• Stakeholder Engagement
  • Build strong relationships across Technology, Infrastructure, Development, and the wider business
  • Act as a trusted security advisor to senior leaders and project teams
  • Communicate security risks, decisions, and incidents clearly, calmly, and proportionately

Skills and Experience:

• Proven experience in a senior infrastructure or security leadership or lead role, with responsibility for people management
• Ability to make technical decisions by managing levels of risk and complexity, recommending decisions as and when risk and complexity changes or increases
• Strong planning and organisational skills, including the ability to coordinate several work streams simultaneously, while balancing priorities and quality
• Excellent communication skills with a capacity to present, discuss and explain issues coherently and logically, both in writing and orally
• Ability to balance conflicting and changing demands through prioritisation and pragmatism
• Demonstrable experience influencing senior stakeholders and driving security outcomes across teams
• Strong background in modern infrastructure and cloud security (Microsoft Cloud, identity, networking, endpoints)
• Experience operating or overseeing security operations, incident response, and SOC capabilities
• Ability to balance security risk with business enablement in a pragmatic, proportionate way
• Strong hands-on experience with SIEM, SOAR, and modern threat detection tooling
• Extensive first-hand experience and knowledge of modern network infrastructure technologies
• Strong technical understanding of enterprise firewall and cloud networking technologies, with the ability to assure design decisions, challenge implementations, and provide authoritative security oversight
• Strong Azure and preferably AWS Skills
• Strong IaC Skills preferably on Terraform and Consul
• Strong OS Skills (Windows Desktop and, Windows Server)
• Strong Automation skills
• Experience of Cloudflare or similar
• Experience of managing IP based networks, WAN technologies, virtual server technologies, cloud, DHCP/DNS, and SAN/NAS storage technologies

What's in it for you?

Take a look at our Glassdoor and Career stories pages to see why our people love being here! As well as joining a multi-award winning, fun, collaborative, people first organisation where your personal and professional skills will be developed to make you the best you can be, we offer an attractive benefits package designed to promote your overall wellbeing so that you are able to perform to your full potential both in and out of work. Currently our core benefits package includes:

For you:

• Hybrid working (see top of the advert for details)
• Professional study support (where applicable)
• Access to our internal Wellbeing, LGBTQ+, Multicultural and Women's networks

For your family:

• Life assurance
• Income protection
• Enhanced maternity/paternity/adoption and shared parental leave

For your health:

• 26 days annual leave (pro-rata for part-time working) plus bank holidays (most of which can be taken flexibly!) with options to buy & sell holiday
• Private medical insurance
• Discounted gym memberships, critical illness and dental insurance through our flexible benefits
• Eye care vouchers
• Cycle to work scheme
• Digital GP services

For your wealth:

• Competitive pension scheme
• Discretionary bonus scheme
• High street discounts
• Season ticket loans

For others:

• Volunteering opportunities

For the environment:

• Electric vehicle salary sacrifice scheme (qualifying period applies)

And much more!

We continuously strive to build an inclusive workplace where all forms of diversity are valued, including age, background, disability, gender, gender identity, gender expression, race, religion or sexual orientation.

LCP is committed to making our opportunities accessible to all and would welcome you getting in touch to let us know if an adjustment can be made to help with your application. This may be extra time for assessments, pre-interview site visits, interview structure or questions, or asking us about building accessibility. Whatever it may be, please get in touch via our dedicated email address - accessibilityaware@lcp.uk.com to discuss how we can support you with your application.

Recruitment agencies

LCP operates a Preferred Supplier List (PSL) for recruitment agencies which is reviewed annually. We do not accept unsolicited CVs from agencies who are not part of our current PSL. LCP only pay agency fees where we have a signed agreement in place, and the agency has been instructed by a member of our recruitment team to supply CVs via the Applicant Tracking System (ATS) for a legitimate, open vacancy. If this process is not adhered to, LCP reserve the right to contact these candidates directly and have discussions with them without paying any agency fees. We do not pay agency fees when speculative and unsolicited CVs are submitted to any employee or Partner at LCP.