Security Program Manager Contractor

Abingdon, GB, OX14 3YP

Information Technology

Sophos makes IT security simple with next-generation solutions that protect networks, servers, and devices, wherever they are. Today, more than 100 million users in 150 countries and a global network of channel partners trust Sophos to deliver simple solutions to complex security challenges. Focused on innovation and backed by a global network of Sophos Labs threat intelligence centers and industry-leading support, Sophos delivers solutions that are simple to deploy, maintain, and manage, enabling organizations to focus on performance and growth. Sophos — Security made simple.

Job Purpose

The IT Cybersecurity Program Manager will be responsible for managing security reviews related to the company’s risk management process. As a security company, Sophos takes its own security very importantly and has an internal IT Security team which focuses on protecting Sophos’ own systems and infrastructure. This role is for a cybersecurity program manager to join this team, reporting into the Security and Risk Manager. This a great opportunity to help secure a world-leading security company. As you would expect you will be joining an organization that takes security seriously. You will get the opportunity to work with some world-leading experts from across the company in a fast-paced & exciting environment where security is a priority.


Main Duties

  • Project manage and plan the work of cross-functional teams on cybersecurity remediation & compliance projects
  • Support security architecture review program
  • Manage multiple medium to large projects simultaneously (large project equivalent to 9+ months in duration, with budgets exceeding $1million and teams of 20+ individuals)
  • Provide overall program leadership, guidance and management of requirements and scope
  • Know and use multiple project management and software development methodologies as appropriate to the projects
  • Champion the project management methodology within Sophos and contribute to continuous improvement
  • Build effective relationships with senior level management throughout IT and the business
  • Track remediation of security review issues noted in the remediation reports
  • Communicate risk assessment findings to relevant stakeholders outside the security team
  • Occasionally required to be available out of hours
  • Works closely with Engineering and the IT team.
  • Advices managers and teams across the business on security risk and compliance.
  • Reports to the Senior Manager of Strategy and Risk.


Skills & Experience


  • Educated to bachelor’s degree level
  • Security-related professional certification (CISSP, etc) Project Management certification (PMI, etc) (desirable)
  • Expertise in IT security risk management in a business context with practical experience developing and implementing appropriate mitigation strategies.
  • Knowledge of Sophos products. (desirable)
  • At least 5 years’ experience in a senior security role.
  • Experience working in a global environment. (desirable)
  • Strong interpersonal skills.
  • Ability to handle complexity and innovate.
  • Strong project management and organizational skills.
  • Ability to work in a fast-paced, rapidly evolving company environment and drive results.
  • Excellent communication, presentation, and interpersonal skills – ability to communicate across and up the organization including internal communication to gain buy-in on security strategy.






Equal Opportunities


Sophos is committed to equality opportunity in all areas of its work. All qualified applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, marital status, race, religion, colour, age, disability or sexual orientation.


If you choose to explore this opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our data protection policy which can be found here and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos.  If you would like Sophos to delete or update your details at any time, please reply to this or other emails from Sophos clearly stating your request, or follow the steps set out in the data protection policy describing your individual rights.

At Sophos, we want every organization to be protected by innovative, next-generation IT security, even those who don't have a huge IT staff. We protect organizations of all sizes, all around the world by making enterprise-grade security that is simple to deploy, manage, and use. It is our passion, and something we are truly proud of.